Edit tour

Windows Analysis Report
ddySsHnC6l.exe

Overview

General Information

Sample name:	ddySsHnC6l.exe renamed because original name is a hash value
Original sample name:	dbf748514eb0fc59b54eec27da278552.exe
Analysis ID:	1578949
MD5:	dbf748514eb0fc59b54eec27da278552
SHA1:	560c98e2a75723a0197b6ae15a2e80722780f833
SHA256:	652153f3fa503f2195eba2b5a62ac610183e2e1eda924e9a54601b919414642f
Tags:	exeLummaStealeruser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

ddySsHnC6l.exe (PID: 7488 cmdline: "C:\Users\user\Desktop\ddySsHnC6l.exe" MD5: DBF748514EB0FC59B54EEC27DA278552)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["sustainskelet.lat", "necklacebudi.lat", "crosshuaht.lat", "aspecteirs.lat", "rapeflowwj.lat", "energyaffai.lat", "discokeyus.lat", "sweepyribs.lat", "grannyejh.lat"], "Build id": "H9V--"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T17:01:49.431080+0100	2028371	3	Unknown Traffic	192.168.2.7	49704	172.67.197.170	443	TCP
2024-12-20T17:01:51.364983+0100	2028371	3	Unknown Traffic	192.168.2.7	49710	172.67.197.170	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T17:01:50.202272+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49704	172.67.197.170	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T17:01:50.202272+0100	2049836	1	A Network Trojan was detected	192.168.2.7	49704	172.67.197.170	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T17:01:49.431080+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.7	49704	172.67.197.170	443	TCP
2024-12-20T17:01:51.364983+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.7	49710	172.67.197.170	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T17:01:48.010227+0100	2058360	1	Domain Observed Used for C2 Detected	192.168.2.7	55919	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T17:01:47.671765+0100	2058364	1	Domain Observed Used for C2 Detected	192.168.2.7	50133	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T17:01:47.417204+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.7	62069	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ddySsHnC6l.exe

Avira: detected

Found malware configuration

Source: ddySsHnC6l.exe.7488.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["sustainskelet.lat", "necklacebudi.lat", "crosshuaht.lat", "aspecteirs.lat", "rapeflowwj.lat", "energyaffai.lat", "discokeyus.lat", "sweepyribs.lat", "grannyejh.lat"], "Build id": "H9V--"}

Multi AV Scanner detection for submitted file

Source: ddySsHnC6l.exe

ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: ddySsHnC6l.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: rapeflowwj.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: crosshuaht.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: sustainskelet.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: aspecteirs.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: energyaffai.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: necklacebudi.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: discokeyus.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: grannyejh.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: sweepyribs.lat
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Source: ddySsHnC6l.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.197.170:443 -> 192.168.2.7:49704 version: TLS 1.2

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]	0_2_00A5C767
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov edx, ecx	0_2_00A29C4A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ebx, esi	0_2_00A42190
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [ebx], cx	0_2_00A42190
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00A42190
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]	0_2_00A36263
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then jmp dword ptr [00A6450Ch]	0_2_00A38591
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h	0_2_00A585E0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then jmp eax	0_2_00A585E0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov eax, dword ptr [00A6473Ch]	0_2_00A3C653
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]	0_2_00A3E7C0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00A4A700
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ebx, edx	0_2_00A2C8B6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+4B6A4A26h]	0_2_00A2C8B6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00A3682D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]	0_2_00A3682D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]	0_2_00A3682D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov edx, ecx	0_2_00A58810
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh	0_2_00A58810
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh	0_2_00A58810
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then test eax, eax	0_2_00A58810
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then push ebx	0_2_00A5CA93
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00A4CAD0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00A4CA49
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00A46B95
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00A4CB22
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00A4CB11
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A48B61
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A3CB40
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00A3CB40
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	0_2_00A5ECA0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov eax, dword ptr [ebp-68h]	0_2_00A48D93
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ecx, eax	0_2_00A5AEC0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	0_2_00A5EFB0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then xor byte ptr [esp+eax+17h], al	0_2_00A28F50
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00A28F50
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then push C0BFD6CCh	0_2_00A43086
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then push C0BFD6CCh	0_2_00A43086
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h	0_2_00A5B1D0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ebx, eax	0_2_00A5B1D0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00A491DD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	0_2_00A491DD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00A4B170
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [ebx], ax	0_2_00A3B2E0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]	0_2_00A35220
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	0_2_00A37380
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h	0_2_00A3D380
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	0_2_00A5F330
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00A274F0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00A274F0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00A491DD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	0_2_00A491DD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	0_2_00A37380
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00A55450
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ecx, eax	0_2_00A29580
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [ebp+00h], ax	0_2_00A29580
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then xor edi, edi	0_2_00A3759F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov esi, eax	0_2_00A35799
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ecx, eax	0_2_00A35799
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx eax, word ptr [edx]	0_2_00A397C2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [edi], dx	0_2_00A397C2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00A397C2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then lea edx, dword ptr [ecx+01h]	0_2_00A2B70C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov word ptr [ecx], bp	0_2_00A3D83A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]	0_2_00A43860
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then jmp eax	0_2_00A4984F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ebx, eax	0_2_00A25990
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ebp, eax	0_2_00A25990
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000080h]	0_2_00A379C1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then push esi	0_2_00A47AD3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00A4DA53
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ebx, eax	0_2_00A2DBD9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ebx, eax	0_2_00A2DBD9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then push 00000000h	0_2_00A49C2B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]	0_2_00A37DEE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then jmp dword ptr [00A655F4h]	0_2_00A45E30
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov edx, ebp	0_2_00A45E70
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov ecx, ebx	0_2_00A4DFE9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then jmp ecx	0_2_00A2BFFD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov eax, dword ptr [ebx+edi+44h]	0_2_00A39F30
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00A3BF14

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.7:55919 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.7:49710 -> 172.67.197.170:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.7:49704 -> 172.67.197.170:443
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.7:62069 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.7:50133 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49704 -> 172.67.197.170:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49704 -> 172.67.197.170:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: rapeflowwj.lat
Source: Malware configuration extractor	URLs: energyaffai.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	URLs: sweepyribs.lat
Source: Malware configuration extractor	URLs: grannyejh.lat

Source: Joe Sandbox View

IP Address: 172.67.197.170 172.67.197.170

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49704 -> 172.67.197.170:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49710 -> 172.67.197.170:443

Source: global traffic

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: discokeyus.lat

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic	DNS traffic detected: DNS query: discokeyus.lat

Source: unknown

Source: ddySsHnC6l.exe, 00000000.00000003.1392306103.000000000151D000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: ddySsHnC6l.exe, 00000000.00000003.1393494316.00000000014B2000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395097108.000000000146E000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395199886.00000000014B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/
Source: ddySsHnC6l.exe, 00000000.00000003.1392943453.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395252073.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/7
Source: ddySsHnC6l.exe, 00000000.00000002.1395252073.00000000014CB000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1392943453.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/:
Source: ddySsHnC6l.exe, 00000000.00000002.1395097108.000000000146E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/A
Source: ddySsHnC6l.exe, 00000000.00000003.1392306103.0000000001526000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1392943453.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395252073.00000000014CB000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395252073.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1392943453.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/api

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 172.67.197.170:443 -> 192.168.2.7:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: ddySsHnC6l.exe	Static PE information: section name:
Source: ddySsHnC6l.exe	Static PE information: section name: .idata
Source: ddySsHnC6l.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A28850	0_2_00A28850
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACC0BA	0_2_00ACC0BA
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD20BB	0_2_00AD20BB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B760A9	0_2_00B760A9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5C09D	0_2_00B5C09D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B16089	0_2_00B16089
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B040FA	0_2_00B040FA
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6C0E7	0_2_00B6C0E7
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB80F8	0_2_00AB80F8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAE0F5	0_2_00AAE0F5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B640D0	0_2_00B640D0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B24032	0_2_00B24032
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B54018	0_2_00B54018
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB601C	0_2_00AB601C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A88013	0_2_00A88013
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC0017	0_2_00AC0017
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA806F	0_2_00AA806F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3C060	0_2_00B3C060
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8E071	0_2_00A8E071
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD6040	0_2_00AD6040
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B34044	0_2_00B34044
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB4056	0_2_00AB4056
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B441A5	0_2_00B441A5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6A1A1	0_2_00B6A1A1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B38196	0_2_00B38196
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A42190	0_2_00A42190
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5218D	0_2_00B5218D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE8195	0_2_00AE8195
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2C1F1	0_2_00B2C1F1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC61F8	0_2_00AC61F8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A441C0	0_2_00A441C0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE21C7	0_2_00AE21C7
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACE1D5	0_2_00ACE1D5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC212C	0_2_00AC212C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE413F	0_2_00AE413F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B26123	0_2_00B26123
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B20110	0_2_00B20110
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B40104	0_2_00B40104
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABA167	0_2_00ABA167
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B28163	0_2_00B28163
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B22165	0_2_00B22165
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0C140	0_2_00B0C140
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B142B0	0_2_00B142B0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B562B4	0_2_00B562B4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7C2B5	0_2_00B7C2B5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B482B9	0_2_00B482B9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A26280	0_2_00A26280
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B58296	0_2_00B58296
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF0285	0_2_00AF0285
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A3E290	0_2_00A3E290
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC429F	0_2_00AC429F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B662FF	0_2_00B662FF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFA2F5	0_2_00AFA2F5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD22C7	0_2_00AD22C7
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4C2DF	0_2_00B4C2DF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7A2C6	0_2_00B7A2C6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A88220	0_2_00A88220
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0E222	0_2_00B0E222
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE623A	0_2_00AE623A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0A21A	0_2_00B0A21A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A36263	0_2_00A36263
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B72276	0_2_00B72276
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3227F	0_2_00B3227F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2E252	0_2_00B2E252
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4A254	0_2_00B4A254
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8224B	0_2_00A8224B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB024E	0_2_00AB024E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2A257	0_2_00B2A257
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE0244	0_2_00AE0244
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF6243	0_2_00AF6243
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3E242	0_2_00B3E242
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AEE25D	0_2_00AEE25D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4E24F	0_2_00B4E24F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6224D	0_2_00B6224D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A98254	0_2_00A98254
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1224C	0_2_00B1224C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A983BE	0_2_00A983BE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A44380	0_2_00A44380
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF8383	0_2_00AF8383
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00BE038F	0_2_00BE038F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B743F0	0_2_00B743F0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABE3E1	0_2_00ABE3E1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4C3FC	0_2_00A4C3FC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A823F3	0_2_00A823F3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00BEA3D2	0_2_00BEA3D2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A24320	0_2_00A24320
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B50331	0_2_00B50331
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A28330	0_2_00A28330
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC833A	0_2_00AC833A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AEA339	0_2_00AEA339
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4A33F	0_2_00A4A33F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4830D	0_2_00A4830D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9631B	0_2_00A9631B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1C367	0_2_00B1C367
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7835B	0_2_00B7835B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB2344	0_2_00AB2344
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD24B8	0_2_00AD24B8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB04B1	0_2_00AB04B1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD64B0	0_2_00AD64B0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B224AC	0_2_00B224AC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B64491	0_2_00B64491
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA64E3	0_2_00AA64E3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB84E2	0_2_00AB84E2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACC4E2	0_2_00ACC4E2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABC4FC	0_2_00ABC4FC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADE4F6	0_2_00ADE4F6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B204D7	0_2_00B204D7
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC04DB	0_2_00AC04DB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B444C3	0_2_00B444C3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD04D7	0_2_00AD04D7
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B004CF	0_2_00B004CF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB4432	0_2_00AB4432
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6A410	0_2_00B6A410
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8A411	0_2_00A8A411
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B12462	0_2_00B12462
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3446C	0_2_00B3446C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADC442	0_2_00ADC442
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB6455	0_2_00AB6455
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1E5B8	0_2_00B1E5B8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0E5AA	0_2_00B0E5AA
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B405FC	0_2_00B405FC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B605FB	0_2_00B605FB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B545E4	0_2_00B545E4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B725E6	0_2_00B725E6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC65FF	0_2_00AC65FF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB25F1	0_2_00AB25F1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5E5DC	0_2_00B5E5DC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A925DC	0_2_00A925DC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B04534	0_2_00B04534
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9E525	0_2_00A9E525
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A80526	0_2_00A80526
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFC539	0_2_00AFC539
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0A52C	0_2_00B0A52C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5451F	0_2_00B5451F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A42510	0_2_00A42510
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAE51C	0_2_00AAE51C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AEC569	0_2_00AEC569
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7657E	0_2_00B7657E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2656E	0_2_00B2656E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2456F	0_2_00B2456F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B52544	0_2_00B52544
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB66A7	0_2_00AB66A7
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD06A2	0_2_00AD06A2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE86B6	0_2_00AE86B6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABC683	0_2_00ABC683
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC2680	0_2_00AC2680
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1269D	0_2_00B1269D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4E687	0_2_00B4E687
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE66FB	0_2_00AE66FB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0C6E9	0_2_00B0C6E9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B626EA	0_2_00B626EA
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A866F5	0_2_00A866F5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAA6C8	0_2_00AAA6C8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A486C0	0_2_00A486C0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADA6C5	0_2_00ADA6C5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5A6D8	0_2_00B5A6D8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB06C5	0_2_00AB06C5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A466D0	0_2_00A466D0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC46D3	0_2_00AC46D3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE062D	0_2_00AE062D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A86620	0_2_00A86620
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF4622	0_2_00AF4622
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B50624	0_2_00B50624
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4A621	0_2_00B4A621
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A94630	0_2_00A94630
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6C617	0_2_00B6C617
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B02612	0_2_00B02612
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7E610	0_2_00B7E610
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3E675	0_2_00B3E675
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD6662	0_2_00AD6662
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A96675	0_2_00A96675
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B06649	0_2_00B06649
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD4656	0_2_00AD4656
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACA650	0_2_00ACA650
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4C64A	0_2_00B4C64A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5664B	0_2_00B5664B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B647B8	0_2_00B647B8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AEA7A1	0_2_00AEA7A1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A2A780	0_2_00A2A780
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7079F	0_2_00B7079F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A38792	0_2_00A38792
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF879D	0_2_00AF879D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B56789	0_2_00B56789
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A987F9	0_2_00A987F9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC87F4	0_2_00AC87F4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B527E8	0_2_00B527E8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A3E7C0	0_2_00A3E7C0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7C736	0_2_00B7C736
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFE722	0_2_00AFE722
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2A726	0_2_00B2A726
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFA702	0_2_00AFA702
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A26710	0_2_00A26710
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADC719	0_2_00ADC719
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8C77F	0_2_00A8C77F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8A748	0_2_00A8A748
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB8748	0_2_00AB8748
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B78742	0_2_00B78742
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B228B3	0_2_00B228B3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B088B2	0_2_00B088B2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B368B9	0_2_00B368B9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFC8A3	0_2_00AFC8A3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA68A4	0_2_00AA68A4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A2C8B6	0_2_00A2C8B6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00BDE8A6	0_2_00BDE8A6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B24897	0_2_00B24897
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB4880	0_2_00AB4880
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A88885	0_2_00A88885
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5C8E0	0_2_00B5C8E0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE48F1	0_2_00AE48F1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A488CB	0_2_00A488CB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A988DF	0_2_00A988DF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A3682D	0_2_00A3682D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A80809	0_2_00A80809
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7A810	0_2_00B7A810
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A58810	0_2_00A58810
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABE810	0_2_00ABE810
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD886F	0_2_00AD886F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B58871	0_2_00B58871
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8284B	0_2_00A8284B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5A85D	0_2_00B5A85D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4E845	0_2_00B4E845
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B04847	0_2_00B04847
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B76998	0_2_00B76998
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4A9EA	0_2_00B4A9EA
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD49C2	0_2_00AD49C2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00BD49CC	0_2_00BD49CC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACC924	0_2_00ACC924
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0292A	0_2_00B0292A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A40939	0_2_00A40939
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACA933	0_2_00ACA933
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B78917	0_2_00B78917
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA4900	0_2_00AA4900
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1C909	0_2_00B1C909
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA0913	0_2_00AA0913
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD2912	0_2_00AD2912
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00BE8975	0_2_00BE8975
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2697D	0_2_00B2697D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A50940	0_2_00A50940
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAE95F	0_2_00AAE95F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4694F	0_2_00B4694F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA4AAE	0_2_00AA4AAE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB6AA3	0_2_00AB6AA3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABAAA1	0_2_00ABAAA1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B38AA7	0_2_00B38AA7
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE8AB1	0_2_00AE8AB1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0AA90	0_2_00B0AA90
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B12A90	0_2_00B12A90
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B18A99	0_2_00B18A99
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC0A92	0_2_00AC0A92
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF8AEC	0_2_00AF8AEC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC6AE3	0_2_00AC6AE3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B44AC6	0_2_00B44AC6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4CAD0	0_2_00A4CAD0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF4AD1	0_2_00AF4AD1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A96A2A	0_2_00A96A2A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABCA26	0_2_00ABCA26
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5EA21	0_2_00B5EA21
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B40A10	0_2_00B40A10
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9AA07	0_2_00A9AA07
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A2EA10	0_2_00A2EA10
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2EA05	0_2_00B2EA05
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0EA0E	0_2_00B0EA0E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADAA6E	0_2_00ADAA6E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACEA4F	0_2_00ACEA4F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4CA49	0_2_00A4CA49
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AEEA5A	0_2_00AEEA5A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8EBB4	0_2_00A8EBB4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA2B83	0_2_00AA2B83
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B42BF4	0_2_00B42BF4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF2BE3	0_2_00AF2BE3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6ABCC	0_2_00B6ABCC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9CB2C	0_2_00A9CB2C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4CB22	0_2_00A4CB22
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE6B26	0_2_00AE6B26
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A90B22	0_2_00A90B22
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC4B3B	0_2_00AC4B3B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B06B17	0_2_00B06B17
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD6B07	0_2_00AD6B07
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A56B08	0_2_00A56B08
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4CB11	0_2_00A4CB11
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AECB6D	0_2_00AECB6D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B60B7D	0_2_00B60B7D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B48B78	0_2_00B48B78
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B14B7F	0_2_00B14B7F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B50B66	0_2_00B50B66
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A3CB40	0_2_00A3CB40
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFAB44	0_2_00AFAB44
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7CB5C	0_2_00B7CB5C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A46B50	0_2_00A46B50
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A5ECA0	0_2_00A5ECA0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B38CB9	0_2_00B38CB9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2CCBD	0_2_00B2CCBD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2AC94	0_2_00B2AC94
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1CC81	0_2_00B1CC81
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4AC90	0_2_00A4AC90
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC2C90	0_2_00AC2C90
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B34C8F	0_2_00B34C8F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADECE6	0_2_00ADECE6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A2ACF0	0_2_00A2ACF0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B62CE4	0_2_00B62CE4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFECFB	0_2_00AFECFB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8ECF0	0_2_00A8ECF0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8AC2E	0_2_00A8AC2E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A88C22	0_2_00A88C22
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AACC21	0_2_00AACC21
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AEEC25	0_2_00AEEC25
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAAC24	0_2_00AAAC24
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B52C23	0_2_00B52C23
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB4C09	0_2_00AB4C09
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE8C05	0_2_00AE8C05
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACAC1C	0_2_00ACAC1C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B04C00	0_2_00B04C00
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3EC0B	0_2_00B3EC0B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABEC12	0_2_00ABEC12
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A24C60	0_2_00A24C60
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B30C7C	0_2_00B30C7C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9EC7E	0_2_00A9EC7E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA0C75	0_2_00AA0C75
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B58C5E	0_2_00B58C5E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AACDAF	0_2_00AACDAF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0EDBF	0_2_00B0EDBF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B52D93	0_2_00B52D93
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAED87	0_2_00AAED87
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABAD9B	0_2_00ABAD9B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC0D9C	0_2_00AC0D9C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B22D8A	0_2_00B22D8A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD8DFF	0_2_00AD8DFF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8CDFD	0_2_00A8CDFD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B36DD8	0_2_00B36DD8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACEDC0	0_2_00ACEDC0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B04DCB	0_2_00B04DCB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B20DCF	0_2_00B20DCF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B26D30	0_2_00B26D30
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1ED34	0_2_00B1ED34
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1AD29	0_2_00B1AD29
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B46D17	0_2_00B46D17
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE4D09	0_2_00AE4D09
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00BE6D16	0_2_00BE6D16
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA6D11	0_2_00AA6D11
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2ED09	0_2_00B2ED09
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00BDCD66	0_2_00BDCD66
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB0D70	0_2_00AB0D70
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADCD4F	0_2_00ADCD4F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A2CD46	0_2_00A2CD46
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B66D53	0_2_00B66D53
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A92D55	0_2_00A92D55
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC4EAE	0_2_00AC4EAE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B06EB4	0_2_00B06EB4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB6EB4	0_2_00AB6EB4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5CE91	0_2_00B5CE91
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B08E85	0_2_00B08E85
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B56E8C	0_2_00B56E8C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B60EFE	0_2_00B60EFE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACCEF4	0_2_00ACCEF4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B66ED4	0_2_00B66ED4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A5AEC0	0_2_00A5AEC0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9CECF	0_2_00A9CECF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA8ECD	0_2_00AA8ECD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A84EC6	0_2_00A84EC6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B40EC3	0_2_00B40EC3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE0ED5	0_2_00AE0ED5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF4E29	0_2_00AF4E29
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4AE3F	0_2_00B4AE3F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB2E31	0_2_00AB2E31
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA4E02	0_2_00AA4E02
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A94E04	0_2_00A94E04
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B54E04	0_2_00B54E04
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF8E15	0_2_00AF8E15
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABEE6E	0_2_00ABEE6E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A56E74	0_2_00A56E74
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4CE4D	0_2_00B4CE4D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6EFBB	0_2_00B6EFBB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A5EFB0	0_2_00A5EFB0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC6FBB	0_2_00AC6FBB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF4FB4	0_2_00AF4FB4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5EF99	0_2_00B5EF99
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC8F9D	0_2_00AC8F9D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B34F84	0_2_00B34F84
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA2F92	0_2_00AA2F92
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B18FF6	0_2_00B18FF6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3CFC7	0_2_00B3CFC7
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B12F32	0_2_00B12F32
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AEAF3E	0_2_00AEAF3E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFCF1F	0_2_00AFCF1F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7AF04	0_2_00B7AF04
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A4CF74	0_2_00A4CF74
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3EF6C	0_2_00B3EF6C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A80F4B	0_2_00A80F4B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF8F49	0_2_00AF8F49
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B72F5E	0_2_00B72F5E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A86F58	0_2_00A86F58
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A22F50	0_2_00A22F50
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A40F50	0_2_00A40F50
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A58F59	0_2_00A58F59
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8D0A3	0_2_00A8D0A3
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AFF0B6	0_2_00AFF0B6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A930E9	0_2_00A930E9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2D0F2	0_2_00B2D0F2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1F0F9	0_2_00B1F0F9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B050FA	0_2_00B050FA
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3B0FC	0_2_00B3B0FC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B370E5	0_2_00B370E5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B010E8	0_2_00B010E8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B590EA	0_2_00B590EA
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAF0CC	0_2_00AAF0CC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B250D9	0_2_00B250D9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A830C5	0_2_00A830C5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B49031	0_2_00B49031
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A91021	0_2_00A91021
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9B027	0_2_00A9B027
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6D039	0_2_00B6D039
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0D022	0_2_00B0D022
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD100A	0_2_00AD100A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B33014	0_2_00B33014
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3907A	0_2_00B3907A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B1507B	0_2_00B1507B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAB072	0_2_00AAB072
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4F05D	0_2_00B4F05D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B65044	0_2_00B65044
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD3056	0_2_00AD3056
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA7054	0_2_00AA7054
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF31AE	0_2_00AF31AE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A291B0	0_2_00A291B0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B6B1A4	0_2_00B6B1A4
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0F1A8	0_2_00B0F1A8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AD9192	0_2_00AD9192
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B611F5	0_2_00B611F5
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A851F8	0_2_00A851F8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AF71FE	0_2_00AF71FE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A431C2	0_2_00A431C2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B251C6	0_2_00B251C6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B531C1	0_2_00B531C1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A5B1D0	0_2_00A5B1D0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8B1DD	0_2_00A8B1DD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A491DD	0_2_00A491DD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE5125	0_2_00AE5125
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B77122	0_2_00B77122
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B7512D	0_2_00B7512D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA1101	0_2_00AA1101
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B43118	0_2_00B43118
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE711E	0_2_00AE711E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8F16A	0_2_00A8F16A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9914A	0_2_00A9914A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B55156	0_2_00B55156
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADF149	0_2_00ADF149
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B41143	0_2_00B41143
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ADD156	0_2_00ADD156
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B03290	0_2_00B03290
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AEF287	0_2_00AEF287
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A99299	0_2_00A99299
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B77285	0_2_00B77285
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA929E	0_2_00AA929E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB329D	0_2_00AB329D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC5292	0_2_00AC5292
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A3B2E0	0_2_00A3B2E0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B232E8	0_2_00B232E8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B752DC	0_2_00B752DC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A452DD	0_2_00A452DD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A35220	0_2_00A35220
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AED227	0_2_00AED227
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5D227	0_2_00B5D227
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABD23D	0_2_00ABD23D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AC3235	0_2_00AC3235
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9520A	0_2_00A9520A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B09216	0_2_00B09216
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3921A	0_2_00B3921A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABB201	0_2_00ABB201
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00BE5207	0_2_00BE5207
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ACF26A	0_2_00ACF26A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2D27D	0_2_00B2D27D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AB924E	0_2_00AB924E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AAB3A2	0_2_00AAB3A2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B5B3BF	0_2_00B5B3BF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE33A2	0_2_00AE33A2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A773A8	0_2_00A773A8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A913BD	0_2_00A913BD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9B3B2	0_2_00A9B3B2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B713A9	0_2_00B713A9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A97384	0_2_00A97384
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A9D391	0_2_00A9D391
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B3538B	0_2_00B3538B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B17388	0_2_00B17388
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA73E9	0_2_00AA73E9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AE53F1	0_2_00AE53F1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B573DE	0_2_00B573DE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2B3DC	0_2_00B2B3DC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AED3D9	0_2_00AED3D9
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A45327	0_2_00A45327
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4533F	0_2_00B4533F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A5F330	0_2_00A5F330
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A81375	0_2_00A81375
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A5D34D	0_2_00A5D34D
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0935A	0_2_00B0935A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8D4AE	0_2_00A8D4AE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B0F4A1	0_2_00B0F4A1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B4B4AC	0_2_00B4B4AC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00ABB48F	0_2_00ABB48F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A3148F	0_2_00A3148F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B434F0	0_2_00B434F0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A8F4F8	0_2_00A8F4F8

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: String function: 00A28030 appears 44 times
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: String function: 00A34400 appears 65 times

Source: ddySsHnC6l.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: ddySsHnC6l.exe	Static PE information: Section: ZLIB complexity 0.9974114404965754
Source: ddySsHnC6l.exe	Static PE information: Section: mjanwrqb ZLIB complexity 0.9949600805530164

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@3/1

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Code function: 0_2_00A50C70 CoCreateInstance,

0_2_00A50C70

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ddySsHnC6l.exe

ReversingLabs: Detection: 68%

Source: ddySsHnC6l.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

File read: C:\Users\user\Desktop\ddySsHnC6l.exe

Jump to behavior

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: ddySsHnC6l.exe

Static file information: File size 1845248 > 1048576

Source: ddySsHnC6l.exe

Static PE information: Raw size of mjanwrqb is bigger than: 0x100000 < 0x19a400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Unpacked PE file: 0.2.ddySsHnC6l.exe.a20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mjanwrqb:EW;poqismoi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mjanwrqb:EW;poqismoi:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: ddySsHnC6l.exe

Static PE information: real checksum: 0x1cf00c should be: 0x1c8763

Source: ddySsHnC6l.exe	Static PE information: section name:
Source: ddySsHnC6l.exe	Static PE information: section name: .idata
Source: ddySsHnC6l.exe	Static PE information: section name:
Source: ddySsHnC6l.exe	Static PE information: section name: mjanwrqb
Source: ddySsHnC6l.exe	Static PE information: section name: poqismoi
Source: ddySsHnC6l.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A7820E push ebp; mov dword ptr [esp], edi	0_2_00A7933E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A78A14 push ebp; mov dword ptr [esp], eax	0_2_00A7921A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A7A0AD push edi; mov dword ptr [esp], 1ED8081Dh	0_2_00A7A8F8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A7A0AD push edi; mov dword ptr [esp], ebp	0_2_00A7AE9B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A7A0AD push esi; mov dword ptr [esp], eax	0_2_00A7AEBB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A7A0BF push 7C436FF0h; mov dword ptr [esp], esi	0_2_00A7E6E0
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A780D5 push esi; mov dword ptr [esp], edi	0_2_00A780E1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00C200BA push 6D5AB825h; mov dword ptr [esp], ecx	0_2_00C200DA
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00C50054 push ebx; mov dword ptr [esp], ecx	0_2_00C50076
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A7C03B push 6B107971h; mov dword ptr [esp], ebx	0_2_00A7C04A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00CB8068 push eax; mov dword ptr [esp], edi	0_2_00CB8087
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00CB8068 push ecx; mov dword ptr [esp], edx	0_2_00CB80A8
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00CB8068 push ebx; mov dword ptr [esp], esp	0_2_00CB80AC
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA806F push eax; mov dword ptr [esp], 4E0EFF00h	0_2_00AA853B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA806F push eax; mov dword ptr [esp], edi	0_2_00AA8575
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA806F push 4299FE9Ch; mov dword ptr [esp], esi	0_2_00AA85DF
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA806F push 3D026527h; mov dword ptr [esp], edx	0_2_00AA8671
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA806F push edi; mov dword ptr [esp], ebp	0_2_00AA879C
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00AA806F push 28BD645Bh; mov dword ptr [esp], edi	0_2_00AA87BD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00C8A03F push 1C0964B6h; mov dword ptr [esp], ebp	0_2_00C8A063
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A7A1A9 push 546A2FDFh; mov dword ptr [esp], edx	0_2_00A7A1F2
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00A761B8 push ebp; mov dword ptr [esp], esi	0_2_00A761C1
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B38196 push 490D2DB7h; mov dword ptr [esp], eax	0_2_00B3859F
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B38196 push edi; mov dword ptr [esp], ebp	0_2_00B385F6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B38196 push ecx; mov dword ptr [esp], edi	0_2_00B385FD
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B38196 push eax; mov dword ptr [esp], 09B3CD8Ah	0_2_00B3861E
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B38196 push 5169C691h; mov dword ptr [esp], ebx	0_2_00B386CB
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00C6C1F5 push 24EC1545h; mov dword ptr [esp], ecx	0_2_00C6C20A
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2C1F1 push edx; mov dword ptr [esp], eax	0_2_00B2C56B
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2C1F1 push ecx; mov dword ptr [esp], eax	0_2_00B2C5D6
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Code function: 0_2_00B2C1F1 push 57602114h; mov dword ptr [esp], edi	0_2_00B2C615

Source: ddySsHnC6l.exe	Static PE information: section name: entropy: 7.97861499073879
Source: ddySsHnC6l.exe	Static PE information: section name: mjanwrqb entropy: 7.954221738406787

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF0D89 second address: BF0D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edi 0x0000000a jmp 00007FA4D56AF2CAh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF0D9F second address: BF0DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA4D4DAA654h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BEFF7D second address: BEFF81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF02A3 second address: BF02A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF045B second address: BF047F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FA4D56AF2D7h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF05BE second address: BF05D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA652h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF05D8 second address: BF05E2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA4D56AF2C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF3F9F second address: BF3FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF3FA3 second address: BF3FE4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007FA4D56AF2C6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov si, ax 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FA4D56AF2C8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e xor ch, FFFFFF95h 0x00000031 push 7FF14AF2h 0x00000036 pushad 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF3FE4 second address: BF4060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA64Ah 0x00000009 popad 0x0000000a jmp 00007FA4D4DAA64Eh 0x0000000f popad 0x00000010 xor dword ptr [esp], 7FF14A72h 0x00000017 mov dx, si 0x0000001a push 00000003h 0x0000001c stc 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edx 0x00000022 call 00007FA4D4DAA648h 0x00000027 pop edx 0x00000028 mov dword ptr [esp+04h], edx 0x0000002c add dword ptr [esp+04h], 00000015h 0x00000034 inc edx 0x00000035 push edx 0x00000036 ret 0x00000037 pop edx 0x00000038 ret 0x00000039 push 00000003h 0x0000003b push 00000000h 0x0000003d push edi 0x0000003e call 00007FA4D4DAA648h 0x00000043 pop edi 0x00000044 mov dword ptr [esp+04h], edi 0x00000048 add dword ptr [esp+04h], 00000019h 0x00000050 inc edi 0x00000051 push edi 0x00000052 ret 0x00000053 pop edi 0x00000054 ret 0x00000055 push EBA9C8F3h 0x0000005a pushad 0x0000005b pushad 0x0000005c push eax 0x0000005d pop eax 0x0000005e push ecx 0x0000005f pop ecx 0x00000060 popad 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF4060 second address: BF40C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 xor dword ptr [esp], 2BA9C8F3h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FA4D56AF2C8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov edi, dword ptr [ebp+122D2B29h] 0x0000002f lea ebx, dword ptr [ebp+1244FE69h] 0x00000035 mov dword ptr [ebp+122D1E63h], ecx 0x0000003b or ecx, 16BB2341h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FA4D56AF2D6h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF40C4 second address: BF40CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF4156 second address: BF4192 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FA4D56AF2D4h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007FA4D56AF2CCh 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FA4D56AF2CDh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF4192 second address: BF4271 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA651h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007FA4D4DAA653h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 ja 00007FA4D4DAA651h 0x0000001b pushad 0x0000001c jmp 00007FA4D4DAA64Fh 0x00000021 jne 00007FA4D4DAA646h 0x00000027 popad 0x00000028 popad 0x00000029 pop eax 0x0000002a sub ecx, 0467A762h 0x00000030 mov ecx, dword ptr [ebp+122D2A8Dh] 0x00000036 push 00000003h 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007FA4D4DAA648h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 0000001Dh 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 mov dword ptr [ebp+122D24E7h], ebx 0x00000058 call 00007FA4D4DAA650h 0x0000005d mov dword ptr [ebp+122D27A4h], eax 0x00000063 pop ecx 0x00000064 push 00000000h 0x00000066 jp 00007FA4D4DAA64Ch 0x0000006c mov esi, dword ptr [ebp+122D182Eh] 0x00000072 push 00000003h 0x00000074 call 00007FA4D4DAA650h 0x00000079 sub dword ptr [ebp+122D34EAh], edi 0x0000007f pop edx 0x00000080 call 00007FA4D4DAA649h 0x00000085 push eax 0x00000086 push edx 0x00000087 push eax 0x00000088 push edx 0x00000089 pushad 0x0000008a popad 0x0000008b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF4271 second address: BF428A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF428A second address: BF42A4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA4D4DAA64Ch 0x00000008 jns 00007FA4D4DAA646h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jg 00007FA4D4DAA646h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF42A4 second address: BF42B3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF42B3 second address: BF42C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b jo 00007FA4D4DAA648h 0x00000011 push eax 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF42C9 second address: BF42CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF42CF second address: BF430D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 jne 00007FA4D4DAA659h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 push eax 0x00000014 jmp 00007FA4D4DAA64Eh 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jo 00007FA4D4DAA646h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF43D0 second address: BF4427 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FA4D56AF2C8h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 and edx, dword ptr [ebp+122D2A9Dh] 0x0000002c add dx, 8CFEh 0x00000031 push 00000000h 0x00000033 mov dword ptr [ebp+122D1E88h], edi 0x00000039 push FBF04BBFh 0x0000003e push eax 0x0000003f push edx 0x00000040 ja 00007FA4D56AF2C8h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF4427 second address: BF4431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FA4D4DAA646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF4431 second address: BF4469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 040FB4C1h 0x0000000f add dword ptr [ebp+122D1E63h], ecx 0x00000015 push 00000003h 0x00000017 mov esi, dword ptr [ebp+122D2961h] 0x0000001d push 00000000h 0x0000001f sub dword ptr [ebp+122D1B9Ah], esi 0x00000025 push 00000003h 0x00000027 mov edx, dword ptr [ebp+122D1E88h] 0x0000002d push F8B478F1h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF4469 second address: BF446D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF446D second address: BF4473 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF4473 second address: BF44CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA657h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 38B478F1h 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007FA4D4DAA648h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D1E15h], edx 0x00000030 lea ebx, dword ptr [ebp+1244FE7Dh] 0x00000036 mov edi, 6B63F872h 0x0000003b push eax 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BF44CA second address: BF44CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C12E70 second address: C12E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA64Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C12E85 second address: C12E9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FA4D56AF2CCh 0x0000000b popad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C12E9E second address: C12EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C13003 second address: C13022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA4D56AF2C6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push esi 0x0000000f pop esi 0x00000010 jnc 00007FA4D56AF2C6h 0x00000016 popad 0x00000017 jbe 00007FA4D56AF2CEh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C136FD second address: C13709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C13709 second address: C1372C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007FA4D56AF2C6h 0x00000012 jmp 00007FA4D56AF2D1h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C07500 second address: C07506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C07506 second address: C0750A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C0750A second address: C07518 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA4D4DAA646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C143EF second address: C143F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C143F6 second address: C14400 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA4D4DAA652h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C14400 second address: C1440E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA4D56AF2C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C1440E second address: C14412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C14412 second address: C14416 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C14416 second address: C1441C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C146D2 second address: C146D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C146D7 second address: C146DC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C1481A second address: C14821 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C14ADC second address: C14AED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA64Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BDFEBB second address: BDFEC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BDFEC1 second address: BDFEE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FA4D4DAA648h 0x0000000e jmp 00007FA4D4DAA652h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BDFEE3 second address: BDFEE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BDFEE9 second address: BDFEF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA4D4DAA646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BDFEF3 second address: BDFF03 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 js 00007FA4D56AF2C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BDFF03 second address: BDFF07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BDFF07 second address: BDFF0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C18E3B second address: C18E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA4D4DAA646h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C1C1DA second address: C1C1E0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C1C410 second address: C1C414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C1C414 second address: C1C418 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C209EB second address: C209FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA650h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C209FF second address: C20A27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FA4D56AF2C6h 0x0000000d jmp 00007FA4D56AF2D4h 0x00000012 jns 00007FA4D56AF2C6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C20043 second address: C20047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C20047 second address: C20055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C20055 second address: C20059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C20059 second address: C2005D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C2005D second address: C20063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C20607 second address: C20614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C23E3B second address: C23E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA64Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C23FEB second address: C23FF5 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C23FF5 second address: C24028 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA4D4DAA655h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA4D4DAA651h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C24028 second address: C2403E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C24AD2 second address: C24AD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C24E80 second address: C24E9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4D56AF2D7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C25002 second address: C25008 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C25008 second address: C2500C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C2500C second address: C2503D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA654h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007FA4D4DAA652h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C2503D second address: C25047 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA4D56AF2CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C2549D second address: C254D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA657h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA4D4DAA655h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C254D0 second address: C25563 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 add dword ptr [ebp+122D1BC3h], ebx 0x0000000f jmp 00007FA4D56AF2CDh 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007FA4D56AF2C8h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 push edi 0x00000031 add esi, 13A2E088h 0x00000037 pop edi 0x00000038 movsx esi, ax 0x0000003b jc 00007FA4D56AF2CCh 0x00000041 mov dword ptr [ebp+122D1BCEh], esi 0x00000047 push 00000000h 0x00000049 push 00000000h 0x0000004b push edi 0x0000004c call 00007FA4D56AF2C8h 0x00000051 pop edi 0x00000052 mov dword ptr [esp+04h], edi 0x00000056 add dword ptr [esp+04h], 00000018h 0x0000005e inc edi 0x0000005f push edi 0x00000060 ret 0x00000061 pop edi 0x00000062 ret 0x00000063 mov dword ptr [ebp+122D1C3Dh], ebx 0x00000069 xchg eax, ebx 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007FA4D56AF2CFh 0x00000071 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C25E4D second address: C25EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007FA4D4DAA653h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007FA4D4DAA648h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FA4D4DAA648h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 push edi 0x00000047 xor dword ptr [ebp+122D1DC5h], esi 0x0000004d pop esi 0x0000004e push eax 0x0000004f jg 00007FA4D4DAA654h 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C25EBC second address: C25EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C26E82 second address: C26EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jg 00007FA4D4DAA648h 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FA4D4DAA648h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 jmp 00007FA4D4DAA655h 0x0000002c mov si, di 0x0000002f push 00000000h 0x00000031 mov esi, dword ptr [ebp+122D27DDh] 0x00000037 push 00000000h 0x00000039 mov di, 24E4h 0x0000003d mov dword ptr [ebp+122D2507h], eax 0x00000043 push eax 0x00000044 pushad 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C279FB second address: C27A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C27A01 second address: C27A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C27A06 second address: C27A18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C27A18 second address: C27A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C27A1D second address: C27A22 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C28266 second address: C2826A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C28E9A second address: C28F30 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FA4D56AF2D0h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jns 00007FA4D56AF2DFh 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007FA4D56AF2C8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 call 00007FA4D56AF2D0h 0x00000035 or edi, dword ptr [ebp+122D2C47h] 0x0000003b pop esi 0x0000003c or dword ptr [ebp+122D19FAh], edi 0x00000042 push 00000000h 0x00000044 xor dword ptr [ebp+122D2ED7h], edx 0x0000004a add dword ptr [ebp+122D1B58h], edx 0x00000050 xchg eax, ebx 0x00000051 push edx 0x00000052 jnl 00007FA4D56AF2C8h 0x00000058 pop edx 0x00000059 push eax 0x0000005a push edi 0x0000005b push eax 0x0000005c push edx 0x0000005d jno 00007FA4D56AF2C6h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C28F30 second address: C28F34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C2C045 second address: C2C04F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA4D56AF2C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C316F6 second address: C316FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C316FC second address: C31700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C31700 second address: C3170F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3378C second address: C33790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C33790 second address: C337A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jno 00007FA4D4DAA646h 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3181C second address: C31830 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4D56AF2D0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C337A0 second address: C337B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA4D4DAA651h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C31830 second address: C31834 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C337B8 second address: C337E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA4D4DAA652h 0x0000000b jmp 00007FA4D4DAA651h 0x00000010 jne 00007FA4D4DAA646h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C337E9 second address: C337F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C31834 second address: C318C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D1CA7h], edx 0x00000011 push dword ptr fs:[00000000h] 0x00000018 call 00007FA4D4DAA64Ch 0x0000001d and ebx, dword ptr [ebp+122D1BC9h] 0x00000023 pop edi 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b pushad 0x0000002c mov edi, 7BDFDBBEh 0x00000031 call 00007FA4D4DAA64Ah 0x00000036 mov edi, dword ptr [ebp+122D29E5h] 0x0000003c pop edx 0x0000003d popad 0x0000003e mov eax, dword ptr [ebp+122D134Dh] 0x00000044 mov di, B1C7h 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push edx 0x0000004d call 00007FA4D4DAA648h 0x00000052 pop edx 0x00000053 mov dword ptr [esp+04h], edx 0x00000057 add dword ptr [esp+04h], 00000019h 0x0000005f inc edx 0x00000060 push edx 0x00000061 ret 0x00000062 pop edx 0x00000063 ret 0x00000064 mov edi, dword ptr [ebp+122D2ACDh] 0x0000006a push eax 0x0000006b pushad 0x0000006c jne 00007FA4D4DAA64Ch 0x00000072 push eax 0x00000073 push edx 0x00000074 pushad 0x00000075 popad 0x00000076 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C34E22 second address: C34E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C34109 second address: C3410E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3410E second address: C3412B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4D56AF2D9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C341DF second address: C34208 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA658h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jc 00007FA4D4DAA648h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C34F2C second address: C34F4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA4D56AF2D4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C35016 second address: C3501C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C36147 second address: C3616C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FA4D56AF2C8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C38DB1 second address: C38DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C39CD3 second address: C39CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C39CD7 second address: C39CDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C39CDD second address: C39CE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C39CE3 second address: C39CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3ACDC second address: C3ACE9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3ACE9 second address: C3AD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA64Fh 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3AD05 second address: C3AD14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BE9F46 second address: BE9F5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA64Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3AF05 second address: C3AF0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3D4D1 second address: C3D4F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA4D4DAA653h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3D4F0 second address: C3D4FA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3E48B second address: C3E4AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA652h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FA4D4DAA654h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C401E6 second address: C401EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C401EA second address: C40203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FA4D4DAA64Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3E4AC second address: C3E53C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, 7B79D4B3h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 pushad 0x00000018 jns 00007FA4D56AF2CCh 0x0000001e sbb di, 09E2h 0x00000023 popad 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b adc ebx, 617140E2h 0x00000031 mov edi, dword ptr [ebp+1244C684h] 0x00000037 mov eax, dword ptr [ebp+122D0741h] 0x0000003d mov dword ptr [ebp+122D1A3Dh], eax 0x00000043 push FFFFFFFFh 0x00000045 push 00000000h 0x00000047 push edx 0x00000048 call 00007FA4D56AF2C8h 0x0000004d pop edx 0x0000004e mov dword ptr [esp+04h], edx 0x00000052 add dword ptr [esp+04h], 00000019h 0x0000005a inc edx 0x0000005b push edx 0x0000005c ret 0x0000005d pop edx 0x0000005e ret 0x0000005f mov dword ptr [ebp+1244C062h], eax 0x00000065 push eax 0x00000066 js 00007FA4D56AF2E7h 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007FA4D56AF2D5h 0x00000073 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C40203 second address: C40208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3E53C second address: C3E540 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C40208 second address: C4024E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jng 00007FA4D4DAA646h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FA4D4DAA648h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 add bx, 81C2h 0x0000002c mov edi, dword ptr [ebp+124506FDh] 0x00000032 push 00000000h 0x00000034 movsx ebx, di 0x00000037 push 00000000h 0x00000039 mov dword ptr [ebp+122D1FEEh], edx 0x0000003f push eax 0x00000040 push ebx 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3F524 second address: C3F53C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FA4D56AF2C6h 0x00000009 jne 00007FA4D56AF2C6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C3F53C second address: C3F541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C427CA second address: C427D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C43AC9 second address: C43AD8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA4D4DAA646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C49605 second address: C49626 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA4D56AF2C6h 0x00000008 jmp 00007FA4D56AF2D7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C49626 second address: C4962B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C4CF74 second address: C4CF78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C4CF78 second address: C4CFA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push edi 0x0000000a jmp 00007FA4D4DAA64Fh 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA4D4DAA650h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C4D223 second address: C4D228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C4D228 second address: C4D22E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C52EFB second address: C52EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C52EFF second address: C52F0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA64Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C52F0F second address: C52F14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C53755 second address: C5375B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5375B second address: C53761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C53761 second address: C537A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA4D4DAA646h 0x0000000a popad 0x0000000b jno 00007FA4D4DAA65Fh 0x00000011 jmp 00007FA4D4DAA653h 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C53CB3 second address: C53CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jns 00007FA4D56AF2D2h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C53CCC second address: C53CE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4D4DAA656h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C53CE8 second address: C53CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C53CEC second address: C53D12 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA4D4DAA646h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA4D4DAA656h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BE191E second address: BE1923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58618 second address: C58630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA654h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58788 second address: C5878E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5878E second address: C58794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5895B second address: C5895F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58BAD second address: C58BBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007FA4D4DAA646h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58BBA second address: C58BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58D2A second address: C58D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58D37 second address: C58D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007FA4D56AF2CCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58D44 second address: C58D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58D48 second address: C58D52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C58D52 second address: C58D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5903F second address: C59046 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C59046 second address: C5904F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5904F second address: C59071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C59071 second address: C5907E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jbe 00007FA4D4DAA648h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5907E second address: C59083 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C59311 second address: C59329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4D4DAA64Eh 0x00000009 jl 00007FA4D4DAA646h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C59329 second address: C5932F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5932F second address: C59343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FA4D4DAA64Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5CDD0 second address: C5CDD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C227B0 second address: C227E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA653h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov dword ptr [esp], eax 0x0000000d jp 00007FA4D4DAA649h 0x00000013 mov ecx, edi 0x00000015 lea eax, dword ptr [ebp+1247E529h] 0x0000001b push eax 0x0000001c push ecx 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C227E1 second address: C07500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007FA4D56AF2C8h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 xor cl, FFFFFFB6h 0x00000026 call dword ptr [ebp+122D27AAh] 0x0000002c pushad 0x0000002d push ebx 0x0000002e push edx 0x0000002f pop edx 0x00000030 pop ebx 0x00000031 pushad 0x00000032 jbe 00007FA4D56AF2C6h 0x00000038 jmp 00007FA4D56AF2D4h 0x0000003d jmp 00007FA4D56AF2D9h 0x00000042 popad 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C22E90 second address: C22E94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C22F8E second address: C22F9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C23661 second address: C23665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C2373E second address: C23745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C23908 second address: C23934 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a or dword ptr [ebp+122D1AF7h], edx 0x00000010 lea eax, dword ptr [ebp+1247E56Dh] 0x00000016 nop 0x00000017 pushad 0x00000018 js 00007FA4D4DAA648h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FA4D4DAA64Ah 0x00000027 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C23934 second address: C23956 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C23956 second address: C2395A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C080BD second address: C080C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C080C4 second address: C080DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jno 00007FA4D4DAA646h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e jl 00007FA4D4DAA652h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C080DA second address: C080E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D0FC second address: C5D114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jg 00007FA4D4DAA646h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D114 second address: C5D11A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D265 second address: C5D2B7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA4D4DAA646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FA4D4DAA656h 0x00000010 jmp 00007FA4D4DAA64Ah 0x00000015 jno 00007FA4D4DAA646h 0x0000001b jmp 00007FA4D4DAA657h 0x00000020 popad 0x00000021 jo 00007FA4D4DAA697h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FA4D4DAA652h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D2B7 second address: C5D2C1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA4D56AF2C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D885 second address: C5D889 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D889 second address: C5D88F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D88F second address: C5D89B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D9E6 second address: C5D9EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C5D9EC second address: C5D9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C60FB3 second address: C60FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA4D56AF2CBh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FA4D56AF2C6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C60FCD second address: C60FD3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BE8447 second address: BE847E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2D8h 0x00000007 jmp 00007FA4D56AF2D1h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FA4D56AF2C6h 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C66C82 second address: C66C8E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA4D4DAA64Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C658AD second address: C658C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 jmp 00007FA4D56AF2D1h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C658C8 second address: C658E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA654h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65A5F second address: C65A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA4D56AF2C6h 0x0000000a jmp 00007FA4D56AF2CAh 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65A77 second address: C65A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA64Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65D32 second address: C65D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65D37 second address: C65D3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65EC1 second address: C65EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65EC8 second address: C65ED4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA4D4DAA646h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65ED4 second address: C65ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65ED8 second address: C65F07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA650h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007FA4D4DAA65Dh 0x00000011 jmp 00007FA4D4DAA651h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C661B2 second address: C661E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a pushad 0x0000000b jmp 00007FA4D56AF2D3h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FA4D56AF2D2h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C661E6 second address: C66203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA4D4DAA655h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C66375 second address: C663A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D56AF2D1h 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FA4D56AF2D5h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C663A2 second address: C663AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007FA4D4DAA646h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C66545 second address: C6654F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA4D56AF2C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C666C6 second address: C666EF instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA4D4DAA646h 0x00000008 jg 00007FA4D4DAA646h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA4D4DAA657h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C666EF second address: C666F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C666F7 second address: C66729 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007FA4D4DAA646h 0x00000009 jmp 00007FA4D4DAA64Ah 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007FA4D4DAA64Fh 0x00000017 push ecx 0x00000018 push edx 0x00000019 pop edx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d je 00007FA4D4DAA646h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65257 second address: C65289 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA4D56AF2D1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jng 00007FA4D56AF2D3h 0x00000011 jnp 00007FA4D56AF2CEh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C65289 second address: C652BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jbe 00007FA4D4DAA646h 0x0000000f pop edi 0x00000010 popad 0x00000011 pushad 0x00000012 push ebx 0x00000013 je 00007FA4D4DAA646h 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FA4D4DAA656h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6E768 second address: C6E76E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6E76E second address: C6E774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6E898 second address: C6E8BA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FA4D56AF2D8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6E8BA second address: C6E8BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6E9F3 second address: C6EA1B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA4D56AF2C6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA4D56AF2D8h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6EA1B second address: C6EA1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6EA1F second address: C6EA39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6EA39 second address: C6EA3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6EA3E second address: C6EA58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA4D56AF2CBh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6EA58 second address: C6EA62 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA4D4DAA646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C6EA62 second address: C6EA80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2CDh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA4D56AF2CDh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BDC8E9 second address: BDC8ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C70F41 second address: C70F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C77EAE second address: C77EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C77EB4 second address: C77EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C77EB8 second address: C77ED4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA658h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7807D second address: C78083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C78259 second address: C7825F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C783BA second address: C783C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C784EF second address: C784F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C784F5 second address: C784F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C784F9 second address: C784FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C784FD second address: C78509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C78509 second address: C78539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA653h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA4D4DAA655h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C786BA second address: C786BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C786BE second address: C786C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C786C2 second address: C786CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C22D3C second address: C22D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 xor dword ptr [esp], 5EDD645Bh 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FA4D4DAA648h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 push 0D0E0F39h 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FA4D4DAA657h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C234A1 second address: C234B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C234B1 second address: C234DB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 cmc 0x00000009 mov edi, dword ptr [ebp+122D2D5Eh] 0x0000000f push 00000004h 0x00000011 adc di, 790Fh 0x00000016 movsx edx, ax 0x00000019 nop 0x0000001a push edx 0x0000001b push edi 0x0000001c ja 00007FA4D4DAA646h 0x00000022 pop edi 0x00000023 pop edx 0x00000024 push eax 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push edx 0x00000029 pop edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C234DB second address: C234DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C789D4 second address: C789DA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C79386 second address: C7938F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7C86F second address: C7C877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7CA21 second address: C7CA25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7CA25 second address: C7CA32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7CB83 second address: C7CB88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7CE8E second address: C7CE95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7CE95 second address: C7CE9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7CFCE second address: C7CFF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 jmp 00007FA4D4DAA658h 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FA4D4DAA646h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7CFF5 second address: C7D00B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C7D00B second address: C7D036 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA4D4DAA646h 0x00000008 js 00007FA4D4DAA646h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA4D4DAA658h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C80BAA second address: C80BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007FA4D56AF2C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C80BB8 second address: C80BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C80BBD second address: C80BC2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C80CCF second address: C80CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C80CD3 second address: C80CE9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA4D56AF2C6h 0x00000008 jng 00007FA4D56AF2C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C80CE9 second address: C80CF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA64Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C80FE4 second address: C81017 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007FA4D56AF2CEh 0x0000000e jmp 00007FA4D56AF2D7h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C81017 second address: C8101D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C8101D second address: C81021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C81021 second address: C81025 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C896EC second address: C896F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C896F0 second address: C896F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C87616 second address: C87633 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA4D56AF2D7h 0x00000008 jmp 00007FA4D56AF2CFh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C87633 second address: C87637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C87637 second address: C8763B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C87790 second address: C87796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C87796 second address: C877AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 js 00007FA4D56AF2D2h 0x0000000d jc 00007FA4D56AF2C6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C877AB second address: C877AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C884C1 second address: C884C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C884C9 second address: C884D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FA4D4DAA646h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C884D9 second address: C884F1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FA4D56AF2D2h 0x00000010 jne 00007FA4D56AF2C6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C884F1 second address: C884F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C88A7A second address: C88A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C8907A second address: C890C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA657h 0x00000009 popad 0x0000000a push esi 0x0000000b jmp 00007FA4D4DAA652h 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FA4D4DAA658h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C890C9 second address: C890E0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA4D56AF2C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA4D56AF2CBh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BE6865 second address: BE6869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BE6869 second address: BE686F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: BE686F second address: BE6875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C912A2 second address: C912B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D56AF2CAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C91416 second address: C9141C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C9141C second address: C91422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C91422 second address: C91427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C91427 second address: C9142C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C915A5 second address: C915C3 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA4D4DAA64Ch 0x00000008 jns 00007FA4D4DAA646h 0x0000000e push esi 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop esi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C915C3 second address: C915D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FA4D56AF2C8h 0x0000000b js 00007FA4D56AF2CCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C91850 second address: C9185A instructions: 0x00000000 rdtsc 0x00000002 js 00007FA4D4DAA646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C9185A second address: C9185F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C9185F second address: C91865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C919D8 second address: C91A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D56AF2CBh 0x00000009 jmp 00007FA4D56AF2D5h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007FA4D56AF2C6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C91BA6 second address: C91BB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C91BB7 second address: C91BBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C91BBB second address: C91BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C91BC1 second address: C91BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4D56AF2D0h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98026 second address: C9802B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C9802B second address: C98031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98031 second address: C98048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA64Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C9819C second address: C981EE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jc 00007FA4D56AF2C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jo 00007FA4D56AF2C6h 0x00000013 jmp 00007FA4D56AF2D9h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b popad 0x0000001c jl 00007FA4D56AF2F2h 0x00000022 jmp 00007FA4D56AF2D9h 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98514 second address: C9851A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C9851A second address: C9855F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FA4D56AF2CDh 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FA4D56AF2D9h 0x00000011 popad 0x00000012 jmp 00007FA4D56AF2D0h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C986DC second address: C986E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA4D4DAA646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C986E6 second address: C986F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D56AF2CBh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C989F3 second address: C98A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA4D4DAA646h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007FA4D4DAA653h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98B7C second address: C98B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D56AF2D9h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98B9D second address: C98BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FA4D4DAA64Ch 0x0000000b pop esi 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FA4D4DAA646h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98E94 second address: C98E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98E98 second address: C98EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jo 00007FA4D4DAA646h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98EA9 second address: C98EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98EAE second address: C98ED4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FA4D4DAA658h 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d je 00007FA4D4DAA646h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C98ED4 second address: C98ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C9980A second address: C99814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA4D4DAA646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C99814 second address: C99818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C99EBF second address: C99EC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C99EC3 second address: C99ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007FA4D56AF2C6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C99ED3 second address: C99EE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA64Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C99EE4 second address: C99F02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4D56AF2D8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C99F02 second address: C99F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C99F06 second address: C99F1A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: C99F1A second address: C99F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA4D4DAA654h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA4D4DAA64Dh 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CA0D5E second address: CA0D77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FA4D56AF2C6h 0x00000009 jmp 00007FA4D56AF2CEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CA0D77 second address: CA0D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b js 00007FA4D4DAA646h 0x00000011 pop esi 0x00000012 jp 00007FA4D4DAA64Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CA0D91 second address: CA0DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jno 00007FA4D56AF2C8h 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CB15B9 second address: CB15D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA4D4DAA651h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CB11D2 second address: CB11EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007FA4D56AF2CEh 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CB8C71 second address: CB8C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CBB0D3 second address: CBB0E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007FA4D56AF2CEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CBB0E3 second address: CBB105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnc 00007FA4D4DAA64Ch 0x0000000c popad 0x0000000d pushad 0x0000000e jnc 00007FA4D4DAA64Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CBB105 second address: CBB109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CBB109 second address: CBB119 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FA4D4DAA646h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CC0A28 second address: CC0A3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA4D56AF2D0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCCAAB second address: CCCAC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA653h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCCC20 second address: CCCC39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FA4D56AF2C6h 0x0000000d jmp 00007FA4D56AF2CCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCCC39 second address: CCCC4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA651h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCCDC4 second address: CCCDC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCD067 second address: CCD06D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCD06D second address: CCD071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCD071 second address: CCD075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCD20E second address: CCD220 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FA4D56AF2CBh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCD220 second address: CCD237 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA651h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCD4B3 second address: CCD4E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FA4D56AF2D4h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FA4D56AF2CCh 0x00000013 push esi 0x00000014 jno 00007FA4D56AF2C6h 0x0000001a pop esi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jng 00007FA4D56AF2CCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCD4E0 second address: CCD4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4D4DAA659h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCD4FD second address: CCD50F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4D56AF2CCh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCDED1 second address: CCDED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCDED7 second address: CCDF03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA4D56AF2CFh 0x0000000b jmp 00007FA4D56AF2D7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CCDF03 second address: CCDF43 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA4D4DAA646h 0x00000008 jmp 00007FA4D4DAA650h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FA4D4DAA653h 0x00000014 popad 0x00000015 pushad 0x00000016 push edx 0x00000017 jno 00007FA4D4DAA646h 0x0000001d pop edx 0x0000001e push edx 0x0000001f jne 00007FA4D4DAA646h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CD105E second address: CD1062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CD1062 second address: CD1078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FA4D4DAA64Ch 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CDE5D6 second address: CDE5E0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CDE5E0 second address: CDE5E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CEC7C1 second address: CEC7C7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CF0B63 second address: CF0B7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007FA4D4DAA652h 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CF0702 second address: CF070C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CF21F4 second address: CF21F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: CF21F9 second address: CF21FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: D06A3E second address: D06A63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA652h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007FA4D4DAA64Bh 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: D06328 second address: D0632E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: D0983A second address: D09854 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4D4DAA655h 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	RDTSC instruction interceptor: First address: D0C665 second address: D0C66F instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA4D56AF2C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Special instruction interceptor: First address: C4280D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Special instruction interceptor: First address: C22931 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Special instruction interceptor: First address: CA3625 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Code function: 0_2_00A7A53E rdtsc

0_2_00A7A53E

Source: C:\Users\user\Desktop\ddySsHnC6l.exe TID: 7652	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe TID: 7668	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: ddySsHnC6l.exe, ddySsHnC6l.exe, 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: ddySsHnC6l.exe, 00000000.00000003.1384772885.0000000001498000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1392943453.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395151977.0000000001499000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395252073.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: ddySsHnC6l.exe, 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	File opened: NTICE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	File opened: SICE
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\ddySsHnC6l.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Code function: 0_2_00A7A53E rdtsc

0_2_00A7A53E

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Code function: 0_2_00A5C1F0 LdrInitializeThunk,

0_2_00A5C1F0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: ddySsHnC6l.exe	String found in binary or memory: rapeflowwj.lat
Source: ddySsHnC6l.exe	String found in binary or memory: sustainskelet.lat
Source: ddySsHnC6l.exe	String found in binary or memory: crosshuaht.lat
Source: ddySsHnC6l.exe	String found in binary or memory: energyaffai.lat
Source: ddySsHnC6l.exe	String found in binary or memory: aspecteirs.lat
Source: ddySsHnC6l.exe	String found in binary or memory: discokeyus.lat
Source: ddySsHnC6l.exe	String found in binary or memory: necklacebudi.lat
Source: ddySsHnC6l.exe	String found in binary or memory: sweepyribs.lat
Source: ddySsHnC6l.exe	String found in binary or memory: grannyejh.lat

Source: ddySsHnC6l.exe, ddySsHnC6l.exe, 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: ?Program Manager

Source: C:\Users\user\Desktop\ddySsHnC6l.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
ddySsHnC6l.exe	68%	ReversingLabs	Win32.Trojan.Generic
ddySsHnC6l.exe	100%	Avira	TR/Crypt.XPACK.Gen
ddySsHnC6l.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
discokeyus.lat	172.67.197.170	true	false	high
grannyejh.lat	unknown	unknown	false	high
sweepyribs.lat	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
sweepyribs.lat	false	high
necklacebudi.lat	false	high
sustainskelet.lat	false	high
crosshuaht.lat	false	high
rapeflowwj.lat	false	high
https://discokeyus.lat/api	false	high
aspecteirs.lat	false	high
grannyejh.lat	false	high
energyaffai.lat	false	high
discokeyus.lat	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://discokeyus.lat/:	ddySsHnC6l.exe, 00000000.00000002.1395252073.00000000014CB000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1392943453.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014C7000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://discokeyus.lat/7	ddySsHnC6l.exe, 00000000.00000003.1392943453.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395252073.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://crl.micro	ddySsHnC6l.exe, 00000000.00000003.1392306103.000000000151D000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000003.1384772885.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	false	high
https://discokeyus.lat/	ddySsHnC6l.exe, 00000000.00000003.1393494316.00000000014B2000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395097108.000000000146E000.00000004.00000020.00020000.00000000.sdmp, ddySsHnC6l.exe, 00000000.00000002.1395199886.00000000014B2000.00000004.00000020.00020000.00000000.sdmp	false	high
https://discokeyus.lat/A	ddySsHnC6l.exe, 00000000.00000002.1395097108.000000000146E000.00000004.00000020.00020000.00000000.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.197.170	discokeyus.lat	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578949
Start date and time:	2024-12-20 17:00:43 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ddySsHnC6l.exe renamed because original name is a hash value
Original Sample Name:	dbf748514eb0fc59b54eec27da278552.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@3/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, time.windows.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: ddySsHnC6l.exe

Simulations

Behavior and APIs

Time	Type	Description
11:01:46	API Interceptor	4x Sleep call for process: ddySsHnC6l.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.197.170	XNtOBQ5NHr.exe	Get hash	malicious	LummaC, Stealc	Browse
	Z8oTIWCyDE.exe	Get hash	malicious	LummaC	Browse
	BB4S2ErvqK.exe	Get hash	malicious	LummaC	Browse
	rEK6Z2DVp8.exe	Get hash	malicious	LummaC	Browse
	iv382V1eOK.exe	Get hash	malicious	LummaC	Browse
	f4p4BwljZt.exe	Get hash	malicious	LummaC	Browse
	Qmg24kMXxU.exe	Get hash	malicious	LummaC, Stealc	Browse
	R2CgZG545D.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	ylV1TcJ86R.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
discokeyus.lat	NAliwxUTJ4.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	XNtOBQ5NHr.exe	Get hash	malicious	LummaC, Stealc	Browse	172.67.197.170
	Z8oTIWCyDE.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	1QNOKwVoOT.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	104.21.21.99
	BB4S2ErvqK.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	rEK6Z2DVp8.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	iv382V1eOK.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	gJkNLYV0ax.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	m21jm5y5Z5.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	gEfWplq0xQ.exe	Get hash	malicious	LummaC	Browse	104.21.21.99

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	NAliwxUTJ4.exe	Get hash	malicious	LummaC	Browse	104.21.21.99
	XNtOBQ5NHr.exe	Get hash	malicious	LummaC, Stealc	Browse	172.67.197.170
	Z8oTIWCyDE.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	1QNOKwVoOT.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	104.21.21.99
	http://email.mg.mylearninghub.com/c/eJyUzr9OxCAcAOCngc2Gf6UwMBjPeiZ3i4nJeRuF3vWXUlBKz9anNw5OTu7f8HlDnacU94Y2XEhKJFF4MPqinXaO1KLXyhHbKKuJrLUinXVKKgyGESYoo5oyKkVT-UbwWrva876RjikkyHStpi30NkeI12HpKpcmHMxQyvuM-D1iLWKt70Oxv-ivR6y1SxkQay-Q53JIV4htCiF9HiCOiLcu-f4hxQvkCfHdG23G7vixvj4v9XY80ePTeHoJqzz79XGvzivZf51P4w0Qk-AR30muFM7GbnHJVWfzCBEJ4i2AG-ButnHc0k-jKhmX_83xzbDvAAAA__-qL3Ha	Get hash	malicious	Unknown	Browse	104.18.42.227
	https://dnearymedahealthstaffing.wordpress.com/medahealthstaffing-proposal/	Get hash	malicious	HTMLPhisher	Browse	104.21.73.56
	BB4S2ErvqK.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	rEK6Z2DVp8.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	iv382V1eOK.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	gJkNLYV0ax.exe	Get hash	malicious	LummaC	Browse	104.21.21.99

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	NAliwxUTJ4.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	XNtOBQ5NHr.exe	Get hash	malicious	LummaC, Stealc	Browse	172.67.197.170
	Z8oTIWCyDE.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	1QNOKwVoOT.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	172.67.197.170
	BB4S2ErvqK.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	rEK6Z2DVp8.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	iv382V1eOK.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	gJkNLYV0ax.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	m21jm5y5Z5.exe	Get hash	malicious	LummaC	Browse	172.67.197.170
	gEfWplq0xQ.exe	Get hash	malicious	LummaC	Browse	172.67.197.170

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947534742466939
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	ddySsHnC6l.exe
File size:	1'845'248 bytes
MD5:	dbf748514eb0fc59b54eec27da278552
SHA1:	560c98e2a75723a0197b6ae15a2e80722780f833
SHA256:	652153f3fa503f2195eba2b5a62ac610183e2e1eda924e9a54601b919414642f
SHA512:	d67e991d4d63e6297c7fe0f548ee8b23b8ec875a865c6615df9c5c1a3c97d9a298bd8be5bee4ac9008bc9b9401174b5ca7ccda7430ea515d340a24ac6ae96fa9
SSDEEP:	49152:cGjd2aZyJQRC4eAVzGEtN1pDkhznzut/2iv:njdxDeA0EtNTDSzun
TLSH:	7D85336DBC86EBF2CA1361780F87D08CF770590014A669629F35D1BEFE6E31EA312552
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I...........@.................................T0..h..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x895000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FA4D56A14DAh
clts
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FA4D56A34D5h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx+00000080h], dh
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or al, 80h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x53054	0x68	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x52000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x531f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x51000	0x24800	50e91189e3fa1b24c916c0a646f7ad5c	False	0.9974114404965754	DOS executable (COM)	7.97861499073879	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x52000	0x1ac	0x200	75720b8ea60aa06a31806981b744f74e	False	0.5390625	data	5.245569576626531	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x53000	0x1000	0x200	19a29171433eeef17e42fd663f137134	False	0.14453125	data	0.9996515881509258	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x54000	0x2a5000	0x200	e1ff97586856d29e9b2c234e9168ab1a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mjanwrqb	0x2f9000	0x19b000	0x19a400	151492a4dfbf45d4908597e04b058e67	False	0.9949600805530164	data	7.954221738406787	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
poqismoi	0x494000	0x1000	0x400	3548fd644410779e2bd0529ff8e2ecca	False	0.7578125	data	6.019701692077514	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x495000	0x3000	0x2200	23bae3961ad1d287814db0aae0761c3c	False	0.07755055147058823	DOS executable (COM)	0.8902383831259844	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x52058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-20T17:01:47.417204+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.7	62069	1.1.1.1	53	UDP
2024-12-20T17:01:47.671765+0100	2058364	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)	1	192.168.2.7	50133	1.1.1.1	53	UDP
2024-12-20T17:01:48.010227+0100	2058360	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)	1	192.168.2.7	55919	1.1.1.1	53	UDP
2024-12-20T17:01:49.431080+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.7	49704	172.67.197.170	443	TCP
2024-12-20T17:01:49.431080+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49704	172.67.197.170	443	TCP
2024-12-20T17:01:50.202272+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49704	172.67.197.170	443	TCP
2024-12-20T17:01:50.202272+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49704	172.67.197.170	443	TCP
2024-12-20T17:01:51.364983+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.7	49710	172.67.197.170	443	TCP
2024-12-20T17:01:51.364983+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49710	172.67.197.170	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 17:01:48.158673048 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:48.158715010 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:48.158854008 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:48.203552961 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:48.203582048 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:49.430960894 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:49.431080103 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:49.434396982 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:49.434403896 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:49.434638977 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:49.473948002 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:49.484062910 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:49.484081984 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:49.484169960 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:50.202260017 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:50.202383995 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:50.202563047 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:50.205082893 CET	49704	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:50.205099106 CET	443	49704	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:50.221709013 CET	49710	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:50.221776962 CET	443	49710	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:50.221859932 CET	49710	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:50.222470045 CET	49710	443	192.168.2.7	172.67.197.170
Dec 20, 2024 17:01:50.222487926 CET	443	49710	172.67.197.170	192.168.2.7
Dec 20, 2024 17:01:51.364983082 CET	49710	443	192.168.2.7	172.67.197.170

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 17:01:47.417203903 CET	62069	53	192.168.2.7	1.1.1.1
Dec 20, 2024 17:01:47.555120945 CET	53	62069	1.1.1.1	192.168.2.7
Dec 20, 2024 17:01:47.671765089 CET	50133	53	192.168.2.7	1.1.1.1
Dec 20, 2024 17:01:47.906364918 CET	53	50133	1.1.1.1	192.168.2.7
Dec 20, 2024 17:01:48.010226965 CET	55919	53	192.168.2.7	1.1.1.1
Dec 20, 2024 17:01:48.151591063 CET	53	55919	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 20, 2024 17:01:47.417203903 CET	192.168.2.7	1.1.1.1	0x1ed9	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 20, 2024 17:01:47.671765089 CET	192.168.2.7	1.1.1.1	0xece0	Standard query (0)	grannyejh.lat	A (IP address)	IN (0x0001)	false
Dec 20, 2024 17:01:48.010226965 CET	192.168.2.7	1.1.1.1	0x2439	Standard query (0)	discokeyus.lat	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 20, 2024 17:01:47.555120945 CET	1.1.1.1	192.168.2.7	0x1ed9	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 20, 2024 17:01:47.906364918 CET	1.1.1.1	192.168.2.7	0xece0	Name error (3)	grannyejh.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 20, 2024 17:01:48.151591063 CET	1.1.1.1	192.168.2.7	0x2439	No error (0)	discokeyus.lat		172.67.197.170	A (IP address)	IN (0x0001)	false
Dec 20, 2024 17:01:48.151591063 CET	1.1.1.1	192.168.2.7	0x2439	No error (0)	discokeyus.lat		104.21.21.99	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

discokeyus.lat

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49704	172.67.197.170	443	7488	C:\Users\user\Desktop\ddySsHnC6l.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 16:01:49 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: discokeyus.lat
2024-12-20 16:01:49 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-20 16:01:50 UTC	1123	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 16:01:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=74o0bkqcbh126u7i2gu5l10btb; expires=Tue, 15 Apr 2025 09:48:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ocNXnSFECVQ%2FQfj3QxCDjddWmbW%2BxKvqXdly2QHMCuYlsxzG0ZZFKLED34CtrU09rkvC3iGQavQz8ffDggxXm8ZJ2DZ8rp5zSTMCmFsQowmVMexYxN8Bn2UGvSIXDC0Wtw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f50da6dab0b431f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1760&min_rtt=1759&rtt_var=661&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2833&recv_bytes=905&delivery_rate=1660034&cwnd=249&unsent_bytes=0&cid=661af37c7543bb4f&ts=783&x=0"
2024-12-20 16:01:50 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-20 16:01:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	11:01:44
Start date:	20/12/2024
Path:	C:\Users\user\Desktop\ddySsHnC6l.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ddySsHnC6l.exe"
Imagebase:	0xa20000
File size:	1'845'248 bytes
MD5 hash:	DBF748514EB0FC59B54EEC27DA278552
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	30.6%
Total number of Nodes:	49
Total number of Limit Nodes:	3

Executed Functions

Function 00A28850 Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00A28AD1

Part of subcall function 00A2C550: CoInitializeEx.COMBASE(00000000,00000002), ref: 00A2C564

Part of subcall function 00A2B390: FreeLibrary.KERNEL32(00A28AB8), ref: 00A2B396
Part of subcall function 00A2B390: FreeLibrary.KERNEL32 ref: 00A2B3B7

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: FreeLibrary$ExitInitializeProcess
String ID:
API String ID: 3534244204-0
Opcode ID: 12773db602800e68b5655c025f1aceb0c7c6c4a02b408f47f0a2e6bd18babc6a
Instruction ID: 34f1b8d31fde407faaa42e7cad8a6eb3b64fb47fb47dfc10b5669c3221c4933b
Opcode Fuzzy Hash: 12773db602800e68b5655c025f1aceb0c7c6c4a02b408f47f0a2e6bd18babc6a
Instruction Fuzzy Hash: E651A9B7F112280BD71CAABD9D467AA75878BC5720F1F813DA944DB7C6ECB88C0542C1

Function 00A5C1F0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00A5E31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00A5C21E

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00A5C767 Relevance: 1.3, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,+*), xrefs: 00A5C790

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: ,+*)
API String ID: 0-3529585375
Opcode ID: 5cddbf0f430cd4b437429c9dc923a44cbdfb0a9e1b489478bea2c968cf9a300d
Instruction ID: 7ca982f206ddcb24587593aacea26eb99729280889c089eed27e9352c2fafe72
Opcode Fuzzy Hash: 5cddbf0f430cd4b437429c9dc923a44cbdfb0a9e1b489478bea2c968cf9a300d
Instruction Fuzzy Hash: D931A579B402119FDB14CF58CC91BBEB7B2BB49315F249128E902A7394CB75AC05C790

Function 00A29C4A Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b4a8401a4a10034df3637876b80cdb8f1ce1432dffe7e21a23c0079d535dd96
Instruction ID: 1b452e33806327842bfaf3d588b29ff0152cf791ea19ff3dcf72233d1b9bd384
Opcode Fuzzy Hash: 6b4a8401a4a10034df3637876b80cdb8f1ce1432dffe7e21a23c0079d535dd96
Instruction Fuzzy Hash: E4113471A893408FD300CFA8D9812ABBBE2EBC6314F08452CE0D2AB351C675990F8707

Function 00A2C583 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00A2C595

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 72902beb858b63627946bddb77863d7b59cc287f85ec60883de2aef320a96147
Instruction ID: 813ced2ecca0e3e789e001b317b60140c976da3e6172fe080cbcbe4d58047074
Opcode Fuzzy Hash: 72902beb858b63627946bddb77863d7b59cc287f85ec60883de2aef320a96147
Instruction Fuzzy Hash: 3ED0C9323D9301B6F93886589C23F1422109702F14F341608F367FE2D0C8D1B203890D

Function 00A2C550 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00A2C564

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: bb0a1b4e433ddbd91900da9188f62620e0e5bc3743d9c92ca46083fab29b772e
Instruction ID: af82dd4ac81fa2b381bdaf6ebeb2e213995bdaaf3b2150bdab167debbc743201
Opcode Fuzzy Hash: bb0a1b4e433ddbd91900da9188f62620e0e5bc3743d9c92ca46083fab29b772e
Instruction Fuzzy Hash: DDD0A7235A050827D504E2599C57F22732CCB827A4F504A1DE2A6C62D1D9D06A279962

Function 00A5AAA0 Relevance: 1.5, APIs: 1, Instructions: 13
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,00A5C1D6,?,00A2B2E4,00000000,00000001), ref: 00A5AABE

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 58ec2a7d66246e6656af0c1359ba01f8e8c93fc0f0524087ef31d09ca0425a82
Instruction ID: 3beaf8ac474eb1c08da494bd250a5ce2822f24ccd08ecdef75180d4e721b46a3
Opcode Fuzzy Hash: 58ec2a7d66246e6656af0c1359ba01f8e8c93fc0f0524087ef31d09ca0425a82
Instruction Fuzzy Hash: C4D01231515122EBC6115FA8FC16B8A3BA8EF09761F474965F4046F071C671DCD586D0

Function 00A5AA80 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,00A5C1C0), ref: 00A5AA90

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 09dfbb4d89dbd79f808fc91fcbf9a81825f84649b4c5fd27ed188c4bf1620ca4
Instruction ID: 570d181d7b07f7f67e7b34cb4d81c472256818a8465eee473966d70961c9dccd
Opcode Fuzzy Hash: 09dfbb4d89dbd79f808fc91fcbf9a81825f84649b4c5fd27ed188c4bf1620ca4
Instruction Fuzzy Hash: 70C09B31045120ABC6106B55FC05FC63F54EF45761F014455F54467071C7716CD6C6D4

Function 00A7820E Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00A79331

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 73a8100f84ab942b6fc3897d50b7393b4c484eaa1ae5c90394805337eaf11709
Instruction ID: 8533d37693cb97d0af228f39336dd95fa4b0820d4824c53d4faf7e2c37bacde3
Opcode Fuzzy Hash: 73a8100f84ab942b6fc3897d50b7393b4c484eaa1ae5c90394805337eaf11709
Instruction Fuzzy Hash: 2F012FB380C3159FE3045E699CC96BBBBE4DB18710F56823EED8556740F5E61C108696

Function 00A78A14 Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00A7913B

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2943146fe3829789bd26b158afad0a2704ba01ed4dc5ca4588f2fe117369c154
Instruction ID: 32a5f68d0a017f3b12ef09ff4741ce186ac8b0600bd6f3bfc50056c808513278
Opcode Fuzzy Hash: 2943146fe3829789bd26b158afad0a2704ba01ed4dc5ca4588f2fe117369c154
Instruction Fuzzy Hash: 7DD0177844860ADBCB042F34884D1AE7BB4EF08316F608A09ACA682A80D7725C208A96

Function 00A2E71B Relevance: 1.3, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 00A2E720

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: 1fff8a225426f53bcfebc3533d565c3eb2b1cfbe94507d009529b153d2daa399
Instruction ID: 84983c5b07360c7d6f6342c3ba7cd85d8a85b3da4d9569d484e80c4729d09cbb
Opcode Fuzzy Hash: 1fff8a225426f53bcfebc3533d565c3eb2b1cfbe94507d009529b153d2daa399
Instruction Fuzzy Hash: 6BC022333AA0028BE388C3B8CC2282A3338A30020A3202B2CC003C3328CC8020238C0E

Non-executed Functions

Function 00A441C0 Relevance: 24.8, Strings: 19, Instructions: 1025COMMON

Download Yara Rule

Strings

=_%A, xrefs: 00A4490C
5F6X, xrefs: 00A44C13
<[5], xrefs: 00A44902
A/6Q, xrefs: 00A448E4
pIrK, xrefs: 00A44560
#f!x, xrefs: 00A44BC3
>N@, xrefs: 00A4480A
?z=|, xrefs: 00A447D8
)Z*\, xrefs: 00A44828
6T, xrefs: 00A44D0A
8JL, xrefs: 00A44800
:JL, xrefs: 00A44BF5
-^+P, xrefs: 00A44832
)Z/\, xrefs: 00A44C1D
o#M%, xrefs: 00A448C6
%y, xrefs: 00A44D14
7, xrefs: 00A44D00
$%, xrefs: 00A44257
VaUc, xrefs: 00A4459C

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: #f!x$$%$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
API String ID: 0-2905094782
Opcode ID: 640dacda5f6ddb07c4c4a24c5f3fcc27600727e991f1a4b3da26599a4be3fcda
Instruction ID: 238efc4025c64156ce6a1dde763d701fa47d081fbd65be57ebf989ca919aeead
Opcode Fuzzy Hash: 640dacda5f6ddb07c4c4a24c5f3fcc27600727e991f1a4b3da26599a4be3fcda
Instruction Fuzzy Hash: F29286B5905229CBDB24CFA9DC887DEBB71FB85300F2082E8D4596B351DB754A86CF81

Function 00A44380 Relevance: 23.4, Strings: 18, Instructions: 948COMMON

Download Yara Rule

Strings

=_%A, xrefs: 00A4490C
5F6X, xrefs: 00A44C13
<[5], xrefs: 00A44902
A/6Q, xrefs: 00A448E4
pIrK, xrefs: 00A44560
#f!x, xrefs: 00A44BC3
>N@, xrefs: 00A4480A
?z=|, xrefs: 00A447D8
)Z*\, xrefs: 00A44828
6T, xrefs: 00A44D0A
8JL, xrefs: 00A44800
:JL, xrefs: 00A44BF5
-^+P, xrefs: 00A44832
)Z/\, xrefs: 00A44C1D
o#M%, xrefs: 00A448C6
%y, xrefs: 00A44D14
7, xrefs: 00A44D00
VaUc, xrefs: 00A4459C

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
API String ID: 0-3225404442
Opcode ID: 8389d95ac46fc0e812df784d5f73368c87caaf1518f699cd9d7bf12025497597
Instruction ID: 9d2310dda0ebd41c165f60b1f00841127e64d68a3da08236aeb59d51c4f712c3
Opcode Fuzzy Hash: 8389d95ac46fc0e812df784d5f73368c87caaf1518f699cd9d7bf12025497597
Instruction Fuzzy Hash: EB9298B5905229CFDB24CF59D8987DEBB71FB84300F2082E8D4596B351DB755A86CF80

Function 00A291B0 Relevance: 15.4, Strings: 12, Instructions: 368COMMON

Download Yara Rule

Strings

O35 , xrefs: 00A29240
bblg, xrefs: 00A2928C
ne, xrefs: 00A29209
(7.A, xrefs: 00A292DC
>7;<, xrefs: 00A291F9
", xrefs: 00A2931D
908#, xrefs: 00A291E9
w!w4, xrefs: 00A291F1
$01;, xrefs: 00A291E1
!+2j, xrefs: 00A291C9
gn~b, xrefs: 00A2927C
vm/;, xrefs: 00A291D9

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
API String ID: 0-1290103930
Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
Instruction ID: 2e41031a7fd84d4f40d2fcfd75cfa334dd9e7fb0c082f5983af1c4f695f175bc
Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
Instruction Fuzzy Hash: EDA1E37024C3D18BC316CF6994A076BFFE1AF97714F584AACE4D54B282D339890AC762

Function 00BE038F Relevance: 10.3, Strings: 7, Instructions: 1579COMMON

Download Yara Rule

Strings

Z_, xrefs: 00BE0B7F
hLt/, xrefs: 00BE1281
8Ow, xrefs: 00BE0DDE
Q!O{, xrefs: 00BE083E
a$i, xrefs: 00BE0420
a>, xrefs: 00BE10A0
)yU;, xrefs: 00BE0CA7

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: Z_$)yU;$8Ow$Q!O{$a$i$a>$hLt/
API String ID: 0-2475283535
Opcode ID: 0a15e7aa407f79823c52540c86d489dc499231283d730caac8af76c33ef4eac0
Instruction ID: da68983db1d45b973c53c809f99fa050b12bbccadb4ea148718fd254fbdceb59
Opcode Fuzzy Hash: 0a15e7aa407f79823c52540c86d489dc499231283d730caac8af76c33ef4eac0
Instruction Fuzzy Hash: 3EB2F6F3A0C2049FE304AE2DDC8567AB7E5EF94720F16493DEAC4C7744EA3598058697

Function 00BE5207 Relevance: 6.7, Strings: 4, Instructions: 1698COMMON

Download Yara Rule

Strings

I|n?, xrefs: 00BE6131
}l9, xrefs: 00BE5A95
q'ee, xrefs: 00BE640F
:c^, xrefs: 00BE6293

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: :c^$I|n?$q'ee$}l9
API String ID: 0-3072853869
Opcode ID: 38852a43a676900c2d890da51643f1ab4f7c946455c693dca08633e6bef44b4c
Instruction ID: bd8ba1de1fb4b21484aae06a88e94387eb9714dc44cb8757ffd444ce9d3e4e9a
Opcode Fuzzy Hash: 38852a43a676900c2d890da51643f1ab4f7c946455c693dca08633e6bef44b4c
Instruction Fuzzy Hash: 0FB227F3A0C2149FE3046E2DEC8567AFBE9EF94320F1A453DEAC5C7740EA7558018696

Function 00BEA3D2 Relevance: 5.3, Strings: 3, Instructions: 1550COMMON

Download Yara Rule

Strings

9?_, xrefs: 00BEAC2C
d o, xrefs: 00BEB2DF
TNw<, xrefs: 00BEA61A

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: 9?_$TNw<$d o
API String ID: 0-745345276
Opcode ID: d36a17118c72c217ddfe442738f1f07f9cb7f71f95822b22c1dfbdb6daf7fac1
Instruction ID: 6e2a6a8020c47d8ee4b51c9243ee9441cdbde0d78f094682de8dafed15ef1452
Opcode Fuzzy Hash: d36a17118c72c217ddfe442738f1f07f9cb7f71f95822b22c1dfbdb6daf7fac1
Instruction Fuzzy Hash: 68B2C1F2A0C2049FE714BE29EC8577AFBE5EF94720F16493DEAC483740E63558448A97

Function 00A3D380 Relevance: 4.2, Strings: 3, Instructions: 453COMMON

Download Yara Rule

Strings

C], xrefs: 00A3D471
|F, xrefs: 00A3D40A
34, xrefs: 00A3D46A

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: 34$C]$|F
API String ID: 0-2804560523
Opcode ID: b35ba2019fc13d8a78772b4b944bf647b7c83f3a9a6da2e3d4ffa735b1d191fa
Instruction ID: 86fd6e007fa2a97ec3a0452f6ae975c71e24f10f173a792b329c34ff87c6f1d9
Opcode Fuzzy Hash: b35ba2019fc13d8a78772b4b944bf647b7c83f3a9a6da2e3d4ffa735b1d191fa
Instruction Fuzzy Hash: D2C1DDB6918311CBC720CF28D88166BB7F2FF95314F58895CE8D58B390E778A905CB96

Function 00A4C3FC Relevance: 4.1, Strings: 3, Instructions: 311COMMON

Download Yara Rule

Strings

Hnd, xrefs: 00A4C440
yszp, xrefs: 00A4C689
A, xrefs: 00A4C51C

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: A$Hnd$yszp
API String ID: 0-2830101580
Opcode ID: 593b1a295193edf3d4e6e99df009e726f436ffce8eebe4d6f1f5bf868c0a1589
Instruction ID: 50a94b90023b0565a4d59db14220be63f3616641dee52945691807ff3f6d551a
Opcode Fuzzy Hash: 593b1a295193edf3d4e6e99df009e726f436ffce8eebe4d6f1f5bf868c0a1589
Instruction Fuzzy Hash: 81A10E7590D3908BE735CF3984603ABBBE1AFD2314F1889ADD4CD9B382D6758406CB52

Function 00A3B2E0 Relevance: 4.0, Strings: 3, Instructions: 231COMMON

Download Yara Rule

Strings

+|-~, xrefs: 00A3B306
_, xrefs: 00A3B428
/pqr, xrefs: 00A3B30E

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: +|-~$/pqr$_
API String ID: 0-1379640984
Opcode ID: be117e2fe7914e50b2689c85bea5e2e56c1496ed109725d4500490002f150535
Instruction ID: c1c0b36968444b739e96dde47e21c3211377814f96907e364771b6b4c67a8075
Opcode Fuzzy Hash: be117e2fe7914e50b2689c85bea5e2e56c1496ed109725d4500490002f150535
Instruction Fuzzy Hash: 918139556151500AD76CDF3889A333BBEE7DF84308B2D91BEC596CFB5AE938C1028745

Function 00ADD156 Relevance: 3.0, Strings: 2, Instructions: 480COMMON

Download Yara Rule

Strings

E!zX, xrefs: 00ADD2EB
v.g2, xrefs: 00ADD735

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: E!zX$v.g2
API String ID: 0-1169720415
Opcode ID: 0f75c984ded7bd6c07efc6ae44cde3aa7d88c0d789b932ebb76c5f9eb1d04560
Instruction ID: ab50ad9b5ac22937ffacd2fc0d3532eee8d7e2030b019ec55d2def96b6bfbb1c
Opcode Fuzzy Hash: 0f75c984ded7bd6c07efc6ae44cde3aa7d88c0d789b932ebb76c5f9eb1d04560
Instruction Fuzzy Hash: EEF1D0F3F142108BF3084E28DC99376B6D2EB94314F1A853DDA89AB7C4E97E9D058785

Function 00AE711E Relevance: 2.9, Strings: 2, Instructions: 439COMMON

Download Yara Rule

Strings

z -, xrefs: 00AE76AB
^Q|, xrefs: 00AE758C

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: ^Q|$z -
API String ID: 0-3590469391
Opcode ID: 80e3f1a953646702611ad61636158d57a4fb0abd504a16f6de5a948a74c0a9ea
Instruction ID: b520587e6abc738dfc07bf47f6709829b96ad36ce972243469e3329899f20570
Opcode Fuzzy Hash: 80e3f1a953646702611ad61636158d57a4fb0abd504a16f6de5a948a74c0a9ea
Instruction Fuzzy Hash: 00E1D4F3E056158BF3144E69DC9936676D3EB94320F2F823CDA989B7C4E93E99058384

Function 00A24320 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 00A24711
), xrefs: 00A2439B

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 8f27f569ed94b788945bc6fb06cac6c70d2e1d48ceaee0d20e24cda586746c60
Instruction ID: 1172ab66c6aad6c34fc14af0abf82c9f7bd6cb0b5b67cdcff412bf4ed9b1db8b
Opcode Fuzzy Hash: 8f27f569ed94b788945bc6fb06cac6c70d2e1d48ceaee0d20e24cda586746c60
Instruction Fuzzy Hash: F6D1CFB19083549FD720DF18E841B5FBBE4AF98304F14492DF9999B382D775E908CB92

Function 00AEA339 Relevance: 2.8, Strings: 2, Instructions: 274COMMON

Download Yara Rule

Strings

Pu,<, xrefs: 00AEA5A5
;, xrefs: 00AEA54D

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: ;$Pu,<
API String ID: 0-1683451193
Opcode ID: 1f5c43951a8cc351d6d46c0c2f3c303b4f3d1f1192693623f58af686f208dbb6
Instruction ID: c68ba9df7c77cf010f07a75fc597f0cdc8c7b09061f8f105f744d757ee6f39f7
Opcode Fuzzy Hash: 1f5c43951a8cc351d6d46c0c2f3c303b4f3d1f1192693623f58af686f208dbb6
Instruction Fuzzy Hash: 38919FB3F1162147F3544839CCA83A26583E7E5325F2F82788A9DAB7C9DC7E5D0A5384

Function 00A4A33F Relevance: 2.7, Strings: 2, Instructions: 211COMMON

Download Yara Rule

Strings

d, xrefs: 00A4A10D
d, xrefs: 00A4A047

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: d$d
API String ID: 0-195624457
Opcode ID: b2eadde16672952c7324c9b2259dbd1bd73142cdc2bc52b365eb54723770a877
Instruction ID: 7e12eb17e81ec4c4c68435cd38b05c4f23bec29bc25d862c96a227cbd45b9211
Opcode Fuzzy Hash: b2eadde16672952c7324c9b2259dbd1bd73142cdc2bc52b365eb54723770a877
Instruction Fuzzy Hash: 78514776948320CBD314CF68D85066BB7E2ABD9714F194A6CF8C9A7260D7329D09CB83

Function 00A45327 Relevance: 2.0, Strings: 1, Instructions: 742COMMON

Download Yara Rule

Strings

"51s, xrefs: 00A453CB

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: "51s
API String ID: 0-110016742
Opcode ID: 04c7179f0a443df73a1acf27238f7f936a8c440a09ad09b70496ec5c716340c5
Instruction ID: 9516b0baf1bb486c6fce02d11de4bbd2304be5653b524f3072b90972fb838918
Opcode Fuzzy Hash: 04c7179f0a443df73a1acf27238f7f936a8c440a09ad09b70496ec5c716340c5
Instruction Fuzzy Hash: 5E322A3AE00616CBCB28CFA8C8515BEB3B2FFC9310B59856DD442AB365DB759D42CB40

Function 00A5B1D0 Relevance: 1.9, Strings: 1, Instructions: 653COMMON

Download Yara Rule

Strings

f, xrefs: 00A5B3F1

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: InitializeThunk
String ID: f
API String ID: 2994545307-1993550816
Opcode ID: f0c5da119106ce77a5949a7636a361eef3fa228405aa2ab7768e5a465ccec8c5
Instruction ID: c6556bdbb41f22eaf269f4ff2feb5724f80b2acc8dea9dc299c112b74b304b10
Opcode Fuzzy Hash: f0c5da119106ce77a5949a7636a361eef3fa228405aa2ab7768e5a465ccec8c5
Instruction Fuzzy Hash: B312D5706183419FD714CF28D89066FB7E5BBC9326F248A2CE8D597292D770DC49CBA2

Function 00A9D391 Relevance: 1.8, Strings: 1, Instructions: 530COMMON

Download Yara Rule

Strings

Rve, xrefs: 00A9D9ED

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: Rve
API String ID: 0-2864427089
Opcode ID: 8fd7731bea6a54c3e2b606291f350a9141e19ceacba6b2902a85ac2d77b437b1
Instruction ID: 13579dd376711d2b1c1a7b218fd6b566f716be2658adaaa3030e23232c76cc63
Opcode Fuzzy Hash: 8fd7731bea6a54c3e2b606291f350a9141e19ceacba6b2902a85ac2d77b437b1
Instruction Fuzzy Hash: 87029CF3F106254BF3144939DD98366B682DBE4310F2B823C8B99977C9E87E9D0A4284

Function 00AA806F Relevance: 1.8, Strings: 1, Instructions: 526COMMON

Download Yara Rule

Strings

41|, xrefs: 00AA85A4

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: 41|
API String ID: 0-4205736079
Opcode ID: cd6eaf7eabcdbdfa78aefd25ef7c100c7226134917b463a764f045a630d9c017
Instruction ID: 61bb070f927683895a150a167b222f47dd9160f652ab15d8db69709000bf59b6
Opcode Fuzzy Hash: cd6eaf7eabcdbdfa78aefd25ef7c100c7226134917b463a764f045a630d9c017
Instruction Fuzzy Hash: 9702E2F3F156204BF3404A28DC48366B692EBD4320F2F863CCA98A77C5D97D9D0A8785

Function 00ACF26A Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

e, xrefs: 00ACF442

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: 9cd555e7eea8c19761756c4418870a7273964b4631c48725dda70cf9ecbd2978
Instruction ID: f1ae485cf0deb5ea427ebbc055580981fedda9c6cd826ddb19409ac2c441ec95
Opcode Fuzzy Hash: 9cd555e7eea8c19761756c4418870a7273964b4631c48725dda70cf9ecbd2978
Instruction Fuzzy Hash: 21E1D2B3E141208BF3549E68CC943A6B692EB94320F1B463DCE8CA77C4E97A5D0587C5

Function 00A773A8 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

NTDL, xrefs: 00A77B5B

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: NTDL
API String ID: 0-3662016964
Opcode ID: e4831ade9a55d5ae8471fbce1bd86db9cd5d7a3ab5abe8370bb86c6a7373da07
Instruction ID: 59a030b1d79e8445e6f93da488ea4301bbd3066de649c4e6a7bcea75bc7c4cd1
Opcode Fuzzy Hash: e4831ade9a55d5ae8471fbce1bd86db9cd5d7a3ab5abe8370bb86c6a7373da07
Instruction Fuzzy Hash: 4DD126B290C20E8FDB05CF25C8444AF7BF1FB9A330F24C52AD84997A52D6724D51DB49

Function 00B713A9 Relevance: 1.6, Strings: 1, Instructions: 361COMMON

Download Yara Rule

Strings

m*, xrefs: 00B71861

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: m*
API String ID: 0-382546180
Opcode ID: 0930e5f1953148f6db237cdc6d9e0bbe54e033003e2f1ce9365f43d9196c49c7
Instruction ID: fdcf8b0433108bb173caddca775e5b4565bc94167d049ca0a950980e85af7f0a
Opcode Fuzzy Hash: 0930e5f1953148f6db237cdc6d9e0bbe54e033003e2f1ce9365f43d9196c49c7
Instruction Fuzzy Hash: A5C1CCF3E156154BF3445E28DC94376B792EB94320F2F813C9A889B3C5EA3E9C058685

Function 00A28330 Relevance: 1.5, Strings: 1, Instructions: 291COMMON

Download Yara Rule

Strings

., xrefs: 00A28389

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 6dab6e063ea537ca9259510e2e3814189c1f2daf827822152337f0b68bf495c1
Instruction ID: 9784e57369633d4a3be40744fb4150a65fc66a90ee444da34e2a1ef8c8fca77d
Opcode Fuzzy Hash: 6dab6e063ea537ca9259510e2e3814189c1f2daf827822152337f0b68bf495c1
Instruction Fuzzy Hash: 95913971E092624BC721DF2DD88025AB7E5AB81760F188A79F8D5DB395EA38DC418BC1

Function 00AFF0B6 Relevance: 1.5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

Strings

i, xrefs: 00AFF332

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: i
API String ID: 0-3865851505
Opcode ID: 9198ec75cf53b3a206d8fc4b456b2b34821cdca9f343ca74a7549678f169dd83
Instruction ID: c2fd2b7b338b10bd64a0aadbfad701ace746dff2496d418df2ec93f04ca79b51
Opcode Fuzzy Hash: 9198ec75cf53b3a206d8fc4b456b2b34821cdca9f343ca74a7549678f169dd83
Instruction Fuzzy Hash: 22A1AAB3E1053547F3684979CD193A2A6829B91310F2F827C8F9DBBBC5D87E9D0992C4

Function 00B03290 Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

#Wdl, xrefs: 00B034D9

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: #Wdl
API String ID: 0-3215287337
Opcode ID: e4135ebf816b25c5f5ce4c4aad93e58ff8393692ce9fee6f468be1073ff87728
Instruction ID: ea9f4707e2b47b8917b00d6bc506ce4455b6c5b8eaa5154574feebdf3939c3d7
Opcode Fuzzy Hash: e4135ebf816b25c5f5ce4c4aad93e58ff8393692ce9fee6f468be1073ff87728
Instruction Fuzzy Hash: F19179B3F115248BF3544E29CCA83A17693EBD1314F2F42788A8D6B7C4D97E6D0A9384

Function 00B6D039 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

1, xrefs: 00B6D14E

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: 522eba1a6dfb4fcec9f81212e9e955a0121b82397ec0db3933e82311ac4127b5
Instruction ID: 13cecfa02f5f37ab3770e63d1e8a59872fc0cacedd3aebe9d05564312f69ac6b
Opcode Fuzzy Hash: 522eba1a6dfb4fcec9f81212e9e955a0121b82397ec0db3933e82311ac4127b5
Instruction Fuzzy Hash: 35816CB3F1162547F3604E64CC943A27693EBD5321F2F81788E886B7C5D97E6D0AA384

Function 00B5218D Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

B, xrefs: 00B5231B

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: 49f9b624c9378b9ff54cc00ef8bae00922d9541de1624ed94eb164e97dfee9ec
Instruction ID: 1c6f9ab282844662abea5c42984127dbd6477d112968ff83f9295f079a5c3078
Opcode Fuzzy Hash: 49f9b624c9378b9ff54cc00ef8bae00922d9541de1624ed94eb164e97dfee9ec
Instruction Fuzzy Hash: 35814CB3F115244BF3544D29CC483627693ABD5311F2F82B88E8C6B7C9D97E6D4A9384

Function 00B4A254 Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

d&p, xrefs: 00B4A310

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: d&p
API String ID: 0-760643521
Opcode ID: 9e856ea5fb9dcd61c457216feaf1e945fef914521bc5d91858193817a6c83788
Instruction ID: 430e52ab0615a496d8751af7340b812dabff54f202f5793cb9caa51631a097bd
Opcode Fuzzy Hash: 9e856ea5fb9dcd61c457216feaf1e945fef914521bc5d91858193817a6c83788
Instruction Fuzzy Hash: 318148F7E1062547F3640D28DC983A272829BA4325F2F42788E8C6B7C5E97F5E0593C8

Function 00A4B170 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

", xrefs: 00A4B36E

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
Instruction ID: 09608b7a73fc1b69ad919bd07e1b9df53d8cd1e73a3de0d4883c0c5ba361cd17
Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
Instruction Fuzzy Hash: 5971063AA283158BD714CF7DC48036FBBE2ABC5710F29892DE4949B391D374ED4587A2

Function 00AB924E Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

;, xrefs: 00AB92D2

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 58f98f4f4c767841251af5d74cc16927abf0d1fb0818ced8a07b2c4b0265bb83
Instruction ID: 0808c4bc69cc15710ae4ed1eb8b5169b75f8942c6797ff4570c7b5664fbb7c6a
Opcode Fuzzy Hash: 58f98f4f4c767841251af5d74cc16927abf0d1fb0818ced8a07b2c4b0265bb83
Instruction Fuzzy Hash: C75146B3F116254BF3584E25CC943A27253EB95325F2F817C8A896B3C5DA7F2D0A9384

Function 00AE5125 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

4, xrefs: 00AE5230

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: c6bab2cc55e42f1829a3b9b9c0f3250c1b0ec03c7112e2d67c877a87c5e672b3
Instruction ID: 440fcff42bdc85a14e29990ffbea6a4c584a47f3b2b5e18cb4600a63581bab15
Opcode Fuzzy Hash: c6bab2cc55e42f1829a3b9b9c0f3250c1b0ec03c7112e2d67c877a87c5e672b3
Instruction Fuzzy Hash: 035158F3F1152547F3584928CDA83A26643D7E5325F2F827C8E892B7CAD87E5D0A5384

Function 00A274F0 Relevance: .6, Instructions: 611COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
Instruction ID: 2402cb6d2ac7f818c8403f30694f4388a0e12390b5ea8043fb3835f3906fb4e3
Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
Instruction Fuzzy Hash: C712A332A0C7218BC725DF1CE9816AFB3E1FFC4315F19893DD98697285D734A9518B82

Function 00A3148F Relevance: .6, Instructions: 607COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2f7746ae5ef268769063b26e3f7d913527d411fde01336d3deb48b62b7edc9
Instruction ID: 8710c570ed354fb7dcf26706adf92a4eb9626b0e13c39aa722e97d1363b4cb92
Opcode Fuzzy Hash: 8a2f7746ae5ef268769063b26e3f7d913527d411fde01336d3deb48b62b7edc9
Instruction Fuzzy Hash: EB32D6B5A09B408FD714DF38D59536ABBF1AF59310F188A3DE4EB87382E635A505CB02

Function 00A491DD Relevance: .5, Instructions: 549COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e22f57e948af58a77a08a750d63c4eeec5eb5b8436dd9f0e664c75f6ecbe7193
Instruction ID: 6720851733bc1e872a0ff450a08c38079da3758a00ba1ef2ae2196a6f1114a0b
Opcode Fuzzy Hash: e22f57e948af58a77a08a750d63c4eeec5eb5b8436dd9f0e664c75f6ecbe7193
Instruction Fuzzy Hash: CFF137B5E003258BCF24CF68C8516ABB7B2FF85310F198199D896AF355E734AC52CB91

Function 00B250D9 Relevance: .5, Instructions: 547COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a83cb0e448fe53badee3ba6426376dcfc21be4ae105f095d7b3935bd7dd8921
Instruction ID: 28771341c5512caae5cf37f6b7a4bb628ae518d5cc361c5c7f36f94c483fcdd1
Opcode Fuzzy Hash: 5a83cb0e448fe53badee3ba6426376dcfc21be4ae105f095d7b3935bd7dd8921
Instruction Fuzzy Hash: 0E026AF3F61A6547F7644838DD883A21983C7A5324F2F42B48B5C9B7C6D8BE8D4A4385

Function 00B55156 Relevance: .5, Instructions: 511COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cfa38fdd508c1683a3c0f3d08b45fde5d3db9d5764f860f25a6e436b63f3fb2
Instruction ID: 6c927d5493bcc6bfc9c4f73c2350a4c5be2b52db1f682d6015adbcf10978a8ec
Opcode Fuzzy Hash: 4cfa38fdd508c1683a3c0f3d08b45fde5d3db9d5764f860f25a6e436b63f3fb2
Instruction Fuzzy Hash: DAF1EDF3F042204BF3584929DC98366B696EBD4324F2B423DDF89AB7C4D97E5D068285

Function 00A35220 Relevance: .4, Instructions: 436COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fda072d44f02f7dbc09c4934e249f8c26c29a568646a272aa7f6ac7a10ca360
Instruction ID: 99c06512fabbed5e376694432e3a3da03379d5479904a7ed5f70d8147e77636b
Opcode Fuzzy Hash: 8fda072d44f02f7dbc09c4934e249f8c26c29a568646a272aa7f6ac7a10ca360
Instruction Fuzzy Hash: 7AD126B19097109BD324DF28D851AABB3B5FF96350F184A2DF4C98B3A1EB749941C783

Function 00A431C2 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6faa939ded870a37c1988892e901e954c128acb4d87f4a432102f88c8a09539a
Instruction ID: 363f60c09ccf618b11fe588064545bafac61b7c375688731ae8c817fec7ed0f2
Opcode Fuzzy Hash: 6faa939ded870a37c1988892e901e954c128acb4d87f4a432102f88c8a09539a
Instruction Fuzzy Hash: 1DD1E176A01216CFDB18CFA8DC51AAE77B6FB8D311F1A8568D841E7394DB70AC12CB50

Function 00B38196 Relevance: .4, Instructions: 409COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62bccdf128e574f877023be8bee35b63a2a82775553ec9b78ce8ac6a8cc63626
Instruction ID: 1bd98e0bf1fd1b9e92de4d99cebb2899e2a9e6c5e1a9ba771b117dca2e4ffaa5
Opcode Fuzzy Hash: 62bccdf128e574f877023be8bee35b63a2a82775553ec9b78ce8ac6a8cc63626
Instruction Fuzzy Hash: 24D19EF3F046144BF3144E29DC95366B6D2EBE4320F2F853D9A88977C5E97E98098385

Function 00B251C6 Relevance: .4, Instructions: 409COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 334101e741367afdc33f600e54975f5348b8a7fab94e3fb39c073560d79073af
Instruction ID: d1be2766e84d4d95a7409525762b6c183616017d62f3010e726c0d89c02a7272
Opcode Fuzzy Hash: 334101e741367afdc33f600e54975f5348b8a7fab94e3fb39c073560d79073af
Instruction Fuzzy Hash: D0D16DE3F61A654BF7640438ED893A51983C7A5320F2F4674CB6C9B3C6D8BECD4A4249

Function 00A36263 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3d8b34154bc2e4399a6a86307b0b51473ae32718d74a9b0eee533550addb557c
Instruction ID: 0aa809bcff6806a4043620587bb10f4e6e1f50cc03f813cce7d3b1a60d1d043d
Opcode Fuzzy Hash: 3d8b34154bc2e4399a6a86307b0b51473ae32718d74a9b0eee533550addb557c
Instruction Fuzzy Hash: 6EC14772608341AFD724CF68D8817AFB7E2EB95310F19892DF4C9C7292DB749845CB92

Function 00B2C1F1 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c01a5b203bd59823ed78286266197d8353c22e6945a8ffc27cc8e7b42908e34
Instruction ID: 8a6b06ea039f910cdbc3f139170358e12ed861f39e44bdb136be8b8d99fff8d1
Opcode Fuzzy Hash: 9c01a5b203bd59823ed78286266197d8353c22e6945a8ffc27cc8e7b42908e34
Instruction Fuzzy Hash: 8FD122F3F042148BE3145E2DDC98366BAD6EBD4720F2B423CDA98977C4E97A9D058385

Function 00AD6040 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bfee02038b1e02ce1f6c90ec55559b9cb60b7e1b503352066543e6954b26157
Instruction ID: 1992c4c709fe0252bd75d99d3de3bc1d3d40639dd88a73a4a50dfbbb9df6ce1f
Opcode Fuzzy Hash: 1bfee02038b1e02ce1f6c90ec55559b9cb60b7e1b503352066543e6954b26157
Instruction Fuzzy Hash: 75D177B3F112254BF3984879CC983A26583DBD5314F2F82388F49ABBC9DC7E5D0A5284

Function 00B4E24F Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91d6cdf327e0ec038dd2843603422571cb10054e08bd02a07b9f56d6192f4aba
Instruction ID: 8713c66d1ac1a2f62413a4b2532a80539b2048e0470c79508b2ca407b2d8fb39
Opcode Fuzzy Hash: 91d6cdf327e0ec038dd2843603422571cb10054e08bd02a07b9f56d6192f4aba
Instruction Fuzzy Hash: B4D1BDB3F516254BF3404979DC883A26683EB95320F2F82388E689B7C5DD7E9D0A5384

Function 00B444C3 Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfd56806e5e2a1adff54abfc34397a4185bde33b769fa5204cbb7ae75b44130f
Instruction ID: a3ca18db1859de74d58f1a0d09bf507e466dd7803db83daa43663802f73d4ca3
Opcode Fuzzy Hash: bfd56806e5e2a1adff54abfc34397a4185bde33b769fa5204cbb7ae75b44130f
Instruction Fuzzy Hash: 9FD179F3F106254BF3540939CD593626683DBA1315F2F82788E8CABBC9D97E9D0A5384

Function 00ABB48F Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80065fc2bc2c2517db243f745d4d0c931bb8510a7e5f530dd4e4b0a246bc8bd6
Instruction ID: 6d410693d732095090917ec4688a1efc6f9421fa4d6b58734bd28d3b18460ceb
Opcode Fuzzy Hash: 80065fc2bc2c2517db243f745d4d0c931bb8510a7e5f530dd4e4b0a246bc8bd6
Instruction Fuzzy Hash: B7C18BF3F6062547F3544878CD983A26682DB94325F2F82388E5CABBC5D87E9D0953C4

Function 00B1F0F9 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a936577c8ba6e887898b6dd6168b33c7dd638cc9e50447e93c77220474b893b9
Instruction ID: 8edb478c0cc3c081823aedc3f92f1a27abc385aa45e1800afb051aa944d6567d
Opcode Fuzzy Hash: a936577c8ba6e887898b6dd6168b33c7dd638cc9e50447e93c77220474b893b9
Instruction Fuzzy Hash: 4BC149F7F1152547F3584829CC58362A683ABE4325F2F81788B8D6BBC5EC7E9D0A5384

Function 00A5F330 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e60aefb057f579464bd7b960fc61e62e78594b70fc341b62a3fc4ee6d01d810c
Instruction ID: 567028c4618106e63e0188f4a38ce20d4ad81c7f3af0ebad7a360c9ace6144d2
Opcode Fuzzy Hash: e60aefb057f579464bd7b960fc61e62e78594b70fc341b62a3fc4ee6d01d810c
Instruction Fuzzy Hash: C9B1F336A083528FC724CF28D48056BB7E2BB99711F19857CEE869B365E731DC45C781

Function 00B65044 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c14d84761cbcadb86dd7fdc3822a7d5a2a1febb6a35d7d19c3a693a90b8cef
Instruction ID: 7d7e4e0d2ed06e8e88a169a7033f3b7314090f4c1983dffe0790c444e3833759
Opcode Fuzzy Hash: 37c14d84761cbcadb86dd7fdc3822a7d5a2a1febb6a35d7d19c3a693a90b8cef
Instruction Fuzzy Hash: 05C16AB3F116254BF3684928CD983A26683DBD4324F2F82788F8D6B7C5D87E5D469384

Function 00B4B4AC Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e76a3f726cb8a9b11e952063292ed8bb63ffff10fd4714675cbbfe67a8f7580
Instruction ID: bc7f7034fc007738d9786b20842a03a4b9665ceb7ddf26335e60e5e04069d8b0
Opcode Fuzzy Hash: 7e76a3f726cb8a9b11e952063292ed8bb63ffff10fd4714675cbbfe67a8f7580
Instruction Fuzzy Hash: 7CC19EB3F5162547F3544C79CC983A26683DBD0325F2F82788E986BBC9D87E9D0A5284

Function 00A452DD Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9ce9ff31feeb5c52cb515903768fbac3ebaff0c6413fd4541d14d958514a3c
Instruction ID: 7ed11e3c439b1f8e12c58376a1eed54dda0da9780336214dea8033844336eb18
Opcode Fuzzy Hash: 9f9ce9ff31feeb5c52cb515903768fbac3ebaff0c6413fd4541d14d958514a3c
Instruction Fuzzy Hash: BBB1F77AE04215CFDB18CFA9C8516AEB7B2FFC9310F58816DD446AB355D7355842CB80

Function 00AD3056 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94a18899b13d45cf7801a1a006b61ab00ac54558f870010ef7a027389976ed01
Instruction ID: 05ef90c5c2c55e810d15a1723186b2e416d3c39295afce5eb891cca3f414f324
Opcode Fuzzy Hash: 94a18899b13d45cf7801a1a006b61ab00ac54558f870010ef7a027389976ed01
Instruction Fuzzy Hash: C7C177F7F116254BF3484929CC983A22683ABE5324F2F82788F4D6B7C5D97E5D0A5384

Function 00B1C367 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 645c2d2bd0849ccb55e3009a2f73d12219e88a842462dd448cd9097abe84ef1d
Instruction ID: 64a947211144db548522093d6b319b0bca51b10eabd4b172bc360c25fd840dc1
Opcode Fuzzy Hash: 645c2d2bd0849ccb55e3009a2f73d12219e88a842462dd448cd9097abe84ef1d
Instruction Fuzzy Hash: 59C188F3F5162547F3540829DC983926683DBE4325F2F82788F48AB7CAD87E9D0A5384

Function 00AC04DB Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3daa7a2b46b66b8cb04413816f5bda09ffe3a29e50e7460d2312d131c54338a1
Instruction ID: 5c7dcc5c172c53db11ab8b59b1565ff3bc3597d1ec777b252a8415259ef77d99
Opcode Fuzzy Hash: 3daa7a2b46b66b8cb04413816f5bda09ffe3a29e50e7460d2312d131c54338a1
Instruction Fuzzy Hash: 4FC17AF7F503224BF3544978DD9836225839BA5321F2F82388F989BBC9DC7E5D0A5284

Function 00B4F05D Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cad53bd6a84e6a890933b7cbe9425f876df5f61492e120a7422617d3e93929c1
Instruction ID: cce6df19a3713107442d8690cdc6a96e538611c92b1821ef63743884c598eab8
Opcode Fuzzy Hash: cad53bd6a84e6a890933b7cbe9425f876df5f61492e120a7422617d3e93929c1
Instruction Fuzzy Hash: FEC19BB3F1152147F3540929CCA83A26683EBD5325F2F82788E8D6BBC5D97E5D0A93C4

Function 00AC3235 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 713c3f6bd9b5139d492f5cc34e8b82a73117ae911a9f0d9359e8f06cb7da52f9
Instruction ID: 7400c8a4032971e164ee5f36f76c43c4c8ce94d8d2fadcd8ebc6dbac2d92ebc7
Opcode Fuzzy Hash: 713c3f6bd9b5139d492f5cc34e8b82a73117ae911a9f0d9359e8f06cb7da52f9
Instruction Fuzzy Hash: 3AC1BCF3F116244BF3944969DC9836266839BE5321F2F82788E9C6B7C5EC7E5C0A52C4

Function 00AD9192 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32446d81247539cc58806e044e6dd680dba48eadb6e8623dcd6cbf1745f70789
Instruction ID: 834b13d7ca871c601a9252dea04280ce55ba692f3c396994acffbce802fe25d0
Opcode Fuzzy Hash: 32446d81247539cc58806e044e6dd680dba48eadb6e8623dcd6cbf1745f70789
Instruction Fuzzy Hash: EEB1ACF3F1062547F3544C78CD983A2A582E794325F2F82788E5CABBC5D87E9D0A52C4

Function 00A42190 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c50d0803017efc30f25039b5e29d3eede2e1f4659c42a90a2b5c9a3baf411df
Instruction ID: dba19a5c1cadd4cd1f97db747897ce8bfb46d396b424425828ffa08d7fce9719
Opcode Fuzzy Hash: 2c50d0803017efc30f25039b5e29d3eede2e1f4659c42a90a2b5c9a3baf411df
Instruction Fuzzy Hash: 1C91FFB6A043119BD7249F24C892B7BB3B5EFD1318F48482CF9869B381E775E904C766

Function 00B0C140 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9e29ff9e28319d76b86a06afcda0a6dfce77c0faae0d4933a4a62fc55bbad9f
Instruction ID: d284bce53165982bc5597cd24f3e0f15d8e74972775068486897b56f3b94e140
Opcode Fuzzy Hash: c9e29ff9e28319d76b86a06afcda0a6dfce77c0faae0d4933a4a62fc55bbad9f
Instruction Fuzzy Hash: BEB19AF3F116154BF3504929CD483626A83ABE4325F3F82788A9C6BBC9DD7E5D0A5284

Function 00AEF287 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7926e4e6429ae37fe11ca042f5c43eec56080975aa40c1f436df02894f6b6295
Instruction ID: 6257ea1226efe2e1f545ff6bcc2f921d483810dbaed3835e8951e57b85eac1ca
Opcode Fuzzy Hash: 7926e4e6429ae37fe11ca042f5c43eec56080975aa40c1f436df02894f6b6295
Instruction Fuzzy Hash: 85B18BF3F1062547F3480969CCA93A26683DBA5325F2F42388E5DAB7C5ED7E9C064384

Function 00B752DC Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be98943b8b456e3fc07068149ff08a6d800581910b70623090b29f06f470244
Instruction ID: 8d66a4ee21c36b7e70d04b3cf28e5700646f6b7dd62136822b825729a8eb0750
Opcode Fuzzy Hash: 8be98943b8b456e3fc07068149ff08a6d800581910b70623090b29f06f470244
Instruction Fuzzy Hash: 4EB158F3E1162547F3644928CC983626683ABA0325F2F82788E9D6B7C5E97E5D0653C4

Function 00B6C0E7 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32256687f2cc6eec1e30dc8dbb0961c7d7184501a71f59feaae65dfd3e8408da
Instruction ID: 849f749e97fc59063c14397794d5eab9aa5eea94ff95a9dcef3711ae93db4418
Opcode Fuzzy Hash: 32256687f2cc6eec1e30dc8dbb0961c7d7184501a71f59feaae65dfd3e8408da
Instruction Fuzzy Hash: CCB17DF3F1162547F3944938CC983A26583ABD5324F2F82788E9CAB7C5D97E9D0A5384

Function 00AC212C Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a51d6d472d94cbc8b0e5dede417ee798832adf4c3f15c73cac42759f0fc7f026
Instruction ID: cdd79c37961d43d12bb2e635b24cd06e75fe6d91a58e8de788d3b411d90b65b1
Opcode Fuzzy Hash: a51d6d472d94cbc8b0e5dede417ee798832adf4c3f15c73cac42759f0fc7f026
Instruction Fuzzy Hash: 8FB17BF3F111244BF3544939CD583A26683EBD5325F2F82788B596BBC9D87E5D0A4384

Function 00B004CF Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25813ef9db87c0ebcb2b7e46975e1b51e16905303d6db570f277d1206a701be
Instruction ID: 10b0d1c25372d228334842f4cd424a5a951211e0022b4a409f0d2e0ecb889ba5
Opcode Fuzzy Hash: f25813ef9db87c0ebcb2b7e46975e1b51e16905303d6db570f277d1206a701be
Instruction Fuzzy Hash: BCB18DB3F1063547F3644878CD98352A6929BA4324F2F82788E9CBB7C5E87E5D0983C4

Function 00B7A2C6 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ef3092057896cd94b6c13999cac46ed705ad5e6a326f77bf4ce4a5d156f512b
Instruction ID: 8bdca343705dbffe0b62f74deba4dd07caaca7c201d6f5d6e545d81687151dbf
Opcode Fuzzy Hash: 8ef3092057896cd94b6c13999cac46ed705ad5e6a326f77bf4ce4a5d156f512b
Instruction Fuzzy Hash: A7B18CF7F1162147F3584929CCA83626683D7E4325F2F82388B59AB7C5ED7E9D064384

Function 00B24032 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54834ac93eb846e6281aec5c9a837910c26d59863215ddc357b21309c36f365
Instruction ID: a0e946aca4e2849dd1348a41034a51621f2590b60ff21b43f29f4733255b1ab1
Opcode Fuzzy Hash: d54834ac93eb846e6281aec5c9a837910c26d59863215ddc357b21309c36f365
Instruction Fuzzy Hash: 58B18BF3F1152147F3544929CC583626283ABE5325F3F82788A9C6BBC9DD3E9D065384

Function 00B531C1 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72d1020e1012abd81be7b6bd01ce6043c31049f5f24bc479c822f25183042577
Instruction ID: 9f33aff4a01793f8bd18674cc1d7ac1a92e4847982a3516b360a6f87ac799f62
Opcode Fuzzy Hash: 72d1020e1012abd81be7b6bd01ce6043c31049f5f24bc479c822f25183042577
Instruction Fuzzy Hash: 1FB18AB3E116254BF3544938CC983A276839B91325F2F82788E9C6B7C5ED7E9D0A52C4

Function 00B010E8 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeffe89300b37f574a5bc5d5bcea61ae44fbb422744c37eadf32ea1a13cfb20c
Instruction ID: 429eefd3ff417863e5a7a8bcacfb7275c2a336325c9a08f11c32a91392737b70
Opcode Fuzzy Hash: eeffe89300b37f574a5bc5d5bcea61ae44fbb422744c37eadf32ea1a13cfb20c
Instruction Fuzzy Hash: D9B148E3F1162547F3584929CCA83A26283DBD5315F2F82788B59ABBC9DC3E5D0A5284

Function 00AF6243 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 345dba499eac2fd03a4cbe65e8081da276f493186526b07ab39c89e80d83ab95
Instruction ID: 9fd83c85667ee4800801284d8e04f27f531e9dfd2c1e0fdfb5586cce1b64e807
Opcode Fuzzy Hash: 345dba499eac2fd03a4cbe65e8081da276f493186526b07ab39c89e80d83ab95
Instruction Fuzzy Hash: 9FB199B3F115254BF3584928CC683A266839BD5324F2F82788E9CAB7C5DD7F9D0A5384

Function 00AA929E Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31cef85adfbf61840755bfff80c46a0b390996fa26c2b2bb22b14ecc81fb89a6
Instruction ID: 0d9e9ebe24b852c5873af0e3abd865affab0cbe21b4c9278b8c29b14e2d27389
Opcode Fuzzy Hash: 31cef85adfbf61840755bfff80c46a0b390996fa26c2b2bb22b14ecc81fb89a6
Instruction Fuzzy Hash: 84B16AB3F1262547F3584829CD683626683DBD4321F3F823C8A996BBC9DD7E5D0A5384

Function 00AA73E9 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b8736e0db61e37ffe93c9c9e4f2a6a1e807d39024dae113d7a9bc088e98a0f
Instruction ID: 6c0f6a2661a970fe02cae863756fbbc31bc66277de87336f605d8ac4b66e787f
Opcode Fuzzy Hash: 94b8736e0db61e37ffe93c9c9e4f2a6a1e807d39024dae113d7a9bc088e98a0f
Instruction Fuzzy Hash: 47B192B3F1162547F3544E68CC943627293EB95325F2F82788E48AB7C5D97FAC0A9384

Function 00AE8195 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ffab3a3f78becb6b597927fd98256e59be79ef037463e04a9a2b71ba9d0966a
Instruction ID: 59cb7cb8f5ca6c0d83d65220f25bebd72d66c7b805806502ead4b78f1fcf740f
Opcode Fuzzy Hash: 1ffab3a3f78becb6b597927fd98256e59be79ef037463e04a9a2b71ba9d0966a
Instruction Fuzzy Hash: 18B1ADB3F1062547F3144E28CC983A27293DB95324F2F82788E58AB7C5DD7E9D4A9384

Function 00B40104 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75a261a8014d14ce9a51b2819943da7ec3e53162dac6bed1a322c96457e9fe2b
Instruction ID: d30656cfc5af9deb7ff2499923190d5d1b7c3c9c6c9091699fe44c6004609efb
Opcode Fuzzy Hash: 75a261a8014d14ce9a51b2819943da7ec3e53162dac6bed1a322c96457e9fe2b
Instruction Fuzzy Hash: 45B1AEB3F616244BF3544969CD983A23683DBD4311F2F81788E8C6B7C9D87E5D4A9384

Function 00B3227F Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d68d0133846c6cb0afdf77c82212936d5441f04afcc7669f044ab9308df4d9
Instruction ID: be3123a7351fdb6d6dd4955ed5e9a974f3b9d1c2175b6f7cdd7eca6dcc508db4
Opcode Fuzzy Hash: 54d68d0133846c6cb0afdf77c82212936d5441f04afcc7669f044ab9308df4d9
Instruction Fuzzy Hash: A0B199F3F1162447F3544D68DC983627293EBA4325F2F82788F586B7C9D97E5D0A8288

Function 00A26280 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
Instruction ID: 897fc33007368441dbb38391aaf96414d071feef91158c7cc80487d5f6a55b61
Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
Instruction Fuzzy Hash: 56C158B2A087518FC364CF28DC96BABB7F1BF85318F08492DD1D9C6242E778A155CB06

Function 00B2A257 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be0ea0e0f564248b10d697974a3ccbe499d6bc3e20f43af6f92001cc67ad76b
Instruction ID: d55ab3bc06d86b375454a6d0d5835d35b965026f18cf512547111a863f687508
Opcode Fuzzy Hash: 8be0ea0e0f564248b10d697974a3ccbe499d6bc3e20f43af6f92001cc67ad76b
Instruction Fuzzy Hash: 36A1BCF3F516214BF3444938CC983A23683DB95315F2F82788B59AB7C9E97E9D095384

Function 00A4830D Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf16f5f75d84606b0c6c5244b6252cae22e43e94bb070c108075fd381b449ca4
Instruction ID: b830eafa20e042c26761a5221c6d553f04a1fe2f3a1c1ba34058fcb05914094d
Opcode Fuzzy Hash: bf16f5f75d84606b0c6c5244b6252cae22e43e94bb070c108075fd381b449ca4
Instruction Fuzzy Hash: 12916D7665470A4BC714DE6CEC9066DB2D2ABC4210F0D463CE9958B386EF78ED0587C1

Function 00B562B4 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d3af5f34c1c430d920a122bcaf3ee9257e1748fc0cf50b82d0bcc7c7fbb432
Instruction ID: 313c0c788ec9dab792e1b29aae093ba1179042401ac955b98999964c62894775
Opcode Fuzzy Hash: 51d3af5f34c1c430d920a122bcaf3ee9257e1748fc0cf50b82d0bcc7c7fbb432
Instruction Fuzzy Hash: E3A18DB3F1062547F3548939CC983A26683DBD5324F2F82788E986B7C9DD7E5D0A9384

Function 00B54018 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fb4a790ebef031d7158961a0217d4728f4f792685fca48943244dc280c2e271
Instruction ID: ca370bf57b763130659d9bcaa230f1bc7618bd5ed955bf0b2d23e33f8d0bb107
Opcode Fuzzy Hash: 6fb4a790ebef031d7158961a0217d4728f4f792685fca48943244dc280c2e271
Instruction Fuzzy Hash: 7AA189F3F1162547F3540839DD583A269839BE5325F2F82788E5CAB7CAD87E8D4A4384

Function 00ACE1D5 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1dd895473de6d73acb599423f5bbe5abff184d0d021b3c146268d3f442edff
Instruction ID: 4c03910564b0ea8ec2b468c5a5ab60b4170e73c9e5cb7af9495006d1afc5e531
Opcode Fuzzy Hash: ac1dd895473de6d73acb599423f5bbe5abff184d0d021b3c146268d3f442edff
Instruction Fuzzy Hash: FDA149B3F116248BF3544D28CC943627293EBD5321F2F82788E986B7C5D97E6D0A9384

Function 00B760A9 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ac90e2b8181b9878736a5722ab69a7a9e98e4704b52e3fa0965c7b3785c0c9
Instruction ID: f889d8a06522a51d66ef1bcd15fd9928fd881ada48f600fb8f8a135a96e256db
Opcode Fuzzy Hash: 88ac90e2b8181b9878736a5722ab69a7a9e98e4704b52e3fa0965c7b3785c0c9
Instruction Fuzzy Hash: 92A1AAF3F2163547F3544838CC983A26682A795320F2F42788E5C6B7C6D87E9D0A93C8

Function 00AC833A Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df544dffd68607447832d1068e1bf8e5d7a6825a30c8fd894d69d46b0f6cb83
Instruction ID: 6345a67406e8d60b9ec265c2af15339359b4c571f609800f9ff2d843f0afb6a5
Opcode Fuzzy Hash: 1df544dffd68607447832d1068e1bf8e5d7a6825a30c8fd894d69d46b0f6cb83
Instruction Fuzzy Hash: FFA19CB3F116254BF3444979CC983A22683DBD5315F2F81388F886BBC9DD7E9D0A5284

Function 00B3446C Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d6420da4ea1e5ca3186753353c0015a00c25d523b19183af663f320557f700
Instruction ID: 87fbda2bd27f838be9fb96bf54be32bd5d0e692dbed8009ff113b7f5b315ce23
Opcode Fuzzy Hash: 54d6420da4ea1e5ca3186753353c0015a00c25d523b19183af663f320557f700
Instruction Fuzzy Hash: 0DA16CB3F1122647F3544978CC583A2A6839BE4325F2F82388E5CAB7C5DD7E9D0A52C4

Function 00B77285 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94ab75f67d613800cbf2b7437f5d0deb4a9b1c4640c220d0bcb05b2f40c1d125
Instruction ID: f5d4ffbb8efb6f3902e7d18a9f568e013b9a904d7382ae0495cb5d44d422687c
Opcode Fuzzy Hash: 94ab75f67d613800cbf2b7437f5d0deb4a9b1c4640c220d0bcb05b2f40c1d125
Instruction Fuzzy Hash: 0EA14AB3F116254BF3544D68CC883A2B653AB95311F2F82788E4C6B7C5D97E9D0A93C4

Function 00B662FF Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a42d536c33f2a65c3307f7a48eec7a7db052abb4e80f5970a5012ea3d064cadc
Instruction ID: 9e8cc32e6609dbcdf3b96ad00f741fe0bd52a567e3a82493e4d518dbe331a5d4
Opcode Fuzzy Hash: a42d536c33f2a65c3307f7a48eec7a7db052abb4e80f5970a5012ea3d064cadc
Instruction Fuzzy Hash: 67A167B7F106254BF3544978CD9836266839BA4325F2F82398F8DAB3C5DD7E5C0A5384

Function 00AE623A Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60a982bf0afccd1e7ce3df6ce28d5a69ce2f82b2354b83c620f105755f567cd0
Instruction ID: 7acb5487cb1d9dd45d58ea6a41939882dc29045a166e13642279468aeac02490
Opcode Fuzzy Hash: 60a982bf0afccd1e7ce3df6ce28d5a69ce2f82b2354b83c620f105755f567cd0
Instruction Fuzzy Hash: D8A17DB3F616254BF3544D38CD483A17683DB91321F2F82788E8C6BBC9D87E5E0A5284

Function 00AC0017 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6235680d023feebfccc737b80eef0491bfadf71a5cf95625aafef9c6b3cf2e4e
Instruction ID: 84d3faa0b4a233aab9f9724ef2ba8f4357e08b347fca40f31f516e76c8bd8b04
Opcode Fuzzy Hash: 6235680d023feebfccc737b80eef0491bfadf71a5cf95625aafef9c6b3cf2e4e
Instruction Fuzzy Hash: C2A1ACF3F1162547F3540968CCA836265839BE5724F2F82788E6CAB7C6DCBE5D0A42C4

Function 00B0D022 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2f15fdcdc5c306b8c47da5edf02dd62a2b176defa035b8b9e47fcc3b8c70825
Instruction ID: f3d0edac4a0f1998aaa3fcdb545472171ee6dcc926a49277c752ec8affd0b9ae
Opcode Fuzzy Hash: d2f15fdcdc5c306b8c47da5edf02dd62a2b176defa035b8b9e47fcc3b8c70825
Instruction Fuzzy Hash: 5CA18AF3F5162547F3584879DC9836266839BE4324F2F82788E5D6BBC6DC7E4D0A8284

Function 00A8F4F8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e577927dd701568d8f4e760be9e9ae36b1f00ab54d3c34cebb5df1e0fe868701
Instruction ID: d620d646bb53422da6ff1b70484f1019d8610714d091ecdd749040a65c032338
Opcode Fuzzy Hash: e577927dd701568d8f4e760be9e9ae36b1f00ab54d3c34cebb5df1e0fe868701
Instruction Fuzzy Hash: C5A1A0B3E116258BF3600E68CC943A27653EB95321F2F82788E9C6B7C5E97E5D0593C4

Function 00B5B3BF Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad642d57f930a0c6813a179985158ecde82636d7dc87ad36f60f0299136aee2f
Instruction ID: a2c0c3fcdce393f80a3812fc71d9c2ef4298154ebfeae25c807176c0b2ff1cd6
Opcode Fuzzy Hash: ad642d57f930a0c6813a179985158ecde82636d7dc87ad36f60f0299136aee2f
Instruction Fuzzy Hash: 97A18DF7F116254BF3944828DC983A22543DBE5325F2F82788E4D6BBC6D87E9D0A5384

Function 00B0F4A1 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9cfeeb5f774ce2dc122c29becbfe39ce0dcec749d467bb7012cdd2a272b8909
Instruction ID: c6485da3de9cf5c9447e93e39d770461bdedb6e9e615136751bffe7410a8a34c
Opcode Fuzzy Hash: e9cfeeb5f774ce2dc122c29becbfe39ce0dcec749d467bb7012cdd2a272b8909
Instruction Fuzzy Hash: 08A18BB3F516254BF3544878CDA83A26683EB90320F2F82388F9D6BBC5D97E5D095384

Function 00B16089 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce6b5d23ce28453056ae424d7d3ae798db4d42a9c0977b5e851f0862122e297
Instruction ID: 06ee6537a27c2c1838228b9c00f1cde88eb5004abaada2edd0c6797d4ffdd914
Opcode Fuzzy Hash: 2ce6b5d23ce28453056ae424d7d3ae798db4d42a9c0977b5e851f0862122e297
Instruction Fuzzy Hash: 5BA18BB3F1162547F3444939CC983A26683EBD5325F2F82388E98AB7C9DD7E9D464384

Function 00B28163 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b10f03ae5695e6af808cc0700c7d6a3c428c3c24e08e9d02e70aeb03be0559
Instruction ID: 1df07ade6a022d3499279e701fda1492b56a8063c456d84b0cc09340c53d8948
Opcode Fuzzy Hash: d4b10f03ae5695e6af808cc0700c7d6a3c428c3c24e08e9d02e70aeb03be0559
Instruction Fuzzy Hash: 9FA19BF3F1162547F3544928CDA83A22683EBD5314F2F82788B9CAB7C5D97E9D0A5384

Function 00AB024E Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cfaeb7f7c667f867dc62b41b2f2982d03f3e02131af680f0cfac937669594e2
Instruction ID: 7f929351a8df56876fbcb1f4c248782d57d20d50d1bdebf57945ff6435234056
Opcode Fuzzy Hash: 5cfaeb7f7c667f867dc62b41b2f2982d03f3e02131af680f0cfac937669594e2
Instruction Fuzzy Hash: F0A19DB3F112248BF3540968CC983A27253E7D4325F2F42788E5C6B7C5E97EAD069384

Function 00B6224D Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfe6306fe9e68a198d7c724d365aac019a12148ce5333b50a1da554fccf71ea2
Instruction ID: febd6b8f028a6253ae481abd23e89fa1960569872ce324913ca379a044aa1dcc
Opcode Fuzzy Hash: bfe6306fe9e68a198d7c724d365aac019a12148ce5333b50a1da554fccf71ea2
Instruction Fuzzy Hash: F5A15AF3F1162547F3544839CC9836265839BE1321F2F82788A9CABBC9DC7E8D0A5384

Function 00B204D7 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1a3eeeca5c429fad27f60e80ab4253190656edd7b9af7c8cd77674f5a6ff378
Instruction ID: 24b931ee52e0da15e098674c10887063c890294a61638dd3d488973bb39c1e17
Opcode Fuzzy Hash: f1a3eeeca5c429fad27f60e80ab4253190656edd7b9af7c8cd77674f5a6ff378
Instruction Fuzzy Hash: 80A17DF7F1062647F3544879DD583A26583D7E0315F2F82388F59ABBCAE87E9C0A4284

Function 00B41143 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e00428d3b5b66a1cd8bc9425dc539d1a282941629efa617128501d4042aebb
Instruction ID: 6a62c3ac9e57a39d342efa3c81f77875338201ec4a25e2e2522ee9ce7922c6c8
Opcode Fuzzy Hash: b6e00428d3b5b66a1cd8bc9425dc539d1a282941629efa617128501d4042aebb
Instruction Fuzzy Hash: 80A190F3F2062547F3544878CD993A26682EBA5324F2F42388F5DAB7C5E9BE9D054384

Function 00B7C2B5 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6de8cbc045ebe7d97d650df2e916cb6eeac9cbe99b673dfa6faf549fd847327
Instruction ID: fcb2728a0ef37c2917ada25d24eaa75028e87edf33c7fcefc4b4276f161fb928
Opcode Fuzzy Hash: c6de8cbc045ebe7d97d650df2e916cb6eeac9cbe99b673dfa6faf549fd847327
Instruction Fuzzy Hash: 86A16BB3F1162547F3504D29CC993A27683AB95321F2F82788E9CAB7C5DD3E9D0A5384

Function 00AEE25D Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5602511a5cb2248c4601c5c93fe3724ef86de8d318ce15934c7a7990722fdf3
Instruction ID: 152888d55313a2c4e2d178ddf975e9351058967a04aa24da0444e75f093c96dc
Opcode Fuzzy Hash: d5602511a5cb2248c4601c5c93fe3724ef86de8d318ce15934c7a7990722fdf3
Instruction Fuzzy Hash: A591AFB3F1152547F3504D28CC583A26693EB94324F2F82788E9CABBC9D97E9D4A53C4

Function 00B17388 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b5b738e473553d59bfdddb8d0351e9f8c66aa9e67f14c6e646a686cab655c0b
Instruction ID: 996dacbee1e19e2ef28e9e4d68049c3dbc81da4bfdfe248b76d4e72aa0e29ad0
Opcode Fuzzy Hash: 7b5b738e473553d59bfdddb8d0351e9f8c66aa9e67f14c6e646a686cab655c0b
Instruction Fuzzy Hash: 3C919BB3F1152547F3940D78CC683A2A692DB95320F2F82788E5DAB7C5ED3E9D0A52C4

Function 00B2D27D Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd75d5549416d6b609698fbf93def1b6af0b4194dd8cad6eb4487b2e86b3d6e5
Instruction ID: d3aae914fa8e1f6efdb50084765d0d267ba4cc9c12a0dca85f7ec7ffdca9527f
Opcode Fuzzy Hash: fd75d5549416d6b609698fbf93def1b6af0b4194dd8cad6eb4487b2e86b3d6e5
Instruction Fuzzy Hash: 9F916CF3F1062047F3584879CD993A26583A7E5325F2F82798E5CAB7C9EC7E5D064284

Function 00B0935A Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 467f4440fa7a51606f389931791f6b32f99e9c9a9dbb6038669184ea8e051dd4
Instruction ID: f09eb676eefd0384c2dc10983ed37eff8bfd3b1ef23e3794c4723c1bff2fd0c3
Opcode Fuzzy Hash: 467f4440fa7a51606f389931791f6b32f99e9c9a9dbb6038669184ea8e051dd4
Instruction Fuzzy Hash: 30918CB3F1162547F3544879CC983A26683DBD4324F2F82788E5CABBC5D97E9D0A5384

Function 00AD24B8 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dc2273ef500d711e34a9fe2a50567d9bafb41c90a702c06d40fb6711e2c34dd
Instruction ID: 26ad1ea47df88419648c423c0fcf33c59e992012993f73de3b1d2dc48e021b4d
Opcode Fuzzy Hash: 3dc2273ef500d711e34a9fe2a50567d9bafb41c90a702c06d40fb6711e2c34dd
Instruction Fuzzy Hash: 4291AFB3F116254BF3544D29CC583A27643EBD5311F2F82388E586BBC9D97EAD0A9384

Function 00B5C09D Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aac2a8a10a20e824b0681acba869a85d56f133aea862c8191bc56d79247e8cf
Instruction ID: 31829f074396215a441f63ecdb8ad01012cf39e2db42f68e2bbc42801d573c36
Opcode Fuzzy Hash: 9aac2a8a10a20e824b0681acba869a85d56f133aea862c8191bc56d79247e8cf
Instruction Fuzzy Hash: 35915AB3F112248BF3540929CC5836266939BD5721F2F82788E9C6B7C9D97E5D0A9384

Function 00B4533F Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8233a614c1faad9b20f4eee95beb2d2f5d803827c5c3eef6ade697a308a93a3c
Instruction ID: 23780d5d46bf295ee9dc54c800e6211669de0a82e2e4127ca481c38eefcc986a
Opcode Fuzzy Hash: 8233a614c1faad9b20f4eee95beb2d2f5d803827c5c3eef6ade697a308a93a3c
Instruction Fuzzy Hash: 9A9188F3E11A2547F3604929DC58352A683ABE4325F3F82788E9CAB7C6D93E5D0653C4

Function 00A823F3 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e3b9dd20ed8a38011c05f5fcdbecd315d306e8b73b0b566b7a83a6b877e461
Instruction ID: 3480b8186d57bf7b36f61295edc2804607addef6c6adea72c589578f554ea825
Opcode Fuzzy Hash: 43e3b9dd20ed8a38011c05f5fcdbecd315d306e8b73b0b566b7a83a6b877e461
Instruction Fuzzy Hash: FB915CB3F015248BF3644D29DC543A27693AB95325F2F82788E8C2B7C5D93F5D0A9784

Function 00ADE4F6 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec41c9f4d7f6db9a5ffa50956f15a97315314c3dd6fa9c6cc35b82a60d04f444
Instruction ID: 260761fca82c4d386d09081768d989c61ec254b15f04df135344e33c367b285a
Opcode Fuzzy Hash: ec41c9f4d7f6db9a5ffa50956f15a97315314c3dd6fa9c6cc35b82a60d04f444
Instruction Fuzzy Hash: 849177B3E0162547F3544968CC64362B693ABE0324F2F82388E9D6B7C5EE3E5D0693C4

Function 00B1507B Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e62d576c97655057d6305d419aa31b878f2f21fe17e6b20044b6a80113c0cb8
Instruction ID: 0f81e3c361482a88380f0678f5144d5c8c79c2fcccdc7c096fd3aef3c03f5a84
Opcode Fuzzy Hash: 0e62d576c97655057d6305d419aa31b878f2f21fe17e6b20044b6a80113c0cb8
Instruction Fuzzy Hash: 11919AF3F1162647F3944878CD983626683DBA5324F2F82788F5CAB7C5E97E5D0A4284

Function 00B142B0 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597694524d0359c38861876a6a27368cf55491c672094be2bebfa8bbb6678650
Instruction ID: 95bc79a5ecaf12aaa67e99e02b60236dbea09295affd347511dad030996228fa
Opcode Fuzzy Hash: 597694524d0359c38861876a6a27368cf55491c672094be2bebfa8bbb6678650
Instruction Fuzzy Hash: 189157F3F116254BF3544869CC583A226839BE5325F2F82788F9DAB7C9DC7E5D0A4284

Function 00B3E242 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204ff6ddc5ffdce067961ebbfe98a50756e881f96126ba35a784ee3dfe7b6106
Instruction ID: fa09ca6c0ecd4983e07f2393e38dd2ee2ce03ed4a59fdd021bd1bfb39b0c2019
Opcode Fuzzy Hash: 204ff6ddc5ffdce067961ebbfe98a50756e881f96126ba35a784ee3dfe7b6106
Instruction Fuzzy Hash: 3E9188B3F111258BF3544928CC583A27683EBA4315F2F82798E8D6B7C5D97E9D0A9384

Function 00ABE3E1 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4f57472ef92bc9589d966973789927cdd54c41c8f4e4bf7929c01582baa82d5
Instruction ID: ef01ff9d90fe268f3afe4820f213b675304e56e5e004087b3663213fb138545c
Opcode Fuzzy Hash: f4f57472ef92bc9589d966973789927cdd54c41c8f4e4bf7929c01582baa82d5
Instruction Fuzzy Hash: 2A9179B3F116254BF3584D39CD583A226839BD5310F2F82788A8DAB7C5DDBE5D0A9384

Function 00AD100A Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 383631f7109b1c7c2132e1d9d10ad87c33ffc5421ff61b8286e1caf5e95aa3ce
Instruction ID: 0fe93d1adb61b5b65d41637acb9c73b21396c2ef7eebde7689b1d69d90d95522
Opcode Fuzzy Hash: 383631f7109b1c7c2132e1d9d10ad87c33ffc5421ff61b8286e1caf5e95aa3ce
Instruction Fuzzy Hash: 89916BF3F1122647F3584879CDA837266839BD1315F2F82388E596BBC5DCBE5D0A5284

Function 00B1224C Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 453f339548005fee1bcbb1acca6918bfea7f9e089093824a5a92d92248d9724d
Instruction ID: 818ff6d54e5b3b687c168486be3a130f94ff63af329e1488c96947c83b136e41
Opcode Fuzzy Hash: 453f339548005fee1bcbb1acca6918bfea7f9e089093824a5a92d92248d9724d
Instruction Fuzzy Hash: B2918DB3F116254BF3504D29CC583A266839BD8321F3F82788A9C5B7C9DD7E9D4A9384

Function 00AF71FE Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb8d4d12b94eda810916ca830190e47c468a221093b2fab57ecd37956c8331f
Instruction ID: a47aac495080efe53da75c3bf1cb500cc7b61e8e9bd8f8c2bb36350d45d8bd16
Opcode Fuzzy Hash: cbb8d4d12b94eda810916ca830190e47c468a221093b2fab57ecd37956c8331f
Instruction Fuzzy Hash: 4C919DB3F5062547F3544D28CC983A26683A7E9324F2F82788E9C6B7C5ED7E5D0A5384

Function 00B040FA Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f41247f019c226a184c3dcd6789f005c689e081626f52b941d37034c100c1740
Instruction ID: 483df68d900ec1b292ecfdea35724852eb5d1f13af4b2b3344fbd562f72b28e9
Opcode Fuzzy Hash: f41247f019c226a184c3dcd6789f005c689e081626f52b941d37034c100c1740
Instruction Fuzzy Hash: 409168B3F1122547F3544929CC983A27683EBE4315F2F81788E8C6B7C9D97E5D0A9384

Function 00AB601C Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1c16c9a4c1b3a57bb2699be8f4ea3f47ea4fb98a38663ec6fff2a987a90ebc9
Instruction ID: 53857dd92e2776b3b8c5a5d039a5406d5aefb15e128a9a20c3a050ab50724962
Opcode Fuzzy Hash: d1c16c9a4c1b3a57bb2699be8f4ea3f47ea4fb98a38663ec6fff2a987a90ebc9
Instruction Fuzzy Hash: 379178B7E512254BF3584D38CC683A2A6839BD4325F2F823C8E9D6B7C9DD7E5C065284

Function 00A8E071 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af217e43398190ec720e1ce65df77e65ddf5ba16500fc163bab93a882f923de
Instruction ID: f385ddf93e595927c8f92e4346187f2f8bbb932ff1728f780f0cdb0b73ab02e6
Opcode Fuzzy Hash: 6af217e43398190ec720e1ce65df77e65ddf5ba16500fc163bab93a882f923de
Instruction Fuzzy Hash: 0E918EB3F1162547F3544D28CD983626643DBD1325F2F82788E4CABBC9D97E9D0A9384

Function 00B2B3DC Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6642abf67964eb75927ebf1b90f862f30816df82d9a78dd4761300d01dc49df9
Instruction ID: 13d633918dbf7a315f3834403224335701c1fd9d554861a2663e2766c5de6418
Opcode Fuzzy Hash: 6642abf67964eb75927ebf1b90f862f30816df82d9a78dd4761300d01dc49df9
Instruction Fuzzy Hash: F3918AF7F0062047F3584D28DCA83627692EBA5315F2F82788E896B7C5D97E6D0993C4

Function 00B434F0 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79427385257aff186d9d5bca8f92ac69d7619266f24a7d4d2ad853fbe0d1bfab
Instruction ID: 4c838f955bbf504c0c3e1bdb59bbc0252450312644525aa5b9484a37cb393a7c
Opcode Fuzzy Hash: 79427385257aff186d9d5bca8f92ac69d7619266f24a7d4d2ad853fbe0d1bfab
Instruction Fuzzy Hash: 309188F3E1152547F3540D29CC98362B683ABA5325F2F82788E9C6B7C5D93E5D0A93C8

Function 00B232E8 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c71a5d5c9bfcdc7f52e3435e8b30d27516f6e308e946cacb75001c53bd34cf55
Instruction ID: 1ce554d76d792cc96725948a766d5d4a71e17a55f35d8235c4f4d27039d33405
Opcode Fuzzy Hash: c71a5d5c9bfcdc7f52e3435e8b30d27516f6e308e946cacb75001c53bd34cf55
Instruction Fuzzy Hash: 14916AF3F116254BF3544D29CD983627683AB95311F2F82788E8C6B7C5D97E5D0A8384

Function 00AF0285 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 065b10ccd3298a0c7d5877154cab5141d75f3d3257a47db770fc9225f0d921ab
Instruction ID: 20582430821c24e98a4e862d11d7e01e3fe97a75e0e997b4e37909e33d35a740
Opcode Fuzzy Hash: 065b10ccd3298a0c7d5877154cab5141d75f3d3257a47db770fc9225f0d921ab
Instruction Fuzzy Hash: 55917CB7F516254BF3544D79CD983A22583DBD4321F2F82388E8CA7BC9D87E9D0A5284

Function 00AB4432 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75d05e8dde2a99e17df6cb180f2448836c6f1ad99d108662b40d1890a59f6c0c
Instruction ID: 8e9864bd848913bea60d05992bf13c17126f6e5e89d36d3da53ee7362981777e
Opcode Fuzzy Hash: 75d05e8dde2a99e17df6cb180f2448836c6f1ad99d108662b40d1890a59f6c0c
Instruction Fuzzy Hash: E29189B3F117254BF38449B8DD983526682EB99314F2F82788F586BBC9D87E5D0A4384

Function 00AAE0F5 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc98f91cffe2b88ec4c2f263d1e97d7943a13343a245493d7eadc934c176bbd7
Instruction ID: 88ec0b45e0ef8a7268fd570ef77d672c7f8647455ae9cb585c609cd28e4cdfc7
Opcode Fuzzy Hash: fc98f91cffe2b88ec4c2f263d1e97d7943a13343a245493d7eadc934c176bbd7
Instruction Fuzzy Hash: DC918BF3F5062547F3584D78DD983626283DBA4314F2F82388E49ABBC9E97E5D0A4284

Function 00B26123 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fb1673815208aebb71dce74e15794743102a0c28b8dfd9acd75bf029438564e
Instruction ID: 3694a01ecb8f36af03cfe2c1807e23f52cffcc8955c1fa96912bd9fa0f64e898
Opcode Fuzzy Hash: 2fb1673815208aebb71dce74e15794743102a0c28b8dfd9acd75bf029438564e
Instruction Fuzzy Hash: 339160F3F216254BF3584838CD583626593D7E5315F2F82788E88ABBC9D87D9E0A5284

Function 00ABD23D Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3406f6fc14d12260d52fd9f94fd752f6e85cbd3d75269d6008e3acc325b80f1e
Instruction ID: 14a2e9da5705756f028ea1b26205294d18695d9b268f095d58954b420ac78aeb
Opcode Fuzzy Hash: 3406f6fc14d12260d52fd9f94fd752f6e85cbd3d75269d6008e3acc325b80f1e
Instruction Fuzzy Hash: AF91AFB3F116244BF3544D29CC883A27293EBD5325F2F82788E885B7C5D93EAD069384

Function 00ACC4E2 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 615e4012b034c8cc99b792b4bcfd9342957a232bb130d241573d13d4aa625725
Instruction ID: e55d7ad86e88eff782d566bb6e4d19bea2e41dfda329cd0ca396a0dd7a8772c2
Opcode Fuzzy Hash: 615e4012b034c8cc99b792b4bcfd9342957a232bb130d241573d13d4aa625725
Instruction Fuzzy Hash: AA91BDF3F1062547F3944D68DC983A27682EBA4314F2F82788F49AB7C5D97E6D099384

Function 00B370E5 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca3d6f399c74e21a20a6d994be54856e1aa4591f1c7205cc4a380a8a8eaff5f5
Instruction ID: 38214e3bf806838fca363ed4e22e773f7d98fd30cbc8775e289cb7a819ca0370
Opcode Fuzzy Hash: ca3d6f399c74e21a20a6d994be54856e1aa4591f1c7205cc4a380a8a8eaff5f5
Instruction Fuzzy Hash: 9891ADF3F216254BF3544D38CD983A26683DB94324F2F42788E5CAB7C5E97E5D0A5284

Function 00B224AC Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a774a1fc3eea9df45b040ef571be80fda13223680ca10511d117184bc753c61
Instruction ID: fce4f0c833383ab67ea6dd2c542f1941d28a56299901d1248a9b6afd981c9a4e
Opcode Fuzzy Hash: 7a774a1fc3eea9df45b040ef571be80fda13223680ca10511d117184bc753c61
Instruction Fuzzy Hash: DD919EF3F21A2447F3544939CC9835265939BE4325F2F82788F5CAB7C9E97E9D0A4284

Function 00B34044 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbaf0211b3fb57b0769575c08703b4ae2411d59a23ddaff719e268149b9799eb
Instruction ID: 2b8f2ada04de60152022ebf46ec64a0b25df648abcf5105259b102e04dbbd275
Opcode Fuzzy Hash: dbaf0211b3fb57b0769575c08703b4ae2411d59a23ddaff719e268149b9799eb
Instruction Fuzzy Hash: 5B919CB3F506254BF3544969CC983A27683DBA4310F2F41788F889B7C5D9BE9D4A9384

Function 00AF8383 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd7564cb9d4057e6b82f65320be87658c0aa8a32955262ddeb8d899ecfb9f71d
Instruction ID: b5aa7b4dfdf5d38742219daec0fe7093b70215a2e1ec5af12a934975b80f9fb8
Opcode Fuzzy Hash: cd7564cb9d4057e6b82f65320be87658c0aa8a32955262ddeb8d899ecfb9f71d
Instruction Fuzzy Hash: 739188B3E112254BF3940968CC583A27683ABD4325F2F81788E8C6B7C5DD7E5D4A93C4

Function 00ACC0BA Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef99756f81abccddd686718c979a022afe653acabd15112d60d5d47ed275577a
Instruction ID: 5dbd5797818d18360e170a54344aca45e06c156b4fe959740419b4b63202b8c2
Opcode Fuzzy Hash: ef99756f81abccddd686718c979a022afe653acabd15112d60d5d47ed275577a
Instruction Fuzzy Hash: 2C919AF3F116154BF3440929CCA83A26683EBD5325F2F82788A4D6B7C5DD7E9D0A5384

Function 00A88013 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b73324c9d22ec0ec58191143888df0b6f5f03f434dd7682479051c46dc2c1deb
Instruction ID: 41d4948410500b0e523d3b6525c68b37d896ecb97c7a21bd665204ef297b2d78
Opcode Fuzzy Hash: b73324c9d22ec0ec58191143888df0b6f5f03f434dd7682479051c46dc2c1deb
Instruction Fuzzy Hash: 649189B3F1112547F3540A28CC583A27693ABE5310F2F82798E8DAB7C5ED7E5D0A9384

Function 00AC5292 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d25dc1419ed21a1ef9e41aa83bed146de3975f4301129c8f92a18d317d580508
Instruction ID: 1fe09588058298a45627e99cb99776073689fc0915d94d2bb3b5df3cbf0bddcb
Opcode Fuzzy Hash: d25dc1419ed21a1ef9e41aa83bed146de3975f4301129c8f92a18d317d580508
Instruction Fuzzy Hash: C5917BB3F5052487F3584E29CC683A27683EBD5314F2F817C8A899B7C5D97EAD069384

Function 00AAB3A2 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ea2d04bf54b4cb05da502967a9f56ae417f170c9834364d7c2254d1331b8e2
Instruction ID: 7423e5b1cc5cef86b7b02354db8dac128681986bef92f26be53e97735181a71f
Opcode Fuzzy Hash: e0ea2d04bf54b4cb05da502967a9f56ae417f170c9834364d7c2254d1331b8e2
Instruction Fuzzy Hash: F9916CF3F1162547F3544928CC983A226839BD0325F2F82388E4C6BBCAE97E5D0A5284

Function 00A983BE Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78b961d51f20213b01f000f30067a552f2a7e569bc642a822a2aeb0112b5ce6e
Instruction ID: ec46de3d44e17924d251dd51e652f0e9f3db648b04c8167d90a5c454a503a86c
Opcode Fuzzy Hash: 78b961d51f20213b01f000f30067a552f2a7e569bc642a822a2aeb0112b5ce6e
Instruction Fuzzy Hash: BB9159F3F116254BF3544839CD583626A83DBD4315F2B82388B99ABBC9D97E9D0A4284

Function 00AD20BB Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6bf5e927eea69e1af88a4a0a099e0bd9356f24672be5e5ec5479f8468cc79be
Instruction ID: 88e0fffc33917ce7eed49aa35773fe4f3a7f66870dee60e077d941a1c752c32d
Opcode Fuzzy Hash: f6bf5e927eea69e1af88a4a0a099e0bd9356f24672be5e5ec5479f8468cc79be
Instruction Fuzzy Hash: 0581ACB3E1122587F3504D69CC883A2B693ABD5321F2F82788E5CAB7C5D97E5D0993C4

Function 00AFA2F5 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea47195fb9cf17ef19d3a9213580987c8f92136120d73f1cc336b7cc3e4a523d
Instruction ID: acea2ad9bbc8080072125d03af2762cb27b2ff293e1b8d0208e6ede027624ac3
Opcode Fuzzy Hash: ea47195fb9cf17ef19d3a9213580987c8f92136120d73f1cc336b7cc3e4a523d
Instruction Fuzzy Hash: 3691BBF3F515254BF3044939CC683A26A43DBE5321F2F82788A8C5B7C9DC7E990A9384

Function 00B6B1A4 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e35142e0fe4bf2f7010063ee55c76a30f78e6f816f2c86d8b3569df1d20e3a45
Instruction ID: feaa76c37c78528de855ccf67788f41254a4961f560ae41bd9700fc4a1706736
Opcode Fuzzy Hash: e35142e0fe4bf2f7010063ee55c76a30f78e6f816f2c86d8b3569df1d20e3a45
Instruction Fuzzy Hash: 8191CEB3F1162547F3444D39CD983627693EBD1311F2F82388A48ABBC9DD7E9D0A9284

Function 00A99299 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19533dd0c20744db3df5bb3949ffd93fc4b63c15826617a9356b010e8fc27363
Instruction ID: d380ef4a3386aa56b5e4cea98b384fef09f6f4d4cc93b79ce9207a8684070fd6
Opcode Fuzzy Hash: 19533dd0c20744db3df5bb3949ffd93fc4b63c15826617a9356b010e8fc27363
Instruction Fuzzy Hash: 5D918CF3F1162047F3584929CC983626283DBA5315F2F82788E9CAB7C9EC7E5D0A5384

Function 00A9B3B2 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bff3fe1cb03430be2fbd9dbc56f4d28bbe2aa8312d825eca721064ffa0b21f2a
Instruction ID: 5994f50a5f784fda26176b63737badcc7e35010b92e8ae2084189461a9c5cc66
Opcode Fuzzy Hash: bff3fe1cb03430be2fbd9dbc56f4d28bbe2aa8312d825eca721064ffa0b21f2a
Instruction Fuzzy Hash: B68179F3E1162247F3684878DD9836665839B95324F2F82388F59ABBC5E87E4D0A52C4

Function 00AC429F Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea981c9e1c2e15a54eca7e9b1475437e014a7e175aa56450c599ea85f942f82
Instruction ID: 675c3c39389b1c4f128657a01de880a0a421fccd33b089981de83b5399ddf6f0
Opcode Fuzzy Hash: cea981c9e1c2e15a54eca7e9b1475437e014a7e175aa56450c599ea85f942f82
Instruction Fuzzy Hash: 43915AF3F1162547F3584964CCA83626682DBA5324F2F427C8F5DAB3C5E87E5D0A5384

Function 00B3538B Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78501e7edb46e253465fc887ca481b75c3d544e837348c703971c4bd69dfffbb
Instruction ID: 651c82a15176b5367c01f99aaa59bd6fa2988accaf9b6940e174b49186ac6443
Opcode Fuzzy Hash: 78501e7edb46e253465fc887ca481b75c3d544e837348c703971c4bd69dfffbb
Instruction Fuzzy Hash: 2A817FB3E115248BF3544D28CC983A2B693EB95320F2F827C8E8D6B3C5D97E5D099384

Function 00AB80F8 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77323379466bf8661ad7b3ac9cd7ece52b8f9a3eefe814d79bd65b0d1f43099a
Instruction ID: c0e0b5fa6fdba7baa57b2811adaef9ee14ea9e249c4f1de5753d99d9aa0f2d0d
Opcode Fuzzy Hash: 77323379466bf8661ad7b3ac9cd7ece52b8f9a3eefe814d79bd65b0d1f43099a
Instruction Fuzzy Hash: AF818EB3F116254BF3604D29CC5839276939BE5320F2F42788E9CAB7C5D93E5D069380

Function 00A913BD Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e52ff46f93c944446451fe555f39b560a38f8704192f62d341343a1a9e4f37
Instruction ID: b4843b56917246fe0d6d299b6feaf92ca574ed45a3f07b6ff7c832f34d7af86e
Opcode Fuzzy Hash: 52e52ff46f93c944446451fe555f39b560a38f8704192f62d341343a1a9e4f37
Instruction Fuzzy Hash: D08188B3F112248BF3544939CC983623293ABD4320F2F82788E9C6B7C4ED7E5D0A5284

Function 00B743F0 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cd25ff7d1c2db78be60f7a6bace277d5a5093434379d0103a426934bde958cb
Instruction ID: 2be8affd0053495fc8681216366b4d9579ea7e85f82edb7e18356b88f34ddbde
Opcode Fuzzy Hash: 4cd25ff7d1c2db78be60f7a6bace277d5a5093434379d0103a426934bde958cb
Instruction Fuzzy Hash: F5818DB7E106254BF3184D28CC543A17692EBA5315F2F417C8E8DAB7C5EE7E6C059384

Function 00B7835B Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b8195a3d11c8bc552f18126332e73dbbdcab329ccec0584ac01e335b17db35
Instruction ID: 7b6cc3a922e029222b1a7f6b9c0b44f93cb7d7cb9455e3701350848feecc119e
Opcode Fuzzy Hash: f0b8195a3d11c8bc552f18126332e73dbbdcab329ccec0584ac01e335b17db35
Instruction Fuzzy Hash: A8819AB3F1162447F3184D29CCA8362A6839BD0325F2F82788E9D6B7C5DD7E5D0A52C4

Function 00ADF149 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe17042777dc34a941db51fd46859d1d18c61666da9d6f86e3dedbb64f441f0
Instruction ID: 69e16961435a4a5c5324252b1da3ff104886626bc16af64138fd161cfda69c41
Opcode Fuzzy Hash: 5fe17042777dc34a941db51fd46859d1d18c61666da9d6f86e3dedbb64f441f0
Instruction Fuzzy Hash: F28180B3F1112587F3544D28CC583A27693EB91315F2F82788E899B7C8EE7E9D4A5384

Function 00B3921A Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e796b6ab8291750e3654d00f8468fc8ed67282b2c036dfd482b79957b38cc7f
Instruction ID: 7f44560a4c38444503819129fe16a91c2f4be88ac67d8e9543397b5bbf79cf54
Opcode Fuzzy Hash: 6e796b6ab8291750e3654d00f8468fc8ed67282b2c036dfd482b79957b38cc7f
Instruction Fuzzy Hash: 2B815AB3F1162547F3544D29CC943A2B283ABD4325F2F82788A9CAB7C5ED7E9D065384

Function 00B640D0 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4501e237e95418ece4eff6439881dfb60d78d9d9a1f27da4f413dba62dff4201
Instruction ID: 893a7822fbecc4c9c6d5ff6ecae0c7d1f36b9ad8352b044a828f60f5011948b1
Opcode Fuzzy Hash: 4501e237e95418ece4eff6439881dfb60d78d9d9a1f27da4f413dba62dff4201
Instruction Fuzzy Hash: F5815CB3F016244BF3544939CD983A27683EB91324F2F42788E8DAB7C4D97E5D0A9384

Function 00AB4056 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ec69ede2d240d803bac79ad4cc2e36fae81c47dcd4230c2c31245f8158dd6b
Instruction ID: c074de6cd1347b0d19bfe695b9b2c8c56f451a4dd6ecdf05937f179aeacd9cac
Opcode Fuzzy Hash: 70ec69ede2d240d803bac79ad4cc2e36fae81c47dcd4230c2c31245f8158dd6b
Instruction Fuzzy Hash: 1A817CB3F216258BF3544D28CC993A27293DB95320F2F42788F499B7C5D97E9D0A9384

Function 00A8D0A3 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd8dcbfb4422e9f1db16fe695ee770548c122bc655a5cfb64cfe7dae6d4508a0
Instruction ID: 9fc80872d0e5972e43b6b7511942d2e47cee8891ce8a65d93ed71c76052dc2e3
Opcode Fuzzy Hash: fd8dcbfb4422e9f1db16fe695ee770548c122bc655a5cfb64cfe7dae6d4508a0
Instruction Fuzzy Hash: 5A8178F3F1162547F3544828CC683A262839BE5325F2F82788F5D6B7C5EC7E9D0A5284

Function 00ABA167 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 197327b0f928ba9711a6bc96aadaa2a0c6282dd5469551bcb67d00d48ebf2227
Instruction ID: 3f59432cb4d39372497ff912e5ada4c852d8735516b59e564207cfebb38a46b6
Opcode Fuzzy Hash: 197327b0f928ba9711a6bc96aadaa2a0c6282dd5469551bcb67d00d48ebf2227
Instruction Fuzzy Hash: D9818DB3F506254BF3544D28DC983A26283EB94325F2F81388E99AB7C5DD7E6D0A5384

Function 00A91021 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 798735b0cff53613ad7661b43e1ba920399ebe80e45e8d4776d7daae6ce5ce0d
Instruction ID: 9d635e99c2f50832229aa23a666e74d4951daf7013c80b10d1bc8e52a2958ca1
Opcode Fuzzy Hash: 798735b0cff53613ad7661b43e1ba920399ebe80e45e8d4776d7daae6ce5ce0d
Instruction Fuzzy Hash: 54818BB3F102254BF3544D28CC983627693EB95315F2F817C8E88AB7C5D97EAD0A9384

Function 00A8F16A Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2960d82ffd907db8ba34b879f87e17b406047c508db39e4a87a2de515015ed3c
Instruction ID: b34d1bac1b478cc55322d333b7f2fecca8bf6ac86586372629f143a021ca21ad
Opcode Fuzzy Hash: 2960d82ffd907db8ba34b879f87e17b406047c508db39e4a87a2de515015ed3c
Instruction Fuzzy Hash: 0581B2B3F106244BF3544E29CC943A27293EBD9311F2F81798A889B7C5DD7E6D0A9784

Function 00AE33A2 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb272b2077280b239a2f61a64035299585e56354b43e6eb257e068d8f43a219
Instruction ID: d4d8a4fdb8e6a1dfece072ee0d632ed46e53260dd179e18fbf40349d61342733
Opcode Fuzzy Hash: ffb272b2077280b239a2f61a64035299585e56354b43e6eb257e068d8f43a219
Instruction Fuzzy Hash: DB817BB3F112254BF3504D29CC883627693ABD5324F2F81788E8C6B7C9D97E6D0A9384

Function 00A851F8 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ac6cbbfd63d7c9c86c259d9f635eb5849f3c6b0ed3608da7baebfcb4134e1fc
Instruction ID: 90d6db327897f39f33fe30e5590c59abf15f207730f555684031ef498f34ebff
Opcode Fuzzy Hash: 2ac6cbbfd63d7c9c86c259d9f635eb5849f3c6b0ed3608da7baebfcb4134e1fc
Instruction Fuzzy Hash: 24816DF3F106258BF3544929CC983627283DBA5315F2F42788E9C6B7C5D97E6D0A5384

Function 00B1E5B8 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb4f7ea8a7db05b6c9207d9194529fb39ca0536979e6efd61ef0e02d3e90a14
Instruction ID: 772c8c0c5d8b6719819042678df835249bb973bf1dc4df8c69e53798a92ed337
Opcode Fuzzy Hash: fdb4f7ea8a7db05b6c9207d9194529fb39ca0536979e6efd61ef0e02d3e90a14
Instruction Fuzzy Hash: 0981AFB3F116254BF3544D28CC583A17293EBE5325F2F82788E889B7C5D97E9D099384

Function 00AF31AE Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1c6b6d38a234a414e4df423b2d0d4b279ad09a55d1fa53ddc0b909d5cf3374
Instruction ID: 66f1eae770fe96f572de4b4b5cae16c817e0580ece5276e5068770c553ee60bf
Opcode Fuzzy Hash: 4c1c6b6d38a234a414e4df423b2d0d4b279ad09a55d1fa53ddc0b909d5cf3374
Instruction Fuzzy Hash: 3A81C9B3F1122547F3544938CC983A27683DB95320F2F82388F496BBC9D97E9D0A5384

Function 00B20110 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61f5c069690594c4ff9725f28001c22b60a151bbba6dba9449681f67dce48304
Instruction ID: a6b8b725b3d9bb40bdc438b822e503e01e62ca1c87cc55eb00d494ebb7c03f08
Opcode Fuzzy Hash: 61f5c069690594c4ff9725f28001c22b60a151bbba6dba9449681f67dce48304
Instruction Fuzzy Hash: A0818CB3F5062547F3644C79CC983A26683DB94320F2F82388E9CABBC6D97E5D455384

Function 00AC61F8 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd96fb940ad42a183d8e7e89df266e166452453310a9f5cbfd7459d32b912f27
Instruction ID: e491f44e4b1c711c6525b6771e9362938d2a28c0caa6cd5d37ce6d168d726732
Opcode Fuzzy Hash: cd96fb940ad42a183d8e7e89df266e166452453310a9f5cbfd7459d32b912f27
Instruction Fuzzy Hash: F8816BF3E2152147F3944978CD593A266439B91324F2F82388F5DAB7C5D97E9D0A43C8

Function 00AE413F Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7015f96f2045571b30bb89c8decd4921f8d28bad08a02e2c02559c98c15f0eb
Instruction ID: ec870098d6fe98fc912ea24be58727d102aeedc93957fff52f70f6b60a3900ee
Opcode Fuzzy Hash: e7015f96f2045571b30bb89c8decd4921f8d28bad08a02e2c02559c98c15f0eb
Instruction Fuzzy Hash: 9C817AB3F1152447F3544E29CC983627693EB95311F2F82788E89AB7C9ED3E6D099384

Function 00A97384 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c7ed64380b3f32fd57acee0593af1c050f24afdf825cb1ef4614c75e78fff4c
Instruction ID: dcfe551d7767615f6b3ee6038f333d56060bb1f013cd8a642a776a0702122e32
Opcode Fuzzy Hash: 9c7ed64380b3f32fd57acee0593af1c050f24afdf825cb1ef4614c75e78fff4c
Instruction Fuzzy Hash: 4F818BB3F112258BF3444978CD983A276939BD1321F2F82388E596B7C5DD7E5D0A5384

Function 00B43118 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aeaca9dc8a8c2eb2548bf3e2af2e6a988cba196c481def675d52cb7ae18b347
Instruction ID: f92a7ec945b5eaed31784788bebbdfc09712b3016770027e72b400543363c843
Opcode Fuzzy Hash: 3aeaca9dc8a8c2eb2548bf3e2af2e6a988cba196c481def675d52cb7ae18b347
Instruction Fuzzy Hash: 36816AB3F116258BF3544D25CC483A27693D7D1315F2F82788E886BBC9D97E9D0A9384

Function 00AE0244 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35f17e56ef653068eeb4e86755db95d25c3a835daf2ce3a936595863de7b40ad
Instruction ID: 8990286f5d55db9f7ef2483b1d8608939814dbba0a36c7f9b51ce704d5985e28
Opcode Fuzzy Hash: 35f17e56ef653068eeb4e86755db95d25c3a835daf2ce3a936595863de7b40ad
Instruction Fuzzy Hash: 5E817AB3F1162547F3544938CD58362A693A794320F3F82388E9CABBC5D97E9D0A93C4

Function 00B3B0FC Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb193a460196e0140db9813ee664c401b6ae92640a63e3a1a6a003141799848d
Instruction ID: fa170e528895a0a2fd4487836e976e08354d1e5595f7268f019eb64751b2d372
Opcode Fuzzy Hash: eb193a460196e0140db9813ee664c401b6ae92640a63e3a1a6a003141799848d
Instruction Fuzzy Hash: 0C819BB3F102254BF3544D78CD983A27683DB95321F2F82788E886B7C9D97E6D0A5384

Function 00B0E222 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a1b4f56468bfe78a1b55caeb252eec3b4c226d7dba070b64b413ddaaa671bf1
Instruction ID: 58963d6460595f228d61e3d82ca4445f9e6eaa29243a74ab67561a3150d5e195
Opcode Fuzzy Hash: 8a1b4f56468bfe78a1b55caeb252eec3b4c226d7dba070b64b413ddaaa671bf1
Instruction Fuzzy Hash: 3C81A0B3F106258BF3544D68DC983927693EBD5320F2F42788E88AB7D5D97E5D099380

Function 00AE53F1 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5cd1f8059040d8b5802748d4220e91fb67b35bb3ff4df4147d96e000766b413
Instruction ID: 66ebf760a6675d2111f2ef54f4ad07adf7d0f48a8bdc8b94983afb500b34323f
Opcode Fuzzy Hash: e5cd1f8059040d8b5802748d4220e91fb67b35bb3ff4df4147d96e000766b413
Instruction Fuzzy Hash: 50817CB3F116204BF7544D78CC593A67683EBD4311F2F82388A49AB7C9DD7E9D0A4284

Function 00AA64E3 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ddb22bce84a824e1aaf7a9f3af2f46d3f85e50d141512bcb4fef80a424ecc7
Instruction ID: 1d0737c8f57ad90ce4b33777aec7a17961ab56cf575258c1d08ea73198c3c626
Opcode Fuzzy Hash: 31ddb22bce84a824e1aaf7a9f3af2f46d3f85e50d141512bcb4fef80a424ecc7
Instruction Fuzzy Hash: 35818CB7F116254BF3540D78CD983626643EBA5324F2F82388E9C6B7C5D97E9D0A8384

Function 00AA7054 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e22c6d59d74728dc16c8c2ebfe07fb42e056ad0f2ac366942457c09014833047
Instruction ID: 82b9e90b3983346e335be7445b625fa61a1223bcf89e7e99c0f08cf03ba54bf7
Opcode Fuzzy Hash: e22c6d59d74728dc16c8c2ebfe07fb42e056ad0f2ac366942457c09014833047
Instruction Fuzzy Hash: 9481B0B3F115258BF3504E29CC943A27653EBD5705F2F8278CA485BBC9DA3E6D0A9384

Function 00A9520A Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a92791e3be1a7df56c438ae8985adf493422597da6f90e58414f27a343a386
Instruction ID: 643801a0c55d22c43bbab1da6142174eb658cc2135d9c507fa6a3fb41d02787f
Opcode Fuzzy Hash: a5a92791e3be1a7df56c438ae8985adf493422597da6f90e58414f27a343a386
Instruction Fuzzy Hash: AC815AB3F1162447F3544969CD983A26283DBD5314F2F82788E486BBC9DD7E5D0A9384

Function 00A8B1DD Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a3a71c34dae3056a3bc92a44c72120061cdc60c50b9a7f1b69a9afb61ad2d91
Instruction ID: 6aebf1f8df78b7ba56975790dc4740d1337dc98e45f50902e28e9b2510157236
Opcode Fuzzy Hash: 2a3a71c34dae3056a3bc92a44c72120061cdc60c50b9a7f1b69a9afb61ad2d91
Instruction Fuzzy Hash: 5F816BF3E1162547F3544839CD1936666839BE0321F2F82388E6CABBC6DD7E9D4A5284

Function 00A9B027 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f15cfde48e1627129ec9feb39cecb3d2f32f4c19d723f3dc35b588aa75dcad0
Instruction ID: 3cb82833d2375d30eb617f78e86bd929e942f977b127a10bc288781731a5cd48
Opcode Fuzzy Hash: 4f15cfde48e1627129ec9feb39cecb3d2f32f4c19d723f3dc35b588aa75dcad0
Instruction Fuzzy Hash: EB714BB3F1162547F3640D29CC983A26683ABE5320F2F42788E9DAB7C5DD7E5D0A5384

Function 00B72276 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592b79585464e3a1e2b73c130a7629e30d668bd0f0fb312a50ddcaee04710e35
Instruction ID: ad72bdd19807364dc7f07f89d28e63db1646202c7d7ed02a5dfc0d6114af8b94
Opcode Fuzzy Hash: 592b79585464e3a1e2b73c130a7629e30d668bd0f0fb312a50ddcaee04710e35
Instruction Fuzzy Hash: 09719CB3F116254BF3644D69CC943627283EBD9315F2F82788E886B7C9D97E1D0A5384

Function 00B6A410 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5459cba1f9043336df68639b82d109efa0d205478daf3d7076c0aec11df8b4ca
Instruction ID: 39bf415f51c1f125c94dfb5cd733cc43521ccbc5817e71b97cfff12f66472f28
Opcode Fuzzy Hash: 5459cba1f9043336df68639b82d109efa0d205478daf3d7076c0aec11df8b4ca
Instruction Fuzzy Hash: 14818EB3F116258BF3944E29CC583617693EBD5320F2F41788A885B3C5DE3E6D099784

Function 00A8D4AE Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a02a3d607483138318eba4213c97079f497696c4bedbde614623a25be28ac65c
Instruction ID: 35df8a6d5f20c5905d97981acdeebe776340c0ceca0612bfde0e7b4d4b2f8874
Opcode Fuzzy Hash: a02a3d607483138318eba4213c97079f497696c4bedbde614623a25be28ac65c
Instruction Fuzzy Hash: 2E718BF3E1063547F3244928CC98362A6939BE4325F2F82788E9C7B7C5E97E5D0592C8

Function 00A830C5 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1122351019dcf8bb60ee40dc02bf8595df2690fa3efe92fc55d4dc631d2a6da0
Instruction ID: 6ce805c06e193839485dd982c6fe3acff759c8ca2f7aa1cc6d731399f70c1d4a
Opcode Fuzzy Hash: 1122351019dcf8bb60ee40dc02bf8595df2690fa3efe92fc55d4dc631d2a6da0
Instruction Fuzzy Hash: 93716BB3F112258BF3544D29CC983627693EBD5311F2F82788A485BBC8DD3E6D0A9384

Function 00B4C2DF Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa923a9f771f87f56471331ebb5d38463d70c9a414352cf45a62a8b3b45edf0c
Instruction ID: 299b4427110f499164faaad2aea94470054018f961088689800bb8db6467d869
Opcode Fuzzy Hash: fa923a9f771f87f56471331ebb5d38463d70c9a414352cf45a62a8b3b45edf0c
Instruction Fuzzy Hash: 0A7179B3F116254BF3544968CC943627283ABA8324F2F82788FAC6B7C5D97E5D0A5384

Function 00B5D227 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13505647a3080ad8330876af8ebddd2aa0b2aa390359c76770f8c6e7cd0431ad
Instruction ID: a48be35753f5265b65c9ba28626b3018ddd837583c452ead4061d3cc93a82f80
Opcode Fuzzy Hash: 13505647a3080ad8330876af8ebddd2aa0b2aa390359c76770f8c6e7cd0431ad
Instruction Fuzzy Hash: 8E717CB3F1162587F3504928CC983A27293EB95325F2F82788E8C6B7C5D97E9D0693C4

Function 00A3E290 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf5ab18b7a419a6a3b651fcb282098cd04e6eab9cf006fad22bfa2fe93af6e50
Instruction ID: b212afee4d94fd5966a9da0d4da503c2bf9fbf54c2258973b246ccfbe541a5a7
Opcode Fuzzy Hash: bf5ab18b7a419a6a3b651fcb282098cd04e6eab9cf006fad22bfa2fe93af6e50
Instruction Fuzzy Hash: B2614736749AD04BD328CA3C4C612AABEA34BD6234F2CC76DF5F68B3E1D5658C068341

Function 00AE21C7 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0343d951be5021008a35dc33eb7a68852f7cdb2d4da8f451f0a3c7bba9fa345a
Instruction ID: 389890fec208a5d92ec9b38f531d960387d3f10f1f388c9afc5a5fa617eda897
Opcode Fuzzy Hash: 0343d951be5021008a35dc33eb7a68852f7cdb2d4da8f451f0a3c7bba9fa345a
Instruction Fuzzy Hash: 6A717BF3F1152547F3584929CC683A266839BE1325F2F82388F5D6BBC9D87E5D0A5384

Function 00A9631B Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5fb30738fef4526006cebcf90739f12683ed6e3810da12ca4b62b124c9ce2f6
Instruction ID: b5e99b024542733c3a8999bb1f4f7c83ebbff1ecd7e5c76edb3aec682aaa88fc
Opcode Fuzzy Hash: a5fb30738fef4526006cebcf90739f12683ed6e3810da12ca4b62b124c9ce2f6
Instruction Fuzzy Hash: 47717DB7F1123587F3604968CC883617282EB95321F2F82788E9C6B7C5D97E6D0A93C4

Function 00B33014 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f0a92216f3af2045ea611edac12e32d5b03ff8b7cceb04e067eaf463e65ead8
Instruction ID: 03936562681bb2602e8df9a1999f4226454a79c568c8cfcb4255dd0d170db557
Opcode Fuzzy Hash: 7f0a92216f3af2045ea611edac12e32d5b03ff8b7cceb04e067eaf463e65ead8
Instruction Fuzzy Hash: 4971A0B7F106258BF3504E69CC883527693EBA9310F2F41788E886B7C5D97E6D0A9784

Function 00A8A411 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 281b9c73fa0e204d58cfb5e94c6535eadb039f58b60a40149ea0dbe4810d9128
Instruction ID: 00a81493039190ea096dc29a5b2a59da5e3903ad5b0cff290fd4c89a4c3554c2
Opcode Fuzzy Hash: 281b9c73fa0e204d58cfb5e94c6535eadb039f58b60a40149ea0dbe4810d9128
Instruction Fuzzy Hash: 72716AB3F1122547F3684D39CC583A162839BD4320F3F82388E5CA77C5D97E5D0A9284

Function 00B64491 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce667c8c0aeca7d8d3f15554728797c0e7988720a88b0a5a1596cbaf19bf695
Instruction ID: 4b90dfa13522ce745c54f1227e5d821be38bf2eed78002bb686b7c9114821432
Opcode Fuzzy Hash: 2ce667c8c0aeca7d8d3f15554728797c0e7988720a88b0a5a1596cbaf19bf695
Instruction Fuzzy Hash: 1971B1B3F116248BF3544E28CC983A17293EB95315F2F42788E996B3C5E97F6D099384

Function 00B050FA Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5394381a21ae73d18f313ade9e84f2e6aea57dd4036fa9bac051b29ae689661
Instruction ID: 6e0e4b1c38e901bdc9fc3e052e4dbd71aaa1665b3b72b47756f9ac7211ce4677
Opcode Fuzzy Hash: b5394381a21ae73d18f313ade9e84f2e6aea57dd4036fa9bac051b29ae689661
Instruction Fuzzy Hash: 2E7137B3E1122587F3644974CC183A27693AB95324F2F82788E9C6B7C5DD7E5D0A93C4

Function 00B22165 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1013133d4cd94dc6436a5da23edaf68906794b99254ddf3982546690ea7b303
Instruction ID: f1817e50b7b5ccb021ac61b5dc696d2c9b500c52d94643fe39128aeac135151f
Opcode Fuzzy Hash: d1013133d4cd94dc6436a5da23edaf68906794b99254ddf3982546690ea7b303
Instruction Fuzzy Hash: DA6159B3F116254BF3544939CC983626683EBA5320F2F82388E9CAB7C5DD7E5E095384

Function 00B441A5 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb0d03d7710dde0c7739c92af0fc39cfb842a2e26e355e5a4804b5a93445704d
Instruction ID: a07cabf896e6cd5263a569ead9bf01d38e61ba7777beb9b2cdb1a05c22de5685
Opcode Fuzzy Hash: eb0d03d7710dde0c7739c92af0fc39cfb842a2e26e355e5a4804b5a93445704d
Instruction Fuzzy Hash: 0961BEB3E1162547F3604E68CC943A27292EB95325F2F42788E5C6B7C5E93E6D0A93C4

Function 00AAB072 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61be616efe4a5caf8415630508866e52ef6a15349eae640395b7bb6a8cfbe347
Instruction ID: 353b8f83ac543ed53efe8b9d79712c46a92dae7b2278b193b248a34073f6d80d
Opcode Fuzzy Hash: 61be616efe4a5caf8415630508866e52ef6a15349eae640395b7bb6a8cfbe347
Instruction Fuzzy Hash: E6616FB3F1162547F3544D68CC983627283EB94715F2F81388E886B7C9DD3EAD0A9388

Function 00B573DE Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3e95e7ea6ca33f5cf08b4bdb79c62720f8ba06a38af096eb986006a39ec279d
Instruction ID: d385181814d4eb60d0cf93c79b57d41b338891c37528c4464e6294c93ccab8db
Opcode Fuzzy Hash: d3e95e7ea6ca33f5cf08b4bdb79c62720f8ba06a38af096eb986006a39ec279d
Instruction Fuzzy Hash: 7B618CB3E1152547F3244D29CC94362B293AB95325F2F82788E8C6B7C5E97F6D0993C4

Function 00B0A21A Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0977e4f21f911df1db487707520a55a91209a37d02aaabfae66c41f73acc68
Instruction ID: 9702633df92d318d70c0b6cc526b5061203871f29fbb7a60414d88453720e83b
Opcode Fuzzy Hash: 4e0977e4f21f911df1db487707520a55a91209a37d02aaabfae66c41f73acc68
Instruction Fuzzy Hash: C861ADB7F102244BF3504968CC883627683EB99321F2F82788E98AB7C5D97E5D0553C4

Function 00B49031 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab09eb0d962801e93f810450548915e2bb5f5c56bdbffb5500630e40553c52a9
Instruction ID: 6d2c785c2dc9191782b32b4120f74c449c70953e44a3522912c4eba0b374042c
Opcode Fuzzy Hash: ab09eb0d962801e93f810450548915e2bb5f5c56bdbffb5500630e40553c52a9
Instruction Fuzzy Hash: 2F618CB3F106258BF3544D78CC983627693EB95311F2B82788E886B7C5D97E5E099384

Function 00A930E9 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49edd41d436eb9de49b68633da3ed94c7d9dd7404cd5568f7fa1ccd17b34bf4a
Instruction ID: 2a79bbcc06dccb75b6aea95501e8d8f74c52e6c7da488741f76db1e1d695b3a7
Opcode Fuzzy Hash: 49edd41d436eb9de49b68633da3ed94c7d9dd7404cd5568f7fa1ccd17b34bf4a
Instruction Fuzzy Hash: 84518FB3F2062547F3584939CDA83626553DBD4314F2F4178CE496BBC9C9BE5D0A5384

Function 00B2E252 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2952d3677fe34029971ba118ea6176c6af7a3a050e462daf8e29fe52ad307402
Instruction ID: b3fb41dac7479b28425870bfb507eb87ab42b07737fc8961fea80a7c56dcde49
Opcode Fuzzy Hash: 2952d3677fe34029971ba118ea6176c6af7a3a050e462daf8e29fe52ad307402
Instruction Fuzzy Hash: 6B616EB3E102248BE3644E29DC943627792EB85314F6F817C8E886B3C4DA3F6D099784

Function 00B0F1A8 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fddaa5863e0150c804939c4ac05e4cb54649520d7194b261f3eaafacb519d63
Instruction ID: c628a33c4a655778ae5d491b9fa5301982b886b397b0b8bbdaeaba3621646172
Opcode Fuzzy Hash: 6fddaa5863e0150c804939c4ac05e4cb54649520d7194b261f3eaafacb519d63
Instruction Fuzzy Hash: 01518AB3F106254BF3640968CC983B16682DB91324F2F82788E9DAB7C5D97E9D0993C4

Function 00AED3D9 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eae2d095b418b817ddc647fe466ad2af4a5a411fd8381db146af6a02b57d9c0e
Instruction ID: 07e4334779c4f6a0986738ee28dee747036ff4179e747a907d21d2a0d11b5e5b
Opcode Fuzzy Hash: eae2d095b418b817ddc647fe466ad2af4a5a411fd8381db146af6a02b57d9c0e
Instruction Fuzzy Hash: EC51BBF3F006254BF3104938CDA83626693AB95324F2F42388F4CAB7D5D93E5D0A9284

Function 00B50331 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a53df48f17988521a1ae61f558335999d9028f63e0d9373d21c0cb7304e9a80a
Instruction ID: 0c2bcc0f91860ada036225d24e0683cdbbd1834e8fde07a8b796bd35f92bc693
Opcode Fuzzy Hash: a53df48f17988521a1ae61f558335999d9028f63e0d9373d21c0cb7304e9a80a
Instruction Fuzzy Hash: 19517EF7F1162547F3580928CD983A26243EBA4315F2F82788F896B7CADD7E5D0A5384

Function 00ADC442 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aedfec5bace15aa7b51e7ae061d9518abafe3a41e227a997d036ff0dfb57606d
Instruction ID: 2b6f0a0b45650d24d0412ea5c4e018e7fe3667f73cc7033fc21dc06bd4f2d285
Opcode Fuzzy Hash: aedfec5bace15aa7b51e7ae061d9518abafe3a41e227a997d036ff0dfb57606d
Instruction Fuzzy Hash: 5B5191B7F006254BF3904839CD983A2658397D5321F2F82788E986B7C9EC7E5D0A5380

Function 00AB329D Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15caed1dc1f2da0da9b0d16a39a0dbeb8f7575fd120175e5c7ead0a29c7a8e5d
Instruction ID: 3f0306461286dc2ba94d8a87a240c73c249cf066ace1854e4cf3c9c5040742d9
Opcode Fuzzy Hash: 15caed1dc1f2da0da9b0d16a39a0dbeb8f7575fd120175e5c7ead0a29c7a8e5d
Instruction Fuzzy Hash: BC514FB3E116258BF3508D29CC583617292EBA5311F2F42788E8CAB7C5D97F6D099784

Function 00AB2344 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74b83667384e319f134f1cf3d1e37c22c6d948b62c1bf1546b019bb2a5d3b899
Instruction ID: 091a410b4bd8d5f4c5af42a26958437749de55908e5b4c2990ca08a32c475d9d
Opcode Fuzzy Hash: 74b83667384e319f134f1cf3d1e37c22c6d948b62c1bf1546b019bb2a5d3b899
Instruction Fuzzy Hash: BC515AB3F1162647F3544D78CD983A27682EB95320F2F82788D89AB7C5DD3E9D099384

Function 00ABB201 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d2d796d84237a0b54deac0a3bf5d9d06a4125e3906561e9403589aa1608cdab
Instruction ID: 19a3962a666a430ffe2a308525947b897ca104544cc52e5674d45e9805115a81
Opcode Fuzzy Hash: 7d2d796d84237a0b54deac0a3bf5d9d06a4125e3906561e9403589aa1608cdab
Instruction Fuzzy Hash: 48518AB3F506208BF3584D25CCA43A23683EBD5315F2E827C8B595BBD9CD7E190AA244

Function 00B6A1A1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97f92065faa681c7d62424d0340b04a596329dae398f5f927bb75485a49c9b37
Instruction ID: 63b5fa53f5bc0bd8911edfb9b17f3317e847e311abde0861e3b593929b29b80e
Opcode Fuzzy Hash: 97f92065faa681c7d62424d0340b04a596329dae398f5f927bb75485a49c9b37
Instruction Fuzzy Hash: 99515BB3F116248BF3544978CCA83627652DB91724F2F82788F98AB3C5D97E9D0992C4

Function 00AB6455 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a0c0d68b1e63720090e974c7603ba8df1ab71ebeed573328cbd996ce93cadc8
Instruction ID: 407246ceea553031addcccfad43a450432ef6bcda4433f77ee86784850a2547d
Opcode Fuzzy Hash: 0a0c0d68b1e63720090e974c7603ba8df1ab71ebeed573328cbd996ce93cadc8
Instruction Fuzzy Hash: 0A518CB3F106254BF3844D28CC983A27693EBC9315F2F81788A499B7C5DD7E6D0A9384

Function 00A37380 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: baee97091e141ffe794c94515eb98b8cf8468db360db9b9fb23929645fe5d2cd
Instruction ID: 11cf214e9b3b12e1798cec8b5e5ea70cad648f762f4f461d81de874c3e787775
Opcode Fuzzy Hash: baee97091e141ffe794c94515eb98b8cf8468db360db9b9fb23929645fe5d2cd
Instruction Fuzzy Hash: B3416BB7648700DFD3348BA4D884A7E7BA3F7D5320F6D562DD4C927116CBB068428796

Function 00AB84E2 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e73cf3289cee036afd8c6e3ef9647fab28224ff968efa1c318126bae5d40120d
Instruction ID: 091bc4c41e6108b50affb046f2087f120a253fe9dbb5d406be1d2f8d2bfc6106
Opcode Fuzzy Hash: e73cf3289cee036afd8c6e3ef9647fab28224ff968efa1c318126bae5d40120d
Instruction Fuzzy Hash: 1B516EB7F116258BF3444D64CC983627652EB95310F2F82788E9C6B7C4DD3E6D0A9784

Function 00B12462 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aa838425271bb79097325ff81aaf917ea5eecd8bdaee5d975c9b82d5ed188d5
Instruction ID: 00c4fbc5057a03ee27302d4cd69f4a9ab0bcb417ef14a86bff468cfcc25b6c21
Opcode Fuzzy Hash: 5aa838425271bb79097325ff81aaf917ea5eecd8bdaee5d975c9b82d5ed188d5
Instruction Fuzzy Hash: 1C417CB7F116154BF3904939DD5836226839BD8321F2F82788A9C5B7C9DC7E9C4B9384

Function 00AB04B1 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e64f7d448368a235aec7bffb27c1e34c92423686b676201047ff54e0cbbda792
Instruction ID: 2abf89ed5b84f3c271345a35c4b720b77ae03c0b59314451a479f745110d8724
Opcode Fuzzy Hash: e64f7d448368a235aec7bffb27c1e34c92423686b676201047ff54e0cbbda792
Instruction Fuzzy Hash: 15417BB3E406244BF3184968DCA83A26252E794325F2F427C8F4D2B7C5D97E6D0697C4

Function 00AD22C7 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9d8d1429c732cf6333bce06de110c3d40a293500e6a6600eaa6f9358bcbc8aa
Instruction ID: e0cfa7d56b5de90d61ff7e7af2c317035174bc1a0bffd8a023ae5bd5d051a671
Opcode Fuzzy Hash: f9d8d1429c732cf6333bce06de110c3d40a293500e6a6600eaa6f9358bcbc8aa
Instruction Fuzzy Hash: 37418CB3E5112187F3604D68CC98392B693ABD5325F2F82788E586B7C4DD7E5D0993C0

Function 00AA1101 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 919f7d3231c93b517c354556636c457709e859c1d67876dfa8f63279ade2a947
Instruction ID: 11af1f724bbb30708d843fed2762bd693c120eaa421664c6b7a2eb0272aa8be2
Opcode Fuzzy Hash: 919f7d3231c93b517c354556636c457709e859c1d67876dfa8f63279ade2a947
Instruction Fuzzy Hash: 48419CF3E1152587F3584828CCA53A26283EB91325F2F82798F5A6B7C5EC7E5C464388

Function 00A88220 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87893d9fe22a3ba6e3e5630db5408b13a08d10dc00a8f1533905e560149d484b
Instruction ID: ed2da5586bf31e41c5cd5ef5c6cc4ff523b5c5bfb635902ccf34d2b95961c45e
Opcode Fuzzy Hash: 87893d9fe22a3ba6e3e5630db5408b13a08d10dc00a8f1533905e560149d484b
Instruction Fuzzy Hash: 294169B3F0052547F3504939DD983A26583ABA5314F2F82788E9CAB7C9EC3E5C4A93C0

Function 00B611F5 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c84c6ee5102166e5e94e18534ef6789e05ad57ee28e9ae85cdaf92eb4a99715
Instruction ID: b0cd42fc63baa9f62b775b0531e0a00f41204acc1008e22483d5d3bb1c886cb1
Opcode Fuzzy Hash: 2c84c6ee5102166e5e94e18534ef6789e05ad57ee28e9ae85cdaf92eb4a99715
Instruction Fuzzy Hash: E3417AF3E116264BF3540968CC943626282EBA4325F3F42398F8C6B7C1E97E5D1657C4

Function 00AD64B0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f823addbf4ef31f140007e0b94400d269662ca77fbd160be05ba96a8acf8fa
Instruction ID: eb0074f7e67f8e78835281dc265974a4fb901070fac28d390c54f7dea36eb837
Opcode Fuzzy Hash: 10f823addbf4ef31f140007e0b94400d269662ca77fbd160be05ba96a8acf8fa
Instruction Fuzzy Hash: E73165F7F6163247F36848B8DD983A21942DBA1314F2F82388F49AB7C6D87E4C0852C4

Function 00A81375 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00821173e1c59419d0feec2b8b24d346dadc813cdac02f3aefd3d1dc859f9533
Instruction ID: c818a63b9921cc2abe8985d03c5c96735fe77034bd5ad88398864c64cf94e7ff
Opcode Fuzzy Hash: 00821173e1c59419d0feec2b8b24d346dadc813cdac02f3aefd3d1dc859f9533
Instruction Fuzzy Hash: 2F3118B3F6162147F3544879CC68392618397D5325F3F82788E28ABBD9EC7E8D065284

Function 00AD04D7 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f86268b2b7b96d5194d0038395ebb1681d57969bbb37e992ecc24dc0f6fb69
Instruction ID: 04e50a2f9f8bd3ecccd0fb304b9dd8cee32cfc48687209feb0faf50b7c6b1b7b
Opcode Fuzzy Hash: 22f86268b2b7b96d5194d0038395ebb1681d57969bbb37e992ecc24dc0f6fb69
Instruction Fuzzy Hash: 2C314BF3F115214BF3584878CD693765483ABD1325F2F823D8B9E67AC9DC7E090A5284

Function 00B7512D Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd8252f71a61211cac25be559ff837d0c9e339e3002a169847a6df8e75b517c
Instruction ID: 05c5fbc94d48c9b656f4b4ecf803f5a9789153d7d9c9448bb3fe8e5177f0d6d2
Opcode Fuzzy Hash: ffd8252f71a61211cac25be559ff837d0c9e339e3002a169847a6df8e75b517c
Instruction Fuzzy Hash: E23128F3F2292047F3944529CC5836221839BE5325F3F86B98A5DAB7C5DC7E9D0A5384

Function 00AED227 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad9521dfa4f476379c083040d9e1dd036f6a3e950a72e231acc51c0b0c2c86d
Instruction ID: 71ab7004ccac9efdb2a5593d6bf3688974ec13560e5681c9d4fabdb7e3e94ee5
Opcode Fuzzy Hash: 6ad9521dfa4f476379c083040d9e1dd036f6a3e950a72e231acc51c0b0c2c86d
Instruction Fuzzy Hash: 47314DF3F1062147F35448A8DD983625582DBA5329F2F82348F5CAB7CADCBE9C0A42C4

Function 00AAF0CC Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c64f7dc2f8522118321ec382b97a3157d60a86acad169f279bcbd1361ed14f74
Instruction ID: 6f1fbf6879f4686df113cc48a539e92a586d7c13a2630f63fc33dcdadfed6741
Opcode Fuzzy Hash: c64f7dc2f8522118321ec382b97a3157d60a86acad169f279bcbd1361ed14f74
Instruction Fuzzy Hash: D2314CB7F506254BF3544879DD983622983DBD5314F2BC3388B9857BCADCBD490A4384

Function 00B3C060 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3ad1b153510ba49019f9ccbf75190d4225f1586f171c2c6169e77298f80a3f1
Instruction ID: 927775070e19e70390b7ac067f4517b69ef74473b67a0e707b687be035f95948
Opcode Fuzzy Hash: d3ad1b153510ba49019f9ccbf75190d4225f1586f171c2c6169e77298f80a3f1
Instruction Fuzzy Hash: BE318BF7E512214BF3544868CCD836266839BE9325F2F83788F6CAB7C5D87E5D054284

Function 00B3907A Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935324971e327938690df3f20c1ed0c6b0cef17071068f806f012c40bda15671
Instruction ID: ef929a37cab93888e81f3308e60830a3e2492b6a469c65361fb32e9e61255fb2
Opcode Fuzzy Hash: 935324971e327938690df3f20c1ed0c6b0cef17071068f806f012c40bda15671
Instruction Fuzzy Hash: 85317CB7F116254BF3844878CD993526643E7D5311F2B82398B589B7CADDBE9D0A4380

Function 00A8224B Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1acf4eee40d67598413798f814b9bc7d7849562eaa30850938f65dfabefa7e52
Instruction ID: fb01549ebe08b1be8ab971cd52f8b0abbc266347fabc2271363015417bc91229
Opcode Fuzzy Hash: 1acf4eee40d67598413798f814b9bc7d7849562eaa30850938f65dfabefa7e52
Instruction Fuzzy Hash: 7731EEF7F1192147F3A44879CD583626583ABE5325F2F82398E6CAB6C5DC7D4D0A52C0

Function 00ABC4FC Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5751d46f4db47495545a6d52c1b1f9b2fc268a287de8f989319e0ae1c0c03954
Instruction ID: 412abe0d45af7c045a55c92aa2fe35130b1517cb0149e2f8a8d14e7c4014376e
Opcode Fuzzy Hash: 5751d46f4db47495545a6d52c1b1f9b2fc268a287de8f989319e0ae1c0c03954
Instruction Fuzzy Hash: CA313BB3F0062147F3584879CD683A65583ABD5361F2F82388F4D6BBC9C87E5D4A1284

Function 00A5D34D Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10aa967a67593d3b5ee1cc939412c1f5d4617dd9b3bbb708d8801653445aabd6
Instruction ID: 600c2a0046b8ec08f12ed373bd7c03ff7e1cf4ef859fcb865639edb3894a0b0f
Opcode Fuzzy Hash: 10aa967a67593d3b5ee1cc939412c1f5d4617dd9b3bbb708d8801653445aabd6
Instruction Fuzzy Hash: 34212E31B483500BD718CF3988D113BF7E39BDA224F18C57DD8959B295CA34ED0A8B45

Function 00B2D0F2 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73af4fd9ba4fd3b3828e3afd727c0f44c5920ebab88aa96cee4489438bea565a
Instruction ID: cb49816a60a749a1cecb3c0c042307ed20a531b81114d145dcbd60aa800ee462
Opcode Fuzzy Hash: 73af4fd9ba4fd3b3828e3afd727c0f44c5920ebab88aa96cee4489438bea565a
Instruction Fuzzy Hash: 313148F3E5163147F39448A4CD983A25582D791325F2F82788EACABBC5D8BE5C0953C4

Function 00B482B9 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99fa83e52dd4020709c9af73bd966c9cd90eeb7a4de0952ee50cb67d353e9dd9
Instruction ID: 93e8c8dcead07d47d076ebc818e46119eb5d59d20fd1df92455bffa0a353eb58
Opcode Fuzzy Hash: 99fa83e52dd4020709c9af73bd966c9cd90eeb7a4de0952ee50cb67d353e9dd9
Instruction Fuzzy Hash: 9A3143F7F506210BF3904865CD88362258297A5728F2F82788F5CAB7C6D8BE5C0A13C4

Function 00B58296 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc7279bc08c93c76a13a2027e2089ac8d833fe9b5a1f793fd40475b47365f15e
Instruction ID: e9cb9827b1ec0ba063ef905881800590c50e1acbca9b90b041f48225d326868b
Opcode Fuzzy Hash: cc7279bc08c93c76a13a2027e2089ac8d833fe9b5a1f793fd40475b47365f15e
Instruction Fuzzy Hash: F72189F3E5112243F36808B8C95836695839B91324F2F83398F6977BC4DC7D8D0A12C4

Function 00B590EA Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd4963a4fba4b509020dba6422cae680efb2a1f3b7d7761b37b38ff92d0fb6eb
Instruction ID: 468635978794e8314018b240ceb910221f35983b05862774358bada39bb2b23e
Opcode Fuzzy Hash: cd4963a4fba4b509020dba6422cae680efb2a1f3b7d7761b37b38ff92d0fb6eb
Instruction Fuzzy Hash: 5A21E5B7F0122407F3948879CD99392108397D5364F2F82398E9CABBC9EC7E9C0B5280

Function 00A9914A Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d2b706938cb37a16ad49317544f8864a7dafc3edfa41be30a547340d5d7202c
Instruction ID: 1be5eaab9475dc5e5ffd8ace4110efcca5a39319f52f084fd08a99389b960d9d
Opcode Fuzzy Hash: 8d2b706938cb37a16ad49317544f8864a7dafc3edfa41be30a547340d5d7202c
Instruction Fuzzy Hash: 73216AB3F6162107F3944878CD99392A582E794365F2B82398E58EBBC9DD7D8D0A42C4

Function 00A98254 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ef1edaf9ffe1e6d60cd44de54313713651a87e4c10d45187f204854b285631b
Instruction ID: 498b522e0148e64d67720d6ed033ad0e1566e47e248b1ab46d8a7eb1839f57b6
Opcode Fuzzy Hash: 8ef1edaf9ffe1e6d60cd44de54313713651a87e4c10d45187f204854b285631b
Instruction Fuzzy Hash: B42137B3F106204BF3944878DE583A218929790365F2F83398F5D6B6C9DC7D5D0A52C4

Function 00B77122 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aed75a6fcb644f50753286069460591e7a5246fbded60ef5ba7e93b05faace1
Instruction ID: 9e40456e25436b7b9ff2fca46aff5199d28b56fdee65652c4ce015f6c19973f6
Opcode Fuzzy Hash: 4aed75a6fcb644f50753286069460591e7a5246fbded60ef5ba7e93b05faace1
Instruction Fuzzy Hash: 102189B7F8022547F3980878CDA93A25583A790324F3B83399F6D6BBC5DC7D8D0A1294

Function 00B09216 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dd38cd7500667ede2d1ba01cdd1d78545ba1b000d702aba0d6b25ef36e23c2b
Instruction ID: ce6eec9525bdcc9a898cde542f48ba3384af523e861dc097e3b59675a395061a
Opcode Fuzzy Hash: 3dd38cd7500667ede2d1ba01cdd1d78545ba1b000d702aba0d6b25ef36e23c2b
Instruction Fuzzy Hash: C9214CB3F511254BF3544979CD983A26543ABD5321F2B83788E1C6BBC8CC7E6E0A62D4

Function 00A55450 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: ebe328e3539fa21a3722719c0e999e1ae382e755a34f974be44e7d74604dea13
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 5F118633E055D40EC3168D3C8410575BFB32AA3637B698399F8B89B2D6D6328DCE8755

Function 00A43086 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1394425291.0000000000A21000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000000.00000002.1394406212.0000000000A20000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394425291.0000000000A63000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394474578.0000000000A72000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000A74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000CD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394491359.0000000000D19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394774673.0000000000D1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394879073.0000000000EB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1394895574.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a20000_ddySsHnC6l.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a31e298aedfb764da9936e709b09a0607a7ac8f060101261f836b15202a743
Instruction ID: 7d9e7ca831ec4add2ede06b0efed08d475023be5dc10828ecd03defde58ab683
Opcode Fuzzy Hash: e8a31e298aedfb764da9936e709b09a0607a7ac8f060101261f836b15202a743
Instruction Fuzzy Hash: D7E0ED75C51141AFDE10AB50FD016187A73B762307B471220E808A3232EF76546BD755

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ddySsHnC6l.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
ddySsHnC6l.exe

Function 00A28850 Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Function 00A5C1F0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00A5C767 Relevance: 1.3, Strings: 1, Instructions: 99
COMMON

Function 00A2C583 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Function 00A2C550 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Function 00A5AAA0 Relevance: 1.5, APIs: 1, Instructions: 13
memoryCOMMON

Function 00A5AA80 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON