Edit tour

Windows Analysis Report
C8QT9HkXEb.exe

Overview

General Information

Sample name:	C8QT9HkXEb.exe renamed because original name is a hash value
Original sample name:	942e86204245173e9297bf46dacf79b3.exe
Analysis ID:	1580885
MD5:	942e86204245173e9297bf46dacf79b3
SHA1:	e3a1824db55ca76304cf36a238bc3b24a76902d6
SHA256:	a6f5c5e95852cd706419be818733fa6c079c27af126b390928b315ff984a1918
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

C8QT9HkXEb.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\C8QT9HkXEb.exe" MD5: 942E86204245173E9297BF46DACF79B3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["talkynicer.lat", "manyrestro.lat", "tentabatte.lat", "slipperyloo.lat", "observerfry.lat", "curverpluch.lat", "wordyfindy.lat", "shapestickyr.lat", "bashfulacid.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:13.217055+0100	2028371	3	Unknown Traffic	192.168.2.5	49704	23.55.153.106	443	TCP
2024-12-26T12:52:15.755339+0100	2028371	3	Unknown Traffic	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T12:52:17.964219+0100	2028371	3	Unknown Traffic	192.168.2.5	49706	104.21.66.86	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:16.792681+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49705	104.21.66.86	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:16.792681+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49705	104.21.66.86	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:11.443943+0100	2058480	1	Domain Observed Used for C2 Detected	192.168.2.5	64151	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:11.155382+0100	2058484	1	Domain Observed Used for C2 Detected	192.168.2.5	59377	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:10.731287+0100	2058492	1	Domain Observed Used for C2 Detected	192.168.2.5	54297	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:10.870391+0100	2058500	1	Domain Observed Used for C2 Detected	192.168.2.5	53068	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:10.590393+0100	2058502	1	Domain Observed Used for C2 Detected	192.168.2.5	50744	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:11.013160+0100	2058510	1	Domain Observed Used for C2 Detected	192.168.2.5	50270	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:11.296785+0100	2058512	1	Domain Observed Used for C2 Detected	192.168.2.5	52639	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:10.248517+0100	2058514	1	Domain Observed Used for C2 Detected	192.168.2.5	52304	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:52:14.136171+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	23.55.153.106	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: C8QT9HkXEb.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://lev-tolstoi.com/date	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/d	Avira URL Cloud: Label: malware

Found malware configuration

Source: C8QT9HkXEb.exe.7288.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["talkynicer.lat", "manyrestro.lat", "tentabatte.lat", "slipperyloo.lat", "observerfry.lat", "curverpluch.lat", "wordyfindy.lat", "shapestickyr.lat", "bashfulacid.lat"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for submitted file

Source: C8QT9HkXEb.exe	Virustotal: Detection: 54%			Perma Link
Source: C8QT9HkXEb.exe	ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: C8QT9HkXEb.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bashfulacid.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: tentabatte.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: curverpluch.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: talkynicer.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: shapestickyr.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: manyrestro.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: slipperyloo.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: wordyfindy.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: observerfry.lat
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Source: C8QT9HkXEb.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edx, ebx	0_2_00828600
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00828A50
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00861720
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0084C09E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0084E0DA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0084C0E6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_008481CC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0084C09E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov eax, dword ptr [00866130h]	0_2_00838169
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00856210
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_008483D8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_0083C300
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00860340
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_0084C465
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0084C465
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edi, ecx	0_2_0084A5B6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00848528
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_008606F0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov eax, ebx	0_2_0083C8A0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_0083C8A0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_0083C8A0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_0083C8A0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then push esi	0_2_0082C805
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00842830
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_0085C830
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0084C850
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_0085C990
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_008489E9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_0084AAC0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_0085CA40
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_0083EB80
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edx, ecx	0_2_00838B1B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_0082AB40
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00834CA0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_0082CC7A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_0085EDC1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0085CDF0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_0085CDF0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0085CDF0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_0085CDF0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00860D20
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edx, ecx	0_2_00846D2E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00822EB0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_00842E6D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then jmp edx	0_2_00842E6D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00842E6D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00836F52
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov esi, ecx	0_2_008490D0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_0084D116
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00861160
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_0084B170
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_0084D17D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_008273D0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_008273D0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0084D34A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov eax, ebx	0_2_00847440
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00847440
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0083747D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_0083747D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_0083B57D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00829780
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then jmp edx	0_2_008437D6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then jmp eax	0_2_00849739
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00847740
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_0083D8AC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_0083D8AC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_0083D8D8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_0083D8D8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edx, ecx	0_2_0083B8F6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edx, ecx	0_2_0083B8F6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0084B980
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then jmp edx	0_2_008439B9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_008439B9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00841A10
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then dec edx	0_2_0085FA20
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then dec edx	0_2_0085FB10
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0084DDFF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then dec edx	0_2_0085FD70
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edx, ecx	0_2_00849E80
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0084DE07
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then dec edx	0_2_0085FE00
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov ecx, eax	0_2_0084BF13
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00845F1B

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.5:64151 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.5:52304 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.5:50744 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.5:53068 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.5:52639 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.5:59377 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.5:54297 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.5:50270 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.55.153.106:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: talkynicer.lat
Source: Malware configuration extractor	URLs: manyrestro.lat
Source: Malware configuration extractor	URLs: tentabatte.lat
Source: Malware configuration extractor	URLs: slipperyloo.lat
Source: Malware configuration extractor	URLs: observerfry.lat
Source: Malware configuration extractor	URLs: curverpluch.lat
Source: Malware configuration extractor	URLs: wordyfindy.lat
Source: Malware configuration extractor	URLs: shapestickyr.lat
Source: Malware configuration extractor	URLs: bashfulacid.lat

Source: Joe Sandbox View	IP Address: 104.21.66.86 104.21.66.86
Source: Joe Sandbox View	IP Address: 23.55.153.106 23.55.153.106

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 23.55.153.106:443

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=67f7401d803ff1f1949f0791; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 11:52:13 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control? equals www.youtube.com (Youtube)
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: observerfry.lat
Source: global traffic	DNS traffic detected: DNS query: wordyfindy.lat
Source: global traffic	DNS traffic detected: DNS query: slipperyloo.lat
Source: global traffic	DNS traffic detected: DNS query: manyrestro.lat
Source: global traffic	DNS traffic detected: DNS query: shapestickyr.lat
Source: global traffic	DNS traffic detected: DNS query: talkynicer.lat
Source: global traffic	DNS traffic detected: DNS query: curverpluch.lat
Source: global traffic	DNS traffic detected: DNS query: tentabatte.lat
Source: global traffic	DNS traffic detected: DNS query: bashfulacid.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: lev-tolstoi.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: C8QT9HkXEb.exe, 00000000.00000003.2136351816.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137710536.0000000001241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://microsoft.co
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: C8QT9HkXEb.exe, 00000000.00000003.2136351816.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136537906.0000000001277000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.c
Source: C8QT9HkXEb.exe, 00000000.00000003.2136351816.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137710536.0000000001241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.co
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: C8QT9HkXEb.exe, 00000000.00000003.2136483432.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/
Source: C8QT9HkXEb.exe, 00000000.00000003.2136351816.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136351816.000000000120B000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124650344.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137710536.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137625670.000000000120B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api
Source: C8QT9HkXEb.exe, 00000000.00000002.2137492585.00000000011F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/d
Source: C8QT9HkXEb.exe, 00000000.00000002.2137710536.0000000001231000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136351816.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136483432.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/date
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: C8QT9HkXEb.exe	Static PE information: section name:
Source: C8QT9HkXEb.exe	Static PE information: section name: .idata
Source: C8QT9HkXEb.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00828600	0_2_00828600
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0082B100	0_2_0082B100
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00ACA0BA	0_2_00ACA0BA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084C09E	0_2_0084C09E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F60AD	0_2_008F60AD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A20AD	0_2_008A20AD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009400A7	0_2_009400A7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C00C9	0_2_008C00C9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084A0CA	0_2_0084A0CA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F40DC	0_2_008F40DC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009940CC	0_2_009940CC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095E0C3	0_2_0095E0C3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090E0CA	0_2_0090E0CA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084C0E6	0_2_0084C0E6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091E0F8	0_2_0091E0F8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008360E9	0_2_008360E9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009840E6	0_2_009840E6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093A019	0_2_0093A019
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093E00E	0_2_0093E00E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091403B	0_2_0091403B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0098E037	0_2_0098E037
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089403D	0_2_0089403D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F8043	0_2_008F8043
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D006F	0_2_008D006F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008DA069	0_2_008DA069
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0096606E	0_2_0096606E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097406C	0_2_0097406C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B0074	0_2_008B0074
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084E180	0_2_0084E180
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009141B5	0_2_009141B5
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009381AD	0_2_009381AD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008481CC	0_2_008481CC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CE1D8	0_2_008CE1D8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A81FF	0_2_008A81FF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008861FE	0_2_008861FE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094E1E8	0_2_0094E1E8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092C116	0_2_0092C116
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E2107	0_2_008E2107
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091810D	0_2_0091810D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089A12C	0_2_0089A12C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F013D	0_2_008F013D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089213D	0_2_0089213D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00980126	0_2_00980126
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00992155	0_2_00992155
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C815A	0_2_008C815A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084C09E	0_2_0084C09E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00996144	0_2_00996144
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00826160	0_2_00826160
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00838169	0_2_00838169
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CC17A	0_2_008CC17A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00940297	0_2_00940297
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00926285	0_2_00926285
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B8292	0_2_008B8292
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BC2A1	0_2_008BC2A1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008AC2C9	0_2_008AC2C9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008EC2C4	0_2_008EC2C4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093C2C3	0_2_0093C2C3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E62DD	0_2_008E62DD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008442D0	0_2_008442D0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009682CF	0_2_009682CF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097A2EC	0_2_0097A2EC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BE217	0_2_008BE217
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0083E220	0_2_0083E220
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090C23D	0_2_0090C23D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00952238	0_2_00952238
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095C258	0_2_0095C258
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092A25C	0_2_0092A25C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00906272	0_2_00906272
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090A277	0_2_0090A277
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008AA27B	0_2_008AA27B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00824270	0_2_00824270
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009F426C	0_2_009F426C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0098A26F	0_2_0098A26F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091238C	0_2_0091238C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A43AA	0_2_008A43AA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095A3A3	0_2_0095A3A3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BA3CA	0_2_008BA3CA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C03CF	0_2_008C03CF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090A3DA	0_2_0090A3DA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C63C2	0_2_008C63C2
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008483D8	0_2_008483D8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009523C9	0_2_009523C9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B23E8	0_2_008B23E8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D63E8	0_2_008D63E8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009203F5	0_2_009203F5
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008823E2	0_2_008823E2
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009163FA	0_2_009163FA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E03FF	0_2_008E03FF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009B83E8	0_2_009B83E8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008EA3FA	0_2_008EA3FA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B4302	0_2_008B4302
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0096231B	0_2_0096231B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CC314	0_2_008CC314
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00888316	0_2_00888316
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C232A	0_2_008C232A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089E32E	0_2_0089E32E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092833B	0_2_0092833B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093A322	0_2_0093A322
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00944322	0_2_00944322
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00936357	0_2_00936357
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00948353	0_2_00948353
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00938359	0_2_00938359
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089035C	0_2_0089035C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008EE35B	0_2_008EE35B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00934348	0_2_00934348
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CA365	0_2_008CA365
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D837D	0_2_008D837D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00974364	0_2_00974364
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00918490	0_2_00918490
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009FE49D	0_2_009FE49D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089C4BB	0_2_0089C4BB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008DA4B0	0_2_008DA4B0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A84CA	0_2_008A84CA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008404C6	0_2_008404C6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A04CF	0_2_008A04CF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009544D0	0_2_009544D0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093E4D8	0_2_0093E4D8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093A4DC	0_2_0093A4DC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008904D5	0_2_008904D5
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009744C8	0_2_009744C8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008424E0	0_2_008424E0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B04ED	0_2_008B04ED
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E24E3	0_2_008E24E3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B64FA	0_2_008B64FA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094C417	0_2_0094C417
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0096041C	0_2_0096041C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008DC414	0_2_008DC414
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092E409	0_2_0092E409
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095C430	0_2_0095C430
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00940433	0_2_00940433
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00980436	0_2_00980436
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C843C	0_2_008C843C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091A42C	0_2_0091A42C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090E454	0_2_0090E454
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0085A440	0_2_0085A440
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088A446	0_2_0088A446
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090045E	0_2_0090045E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094A443	0_2_0094A443
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F6457	0_2_008F6457
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00860460	0_2_00860460
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088C475	0_2_0088C475
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A6580	0_2_008A6580
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B459D	0_2_008B459D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0085C5A0	0_2_0085C5A0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009285BB	0_2_009285BB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094A5AB	0_2_0094A5AB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097C5DD	0_2_0097C5DD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0085A5D4	0_2_0085A5D4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009445C6	0_2_009445C6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009945FF	0_2_009945FF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C45EB	0_2_008C45EB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094E5FE	0_2_0094E5FE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009245FF	0_2_009245FF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008265F0	0_2_008265F0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088E50F	0_2_0088E50F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C0501	0_2_008C0501
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E851C	0_2_008E851C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008FA519	0_2_008FA519
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F252B	0_2_008F252B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084C53C	0_2_0084C53C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095052A	0_2_0095052A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093C555	0_2_0093C555
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00964549	0_2_00964549
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00844560	0_2_00844560
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00908564	0_2_00908564
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090656B	0_2_0090656B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097E569	0_2_0097E569
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B6688	0_2_008B6688
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0082E687	0_2_0082E687
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092C68F	0_2_0092C68F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BC6A2	0_2_008BC6A2
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009266B9	0_2_009266B9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009706D6	0_2_009706D6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F66C9	0_2_008F66C9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008446D0	0_2_008446D0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008966D1	0_2_008966D1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009786CF	0_2_009786CF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B26EC	0_2_008B26EC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008946F8	0_2_008946F8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008606F0	0_2_008606F0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009586EA	0_2_009586EA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0099263B	0_2_0099263B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0083E630	0_2_0083E630
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00946629	0_2_00946629
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093062D	0_2_0093062D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088864E	0_2_0088864E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00858650	0_2_00858650
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CC787	0_2_008CC787
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091A78D	0_2_0091A78D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C67AB	0_2_008C67AB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009607A6	0_2_009607A6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008987BF	0_2_008987BF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093E7AD	0_2_0093E7AD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A47D9	0_2_008A47D9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092A7C7	0_2_0092A7C7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009907FB	0_2_009907FB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0096A7FD	0_2_0096A7FD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E47E0	0_2_008E47E0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009307FC	0_2_009307FC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D87F7	0_2_008D87F7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00912713	0_2_00912713
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097A711	0_2_0097A711
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092271A	0_2_0092271A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C871C	0_2_008C871C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00932709	0_2_00932709
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090C70B	0_2_0090C70B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094C754	0_2_0094C754
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00976750	0_2_00976750
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BE743	0_2_008BE743
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090A742	0_2_0090A742
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00832750	0_2_00832750
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008EE75A	0_2_008EE75A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F4755	0_2_008F4755
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008AC76F	0_2_008AC76F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008DC771	0_2_008DC771
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C088E	0_2_008C088E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00962895	0_2_00962895
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008DA89E	0_2_008DA89E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E089D	0_2_008E089D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088289F	0_2_0088289F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0083C8A0	0_2_0083C8A0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008FC8BC	0_2_008FC8BC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008588B0	0_2_008588B0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009FC8DE	0_2_009FC8DE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D28C4	0_2_008D28C4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092E8C0	0_2_0092E8C0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009728C5	0_2_009728C5
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009588C9	0_2_009588C9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095C8C9	0_2_0095C8C9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089E8EA	0_2_0089E8EA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093A8E1	0_2_0093A8E1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091C8E9	0_2_0091C8E9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095E811	0_2_0095E811
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E6806	0_2_008E6806
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00904804	0_2_00904804
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F0818	0_2_008F0818
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095A80D	0_2_0095A80D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0098283C	0_2_0098283C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00988835	0_2_00988835
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B8825	0_2_008B8825
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00936828	0_2_00936828
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0082C840	0_2_0082C840
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00918843	0_2_00918843
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D0866	0_2_008D0866
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F8860	0_2_008F8860
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090E861	0_2_0090E861
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B0989	0_2_008B0989
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091698C	0_2_0091698C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009789BD	0_2_009789BD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095A9B9	0_2_0095A9B9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090E9A2	0_2_0090E9A2
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E89B8	0_2_008E89B8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B49C6	0_2_008B49C6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009D69CC	0_2_009D69CC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088E9EC	0_2_0088E9EC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088C9ED	0_2_0088C9ED
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008609E0	0_2_008609E0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084C9EB	0_2_0084C9EB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009689EE	0_2_009689EE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00974917	0_2_00974917
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094A912	0_2_0094A912
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092C915	0_2_0092C915
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090291C	0_2_0090291C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00846910	0_2_00846910
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A6914	0_2_008A6914
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091493A	0_2_0091493A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B693B	0_2_008B693B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C8936	0_2_008C8936
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00AEE912	0_2_00AEE912
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097E929	0_2_0097E929
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0098C95A	0_2_0098C95A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D4954	0_2_008D4954
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00890953	0_2_00890953
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008EC96E	0_2_008EC96E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00910971	0_2_00910971
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0083E960	0_2_0083E960
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A8974	0_2_008A8974
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00944A91	0_2_00944A91
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BAA82	0_2_008BAA82
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BCA87	0_2_008BCA87
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00892A9B	0_2_00892A9B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093AAA0	0_2_0093AAA0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00894ABF	0_2_00894ABF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00848ABC	0_2_00848ABC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B2AC9	0_2_008B2AC9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008FAAC7	0_2_008FAAC7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094EAD8	0_2_0094EAD8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E6ADF	0_2_008E6ADF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00934AC1	0_2_00934AC1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094CACB	0_2_0094CACB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C8AE8	0_2_008C8AE8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E4AEB	0_2_008E4AEB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008DEAE1	0_2_008DEAE1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00990AE2	0_2_00990AE2
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00986A35	0_2_00986A35
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089CA3B	0_2_0089CA3B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00938A29	0_2_00938A29
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CEA48	0_2_008CEA48
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0085CA40	0_2_0085CA40
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008AEA47	0_2_008AEA47
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CCA41	0_2_008CCA41
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092EA5C	0_2_0092EA5C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00992A49	0_2_00992A49
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095CA46	0_2_0095CA46
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008AAA63	0_2_008AAA63
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00984A6A	0_2_00984A6A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0083EB80	0_2_0083EB80
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00950B86	0_2_00950B86
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008ACB9E	0_2_008ACB9E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090AB87	0_2_0090AB87
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00940B89	0_2_00940B89
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00824BA0	0_2_00824BA0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00928BD0	0_2_00928BD0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00920BD7	0_2_00920BD7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00986BDF	0_2_00986BDF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00904BC8	0_2_00904BC8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D0BFA	0_2_008D0BFA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CABF7	0_2_008CABF7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008FEB02	0_2_008FEB02
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00838B1B	0_2_00838B1B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00952B32	0_2_00952B32
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B0B27	0_2_008B0B27
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0082AB40	0_2_0082AB40
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097AB51	0_2_0097AB51
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00968B5E	0_2_00968B5E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C2B5A	0_2_008C2B5A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0096CB7D	0_2_0096CB7D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A6C88	0_2_008A6C88
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00834CA0	0_2_00834CA0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008DCCA0	0_2_008DCCA0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00988CA1	0_2_00988CA1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00946CA9	0_2_00946CA9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00902CD3	0_2_00902CD3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00914CD4	0_2_00914CD4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00898CC3	0_2_00898CC3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00978CC3	0_2_00978CC3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00962CC0	0_2_00962CC0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090CCCA	0_2_0090CCCA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BCCEB	0_2_008BCCEB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089ECEF	0_2_0089ECEF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008EACE9	0_2_008EACE9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090ECFC	0_2_0090ECFC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095ACE1	0_2_0095ACE1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00878C04	0_2_00878C04
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009F0C14	0_2_009F0C14
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0098AC30	0_2_0098AC30
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00936C27	0_2_00936C27
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088AC3D	0_2_0088AC3D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00998C2F	0_2_00998C2F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F2C34	0_2_008F2C34
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00918C53	0_2_00918C53
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00922C50	0_2_00922C50
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00942C52	0_2_00942C52
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092EC5A	0_2_0092EC5A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092AC4D	0_2_0092AC4D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00890C6D	0_2_00890C6D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00972D95	0_2_00972D95
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089CD9D	0_2_0089CD9D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00882D9F	0_2_00882D9F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C6DBC	0_2_008C6DBC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F2DC7	0_2_008F2DC7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B4DC1	0_2_008B4DC1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097CDDB	0_2_0097CDDB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CCDDE	0_2_008CCDDE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BADD2	0_2_008BADD2
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00938DCD	0_2_00938DCD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00880DE8	0_2_00880DE8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00940DFB	0_2_00940DFB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00954DE1	0_2_00954DE1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0085CDF0	0_2_0085CDF0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094ADE1	0_2_0094ADE1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00860D20	0_2_00860D20
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00846D2E	0_2_00846D2E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008ACD26	0_2_008ACD26
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008FED31	0_2_008FED31
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008F0D4F	0_2_008F0D4F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00980D59	0_2_00980D59
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00984D5C	0_2_00984D5C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00994D5D	0_2_00994D5D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084CD4C	0_2_0084CD4C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B8D40	0_2_008B8D40
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B6D5B	0_2_008B6D5B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084CD5E	0_2_0084CD5E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00964D66	0_2_00964D66
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00998E91	0_2_00998E91
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00970E86	0_2_00970E86
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093CE86	0_2_0093CE86
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00858EA0	0_2_00858EA0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E6EA8	0_2_008E6EA8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095CEB3	0_2_0095CEB3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00884EA3	0_2_00884EA3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008ECEA5	0_2_008ECEA5
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B2EA4	0_2_008B2EA4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00944EA4	0_2_00944EA4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0098CEA8	0_2_0098CEA8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00822EB0	0_2_00822EB0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0083AEB0	0_2_0083AEB0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0098EEAC	0_2_0098EEAC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0089AEC8	0_2_0089AEC8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BAEC9	0_2_008BAEC9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E4ECD	0_2_008E4ECD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B0EC3	0_2_008B0EC3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093AEC1	0_2_0093AEC1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00888EDF	0_2_00888EDF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008EEEE5	0_2_008EEEE5
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00912EFC	0_2_00912EFC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091EEE4	0_2_0091EEE4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0096CEED	0_2_0096CEED
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009F2E1A	0_2_009F2E1A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008AAE02	0_2_008AAE02
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00990E14	0_2_00990E14
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0096EE05	0_2_0096EE05
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088CE10	0_2_0088CE10
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090EE32	0_2_0090EE32
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B8E2F	0_2_008B8E2F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0082CE45	0_2_0082CE45
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00950E5B	0_2_00950E5B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095EE5A	0_2_0095EE5A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BEE5E	0_2_008BEE5E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009FAE49	0_2_009FAE49
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A8E54	0_2_008A8E54
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00936E77	0_2_00936E77
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0084EE63	0_2_0084EE63
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C4E64	0_2_008C4E64
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00840E6C	0_2_00840E6C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00842E6D	0_2_00842E6D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D4E7F	0_2_008D4E7F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00962E61	0_2_00962E61
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008E0FAF	0_2_008E0FAF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00914FDA	0_2_00914FDA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00950FC7	0_2_00950FC7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00932FF8	0_2_00932FF8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091CFE6	0_2_0091CFE6
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00952F1C	0_2_00952F1C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008AEF13	0_2_008AEF13
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C2F34	0_2_008C2F34
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00974F51	0_2_00974F51
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00892F43	0_2_00892F43
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00904F5A	0_2_00904F5A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00836F52	0_2_00836F52
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00934F4E	0_2_00934F4E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00928F71	0_2_00928F71
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097CF71	0_2_0097CF71
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A708B	0_2_008A708B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008A9083	0_2_008A9083
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097309C	0_2_0097309C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00977083	0_2_00977083
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00943082	0_2_00943082
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009650B3	0_2_009650B3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B10A4	0_2_008B10A4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009890A0	0_2_009890A0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009970DB	0_2_009970DB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008970DD	0_2_008970DD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097B0F0	0_2_0097B0F0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008910E2	0_2_008910E2
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090F0FD	0_2_0090F0FD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093F0E0	0_2_0093F0E0
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009830EE	0_2_009830EE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0083D003	0_2_0083D003
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0095B014	0_2_0095B014
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B7005	0_2_008B7005
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088F007	0_2_0088F007
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00967001	0_2_00967001
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0082D021	0_2_0082D021
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D7026	0_2_008D7026
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00981028	0_2_00981028
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008B3038	0_2_008B3038
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0090B024	0_2_0090B024
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092F02B	0_2_0092F02B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00927052	0_2_00927052
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00963054	0_2_00963054
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CF048	0_2_008CF048
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009EF052	0_2_009EF052
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0098F054	0_2_0098F054
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00979045	0_2_00979045
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00923079	0_2_00923079
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092D068	0_2_0092D068
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00939193	0_2_00939193
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008CD18D	0_2_008CD18D
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0097F195	0_2_0097F195
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0088318F	0_2_0088318F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0085F18B	0_2_0085F18B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008491AE	0_2_008491AE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008971A7	0_2_008971A7
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_009551DA	0_2_009551DA
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0094B1CE	0_2_0094B1CE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C51F9	0_2_008C51F9
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008BD11F	0_2_008BD11F
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008AD112	0_2_008AD112
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00895133	0_2_00895133
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00953157	0_2_00953157
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D1147	0_2_008D1147
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D5147	0_2_008D5147
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0091915E	0_2_0091915E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008C116C	0_2_008C116C
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008EF16A	0_2_008EF16A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0093317B	0_2_0093317B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00901179	0_2_00901179
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0092517E	0_2_0092517E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008FD179	0_2_008FD179

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: String function: 00827F60 appears 40 times
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: String function: 00834C90 appears 77 times

Source: C8QT9HkXEb.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C8QT9HkXEb.exe	Static PE information: Section: ZLIB complexity 0.9995149101307189
Source: C8QT9HkXEb.exe	Static PE information: Section: tkjsnozr ZLIB complexity 0.9945491403515169

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@11/2

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Code function: 0_2_00852070 CoCreateInstance,

0_2_00852070

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C8QT9HkXEb.exe	Virustotal: Detection: 54%
Source: C8QT9HkXEb.exe	ReversingLabs: Detection: 57%

Source: C8QT9HkXEb.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

File read: C:\Users\user\Desktop\C8QT9HkXEb.exe

Jump to behavior

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C8QT9HkXEb.exe

Static file information: File size 1927680 > 1048576

Source: C8QT9HkXEb.exe

Static PE information: Raw size of tkjsnozr is bigger than: 0x100000 < 0x1ac800

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Unpacked PE file: 0.2.C8QT9HkXEb.exe.820000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tkjsnozr:EW;hrfcsqbb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tkjsnozr:EW;hrfcsqbb:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: C8QT9HkXEb.exe

Static PE information: real checksum: 0x1d828d should be: 0x1d73ca

Source: C8QT9HkXEb.exe	Static PE information: section name:
Source: C8QT9HkXEb.exe	Static PE information: section name: .idata
Source: C8QT9HkXEb.exe	Static PE information: section name:
Source: C8QT9HkXEb.exe	Static PE information: section name: tkjsnozr
Source: C8QT9HkXEb.exe	Static PE information: section name: hrfcsqbb
Source: C8QT9HkXEb.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00879865 push 5083B49Ch; mov dword ptr [esp], ebx	0_2_00879AFC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A0E0A0 push 7DAA1BA5h; mov dword ptr [esp], edx	0_2_00A0E0AD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A700A6 push eax; mov dword ptr [esp], ecx	0_2_00A7014B
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A700A6 push 79E281CAh; mov dword ptr [esp], edx	0_2_00A70153
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A700A6 push 5BD66B10h; mov dword ptr [esp], eax	0_2_00A7018E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A700A6 push eax; mov dword ptr [esp], 5FDB7DB9h	0_2_00A70192
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A980A6 push ebp; mov dword ptr [esp], edi	0_2_00A980D3
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00ACA0BA push edx; mov dword ptr [esp], esp	0_2_00ACA1EE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A1E0FB push 7B43DF14h; mov dword ptr [esp], esp	0_2_00A1E194
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A1E0FB push 70490F45h; mov dword ptr [esp], edx	0_2_00A1E333
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A1E0FB push edx; mov dword ptr [esp], ebx	0_2_00A1E378
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0087E0E8 push ecx; mov dword ptr [esp], 7CE50F44h	0_2_0087E0F4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0087C0F6 push edi; mov dword ptr [esp], 1B3FEA60h	0_2_0087F908
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0087A0F1 push ebp; mov dword ptr [esp], ecx	0_2_0087A0F4
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0087803F push edx; mov dword ptr [esp], 3F02A93Eh	0_2_008783CD
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00ACA011 push ebx; mov dword ptr [esp], edx	0_2_00ACA021
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00ACA011 push 4616F21Ah; mov dword ptr [esp], edx	0_2_00ACA033
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00878039 push 50480C41h; mov dword ptr [esp], ebp	0_2_00878736
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A62077 push 414763B7h; mov dword ptr [esp], edx	0_2_00A620A5
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A62077 push ebx; mov dword ptr [esp], ecx	0_2_00A620FC
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D006F push 3F2A9DC4h; mov dword ptr [esp], edx	0_2_008D0536
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D006F push 06BE7624h; mov dword ptr [esp], edi	0_2_008D05AF
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D006F push ecx; mov dword ptr [esp], ebx	0_2_008D070E
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_008D006F push 752AF3E1h; mov dword ptr [esp], eax	0_2_008D07AB
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00AA41A1 push ebx; mov dword ptr [esp], edi	0_2_00AA41C5
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00AA41A1 push 0E0566CBh; mov dword ptr [esp], ecx	0_2_00AA41F1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A92195 push ebp; mov dword ptr [esp], eax	0_2_00A92234
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0087C1C7 push edx; mov dword ptr [esp], ebx	0_2_0087CF8A
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0087A1E9 push 4943AC93h; mov dword ptr [esp], esi	0_2_0087A1F8
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_00A78130 push 03948EDBh; mov dword ptr [esp], ebx	0_2_00A781B1
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Code function: 0_2_0087811E push edx; mov dword ptr [esp], esi	0_2_00878120

Source: C8QT9HkXEb.exe	Static PE information: section name: entropy: 7.976532320186572
Source: C8QT9HkXEb.exe	Static PE information: section name: tkjsnozr entropy: 7.953453704005043

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9EB473 second address: 9EB477 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9EB477 second address: 9EB47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A0537F second address: A05398 instructions: 0x00000000 rdtsc 0x00000002 js 00007FEAD1245E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FEAD1245E2Bh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A05398 second address: A053A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FEAD052AC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A053A2 second address: A053EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007FEAD1245E2Eh 0x0000000e jg 00007FEAD1245E26h 0x00000014 pushad 0x00000015 popad 0x00000016 jns 00007FEAD1245E33h 0x0000001c push eax 0x0000001d push esi 0x0000001e pop esi 0x0000001f jmp 00007FEAD1245E33h 0x00000024 pop eax 0x00000025 jl 00007FEAD1245E2Ch 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A05521 second address: A05525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A05525 second address: A05533 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FEAD1245E28h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A08930 second address: A08955 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEAD052AC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push edi 0x00000010 jns 00007FEAD052AC5Ch 0x00000016 pop edi 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b push edi 0x0000001c pushad 0x0000001d popad 0x0000001e pop edi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A08955 second address: A08A13 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEAD1245E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f ja 00007FEAD1245E3Ch 0x00000015 jng 00007FEAD1245E2Ch 0x0000001b jnl 00007FEAD1245E26h 0x00000021 popad 0x00000022 pop eax 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007FEAD1245E28h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d mov dword ptr [ebp+122D19E5h], eax 0x00000043 push 00000003h 0x00000045 xor di, 5FF4h 0x0000004a jmp 00007FEAD1245E32h 0x0000004f push 00000000h 0x00000051 push 00000000h 0x00000053 push ebx 0x00000054 call 00007FEAD1245E28h 0x00000059 pop ebx 0x0000005a mov dword ptr [esp+04h], ebx 0x0000005e add dword ptr [esp+04h], 0000001Dh 0x00000066 inc ebx 0x00000067 push ebx 0x00000068 ret 0x00000069 pop ebx 0x0000006a ret 0x0000006b push 00000003h 0x0000006d mov dh, 02h 0x0000006f push D3973A18h 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A08A13 second address: A08A17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A08A17 second address: A08A1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A08A1D second address: A08A5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 13973A18h 0x00000010 mov edi, dword ptr [ebp+122D2BE6h] 0x00000016 lea ebx, dword ptr [ebp+12463662h] 0x0000001c mov dword ptr [ebp+122D19DEh], ebx 0x00000022 xchg eax, ebx 0x00000023 push edx 0x00000024 jmp 00007FEAD052AC5Fh 0x00000029 pop edx 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A08A5F second address: A08A69 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEAD1245E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A08A69 second address: A08A6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A08A6F second address: A08A73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9EEB10 second address: 9EEB2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEAD052AC56h 0x0000000a jmp 00007FEAD052AC5Ch 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9EEB2C second address: 9EEB32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A271EF second address: A271F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A271F3 second address: A271F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A271F7 second address: A27200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A27828 second address: A27834 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD1245E2Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A27B4F second address: A27B59 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEAD052AC56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A27B59 second address: A27B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A27B5F second address: A27B76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD052AC63h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A27FA7 second address: A27FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD1245E35h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A27FC1 second address: A27FD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD052AC60h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A27FD5 second address: A27FE2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD1245E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A2813E second address: A28156 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEAD052AC5Bh 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A1DCC6 second address: A1DCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A1DCCC second address: A1DCDC instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEAD052AC56h 0x00000008 jns 00007FEAD052AC56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A1DCDC second address: A1DCE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A1DCE1 second address: A1DCE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A28B23 second address: A28B66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E38h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jmp 00007FEAD1245E37h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jno 00007FEAD1245E26h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A28E18 second address: A28E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A28FC8 second address: A28FD1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A2B622 second address: A2B657 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC67h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FEAD052AC63h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A2B657 second address: A2B660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A2B660 second address: A2B6AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC64h 0x00000007 jo 00007FEAD052AC56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f js 00007FEAD052AC62h 0x00000015 jmp 00007FEAD052AC5Ch 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d jne 00007FEAD052AC56h 0x00000023 pop eax 0x00000024 jmp 00007FEAD052AC60h 0x00000029 push eax 0x0000002a push edx 0x0000002b push ebx 0x0000002c pop ebx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A2EF3B second address: A2EF3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A2EF3F second address: A2EF45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A2EF45 second address: A2EF6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jmp 00007FEAD1245E2Eh 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A2F65B second address: A2F65F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A359DF second address: A359E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A359E5 second address: A35A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEAD052AC66h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A35E79 second address: A35E9C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD1245E2Eh 0x00000008 push edx 0x00000009 jmp 00007FEAD1245E30h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A36215 second address: A3621F instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEAD052AC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A363B8 second address: A363BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A363BC second address: A363C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A363C1 second address: A363C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A36522 second address: A36542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD052AC5Dh 0x00000009 popad 0x0000000a jbe 00007FEAD052AC62h 0x00000010 jl 00007FEAD052AC56h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A37833 second address: A37839 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A37839 second address: A37850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD052AC63h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A378F4 second address: A378F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A37BEF second address: A37C02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A37DDC second address: A37DE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A37DE0 second address: A37DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A37EBB second address: A37EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A386BA second address: A386BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A386BE second address: A386F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FEAD1245E32h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FEAD1245E35h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A386F4 second address: A386F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A38B13 second address: A38B19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A39070 second address: A39075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A39075 second address: A390EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007FEAD1245E28h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D2037h], edi 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebp 0x00000031 call 00007FEAD1245E28h 0x00000036 pop ebp 0x00000037 mov dword ptr [esp+04h], ebp 0x0000003b add dword ptr [esp+04h], 0000001Ah 0x00000043 inc ebp 0x00000044 push ebp 0x00000045 ret 0x00000046 pop ebp 0x00000047 ret 0x00000048 stc 0x00000049 push 00000000h 0x0000004b mov dword ptr [ebp+122D2940h], esi 0x00000051 xor esi, dword ptr [ebp+122D2BBAh] 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push esi 0x0000005b jno 00007FEAD1245E26h 0x00000061 pop esi 0x00000062 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A390EC second address: A390F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A390F2 second address: A390F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A39992 second address: A39998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A39998 second address: A3999C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3AB82 second address: A3AB86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3AB86 second address: A3AC06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FEAD1245E28h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov esi, 44066616h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007FEAD1245E28h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 sub dword ptr [ebp+122D1B86h], edx 0x0000004b push 00000000h 0x0000004d mov di, A69Ch 0x00000051 jmp 00007FEAD1245E38h 0x00000056 xchg eax, ebx 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a jnl 00007FEAD1245E26h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3AC06 second address: A3AC39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEAD052AC68h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3C038 second address: A3C048 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3D565 second address: A3D581 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3D581 second address: A3D5EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 mov dword ptr [ebp+1246A4CCh], ecx 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 or dword ptr [ebp+124636ECh], edi 0x00000017 pop esi 0x00000018 jmp 00007FEAD1245E37h 0x0000001d push 00000000h 0x0000001f call 00007FEAD1245E32h 0x00000024 mov esi, dword ptr [ebp+122D2A06h] 0x0000002a pop edi 0x0000002b xchg eax, ebx 0x0000002c pushad 0x0000002d jmp 00007FEAD1245E31h 0x00000032 jng 00007FEAD1245E28h 0x00000038 popad 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3E095 second address: A3E09B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4130C second address: A4131C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4131C second address: A41344 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b stc 0x0000000c push 00000000h 0x0000000e mov dword ptr [ebp+122D2F25h], edi 0x00000014 push 00000000h 0x00000016 jp 00007FEAD052AC5Ch 0x0000001c push eax 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A41344 second address: A41348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A47499 second address: A4749D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4749D second address: A4750A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FEAD1245E35h 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 jmp 00007FEAD1245E37h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FEAD1245E28h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 00000018h 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 mov ebx, ecx 0x00000036 push 00000000h 0x00000038 sub dword ptr [ebp+122D2931h], edx 0x0000003e xchg eax, esi 0x0000003f push esi 0x00000040 pushad 0x00000041 push ebx 0x00000042 pop ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3DDEF second address: A3DE0F instructions: 0x00000000 rdtsc 0x00000002 js 00007FEAD052AC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d ja 00007FEAD052AC56h 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 js 00007FEAD052AC5Ch 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3E954 second address: A3E95E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEAD1245E2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3DE0F second address: A3DE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A49631 second address: A49635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3E95E second address: A3E96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FEAD052AC5Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3E96F second address: A3E973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A49C0F second address: A49C15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A49C15 second address: A49C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A49C19 second address: A49C28 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A46664 second address: A4666A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4AC4B second address: A4AC4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4AC4F second address: A4AC67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jo 00007FEAD1245E26h 0x00000011 jp 00007FEAD1245E26h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A47675 second address: A4767B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A49DAB second address: A49E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 clc 0x00000009 push dword ptr fs:[00000000h] 0x00000010 mov edi, dword ptr [ebp+122D2D9Ah] 0x00000016 mov dword ptr fs:[00000000h], esp 0x0000001d sub dword ptr [ebp+1246A427h], eax 0x00000023 mov eax, dword ptr [ebp+122D007Dh] 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007FEAD1245E28h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 mov ebx, 52EBF36Ah 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push esi 0x0000004d call 00007FEAD1245E28h 0x00000052 pop esi 0x00000053 mov dword ptr [esp+04h], esi 0x00000057 add dword ptr [esp+04h], 00000017h 0x0000005f inc esi 0x00000060 push esi 0x00000061 ret 0x00000062 pop esi 0x00000063 ret 0x00000064 nop 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007FEAD1245E37h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4767B second address: A4767F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4CDAC second address: A4CDC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnp 00007FEAD1245E26h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007FEAD1245E2Ch 0x00000015 jng 00007FEAD1245E26h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4767F second address: A47683 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A50F0D second address: A50F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A500FA second address: A500FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4F012 second address: A4F016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4BEE3 second address: A4BEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4F016 second address: A4F02D instructions: 0x00000000 rdtsc 0x00000002 js 00007FEAD1245E28h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d je 00007FEAD1245E38h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A51F78 second address: A51F7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4F02D second address: A4F031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4F031 second address: A4F035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A520C2 second address: A520C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A520C8 second address: A520CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A58D3F second address: A58D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A58D45 second address: A58D49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A58D49 second address: A58D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C072 second address: A5C0A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEAD052AC5Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop esi 0x0000000f pushad 0x00000010 jg 00007FEAD052AC56h 0x00000016 jnl 00007FEAD052AC56h 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jnc 00007FEAD052AC5Ah 0x00000026 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C0A6 second address: A5C0AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C0AC second address: A5C0B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C0B0 second address: A5C0B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C21A second address: A5C21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C4B7 second address: A5C4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C4BB second address: A5C4D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FEAD052AC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FEAD052AC61h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C4D8 second address: A5C4F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEAD1245E2Dh 0x00000008 jnc 00007FEAD1245E26h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C4F7 second address: A5C504 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEAD052AC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C504 second address: A5C51D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD1245E34h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C51D second address: A5C522 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5C522 second address: A5C528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A5E028 second address: A5E02C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F58EF second address: 9F58F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F58F3 second address: 9F5911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEAD052AC64h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F5911 second address: 9F5915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F5915 second address: 9F592B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC62h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F592B second address: 9F593F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FEAD1245E26h 0x0000000e jns 00007FEAD1245E26h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6A08B second address: A6A0C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD052AC63h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEAD052AC5Bh 0x00000013 jmp 00007FEAD052AC5Fh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69369 second address: A6939C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E33h 0x00000007 jmp 00007FEAD1245E35h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6939C second address: A693A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A693A2 second address: A693B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E32h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A693B8 second address: A693BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A693BE second address: A693C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FEAD1245E26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6989C second address: A698A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A698A5 second address: A698B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69A10 second address: A69A14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69B9C second address: A69BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FEAD1245E33h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69BB4 second address: A69BC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC5Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69BC9 second address: A69BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69D47 second address: A69D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69D4D second address: A69D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEAD1245E37h 0x0000000a jmp 00007FEAD1245E34h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FEAD1245E2Bh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69D8E second address: A69DA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD052AC63h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69EE0 second address: A69EFF instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEAD1245E26h 0x00000008 jmp 00007FEAD1245E32h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69EFF second address: A69F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69F05 second address: A69F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69F0E second address: A69F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A69F12 second address: A69F3A instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEAD1245E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FEAD1245E32h 0x0000000f popad 0x00000010 jg 00007FEAD1245E3Eh 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F22FB second address: 9F2307 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F2307 second address: 9F230F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F230F second address: 9F2315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F2315 second address: 9F2319 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F2319 second address: 9F2347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEAD052AC68h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jbe 00007FEAD052AC68h 0x00000013 push eax 0x00000014 push edx 0x00000015 jbe 00007FEAD052AC56h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: 9F2347 second address: 9F234B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6EA3B second address: A6EA47 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6EA47 second address: A6EA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6EA4B second address: A6EA70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FEAD052AC64h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6EBF2 second address: A6EBFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6F002 second address: A6F015 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEAD052AC5Ch 0x00000008 jg 00007FEAD052AC56h 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6F584 second address: A6F588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6F588 second address: A6F5A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC65h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6F5A3 second address: A6F5B7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD1245E2Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6F5B7 second address: A6F5BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6F5BB second address: A6F5BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6F6EB second address: A6F6EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A6F6EF second address: A6F6F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77637 second address: A77648 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3F1F6 second address: A3F24F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007FEAD1245E26h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d xor cx, 4B00h 0x00000012 lea eax, dword ptr [ebp+12499F46h] 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007FEAD1245E28h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D1CFAh], ecx 0x00000038 nop 0x00000039 ja 00007FEAD1245E2Ah 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jne 00007FEAD1245E26h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3F24F second address: A3F26A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3F26A second address: A1DCC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007FEAD1245E28h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 jnp 00007FEAD1245E2Bh 0x0000002a mov edx, 2706CAA4h 0x0000002f mov ecx, dword ptr [ebp+122D2CD2h] 0x00000035 call dword ptr [ebp+122D1838h] 0x0000003b je 00007FEAD1245E40h 0x00000041 jnl 00007FEAD1245E2Ch 0x00000047 jp 00007FEAD1245E2Eh 0x0000004d push eax 0x0000004e push edx 0x0000004f jnc 00007FEAD1245E2Eh 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3F842 second address: A3F859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jno 00007FEAD052AC56h 0x00000010 jp 00007FEAD052AC56h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3F859 second address: A3F85E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3F85E second address: A3F864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3FA6A second address: A3FAB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FEAD1245E28h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov edx, dword ptr [ebp+122D2919h] 0x0000002c nop 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 jnc 00007FEAD1245E26h 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3FAB3 second address: A3FAB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3FAB9 second address: A3FABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3FABD second address: A3FAD4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FEAD052AC5Ch 0x00000011 jl 00007FEAD052AC56h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3FD8C second address: A3FD91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A3FD91 second address: A3FDAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FEAD052AC62h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A4022D second address: A40231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A40334 second address: A4033E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A405F3 second address: A40623 instructions: 0x00000000 rdtsc 0x00000002 js 00007FEAD1245E35h 0x00000008 jmp 00007FEAD1245E2Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jl 00007FEAD1245E4Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FEAD1245E2Eh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77A5A second address: A77A5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77A5E second address: A77A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77A66 second address: A77A97 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEAD052AC5Ah 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007FEAD052AC5Dh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007FEAD052AC5Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77D4E second address: A77D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77D54 second address: A77D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77D58 second address: A77D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77EEB second address: A77F2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FEAD052AC64h 0x00000008 jmp 00007FEAD052AC5Fh 0x0000000d pop eax 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 jmp 00007FEAD052AC5Ah 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pushad 0x0000001c js 00007FEAD052AC5Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77F2D second address: A77F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jng 00007FEAD1245E26h 0x0000000b jmp 00007FEAD1245E2Ah 0x00000010 pop ecx 0x00000011 jmp 00007FEAD1245E2Ch 0x00000016 pushad 0x00000017 je 00007FEAD1245E26h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77F58 second address: A77F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A77F5E second address: A77F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A7833B second address: A78350 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A7C3DC second address: A7C3F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007FEAD1245E26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FEAD1245E26h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A7C3F0 second address: A7C3F6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A82347 second address: A82379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEAD1245E34h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEAD1245E35h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A82379 second address: A82387 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A82387 second address: A8238B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8238B second address: A82399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A82399 second address: A8239F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8239F second address: A823B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jns 00007FEAD052AC56h 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A80DEA second address: A80DF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A80DF4 second address: A80DFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A80DFA second address: A80DFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A80DFE second address: A80E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FEAD052AC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jp 00007FEAD052AC56h 0x00000013 pop ecx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jng 00007FEAD052AC56h 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 popad 0x00000023 push eax 0x00000024 pushad 0x00000025 jg 00007FEAD052AC56h 0x0000002b push ebx 0x0000002c pop ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A813A2 second address: A813A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A813A6 second address: A813AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8153A second address: A81540 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A81991 second address: A819A5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007FEAD052AC56h 0x0000000b pop edx 0x0000000c jp 00007FEAD052AC73h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A80AF1 second address: A80AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A80AF7 second address: A80AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A80AFD second address: A80B22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEAD1245E36h 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007FEAD1245E26h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A83E5E second address: A83E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 je 00007FEAD052AC78h 0x0000000d jmp 00007FEAD052AC64h 0x00000012 push eax 0x00000013 push edx 0x00000014 jg 00007FEAD052AC56h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A862AE second address: A862CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FEAD1245E2Dh 0x0000000a jnc 00007FEAD1245E28h 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A85F04 second address: A85F10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEAD052AC56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8946B second address: A89483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD1245E2Dh 0x00000009 popad 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A89483 second address: A8949C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEAD052AC64h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8D434 second address: A8D43E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8D43E second address: A8D458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jg 00007FEAD052AC58h 0x0000000d popad 0x0000000e je 00007FEAD052AC64h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8CB73 second address: A8CB77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8CB77 second address: A8CB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A8CB7D second address: A8CBA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FEAD1245E2Bh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FEAD1245E2Ah 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A93333 second address: A93337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A93337 second address: A9333B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A91CBA second address: A91CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FEAD052AC56h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A91E22 second address: A91E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A91E26 second address: A91E2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A92282 second address: A92286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A92286 second address: A92294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC5Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A40044 second address: A40049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A976AF second address: A976B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A976B6 second address: A976C0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD1245E2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A97982 second address: A9799A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEAD052AC63h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9799A second address: A979AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD1245E2Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A97AEE second address: A97AF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A97AF4 second address: A97AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9DCB9 second address: A9DCBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9EAFB second address: A9EB07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FEAD1245E26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9EB07 second address: A9EB0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9EB0B second address: A9EB0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F3F8 second address: A9F402 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEAD052AC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F402 second address: A9F40A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F40A second address: A9F40E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F40E second address: A9F412 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F6E3 second address: A9F6E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F6E9 second address: A9F6F3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEAD1245E26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F6F3 second address: A9F6FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F6FC second address: A9F702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: A9F702 second address: A9F70E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FEAD052AC56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AA83E3 second address: AA8400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD1245E38h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AA8400 second address: AA8405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AA8405 second address: AA8413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jp 00007FEAD1245E26h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AA8B66 second address: AA8B70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEAD052AC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AA8B70 second address: AA8B76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AA8B76 second address: AA8B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AA8B7F second address: AA8B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AA8E73 second address: AA8E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD052AC65h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB132E second address: AB1349 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FEAD1245E31h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB1510 second address: AB1541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a je 00007FEAD052AC56h 0x00000010 jo 00007FEAD052AC56h 0x00000016 jmp 00007FEAD052AC5Eh 0x0000001b popad 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push esi 0x00000020 pop esi 0x00000021 jl 00007FEAD052AC56h 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB16D9 second address: AB1700 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007FEAD1245E26h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007FEAD1245E35h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB1700 second address: AB170C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB1B3E second address: AB1B44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB1CCE second address: AB1CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB1CD2 second address: AB1CD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB1E1F second address: AB1E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FEAD052AC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB2BB3 second address: AB2BC5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEAD1245E26h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB2BC5 second address: AB2BE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC64h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB2BE2 second address: AB2BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AB8806 second address: AB8840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FEAD052AC69h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FEAD052AC61h 0x00000016 jo 00007FEAD052AC5Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC7190 second address: AC7195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC7195 second address: AC71AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD052AC61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC71AF second address: AC71B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC6D1F second address: AC6D25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC6D25 second address: AC6D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC6EB0 second address: AC6EB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC6EB5 second address: AC6EE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD1245E37h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 jo 00007FEAD1245E26h 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC9D41 second address: AC9D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD052AC68h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC9D5F second address: AC9D81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FEAD1245E2Ch 0x0000000b jmp 00007FEAD1245E2Ch 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC9D81 second address: AC9D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FEAD052AC56h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC9917 second address: AC991D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC991D second address: AC9923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC9923 second address: AC9945 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FEAD1245E2Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC9945 second address: AC9956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007FEAD052AC64h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AC9956 second address: AC995C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE2062 second address: AE207B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FEAD052AC64h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE091D second address: AE0924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE0924 second address: AE0932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD052AC5Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE0932 second address: AE0936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE0BD7 second address: AE0BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE0BDB second address: AE0C48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD1245E33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007FEAD1245E32h 0x0000000f jno 00007FEAD1245E43h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jnl 00007FEAD1245E3Eh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE0C48 second address: AE0C4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE0C4E second address: AE0C52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE116C second address: AE1172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE1172 second address: AE1176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE1176 second address: AE118A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEAD052AC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jp 00007FEAD052AC56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE118A second address: AE118E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE12FB second address: AE1304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE5958 second address: AE595E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE595E second address: AE5964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE5964 second address: AE5969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: AE5969 second address: AE596F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B01D34 second address: B01D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B01D38 second address: B01D43 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B01D43 second address: B01D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B01D49 second address: B01D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FEAD052AC56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B01D5A second address: B01D8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jnp 00007FEAD1245E46h 0x0000000e jmp 00007FEAD1245E35h 0x00000013 jmp 00007FEAD1245E2Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B01D8E second address: B01D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B01D92 second address: B01DA2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FEAD1245E26h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B01DA2 second address: B01DA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B03A10 second address: B03A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B03A14 second address: B03A18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1A4F7 second address: B1A506 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEAD1245E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1A506 second address: B1A520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jne 00007FEAD052AC56h 0x00000016 push edx 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1A680 second address: B1A688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1A7C9 second address: B1A7D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FEAD052AC56h 0x0000000a pop ecx 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1A7D8 second address: B1A7E2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEAD1245E2Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1AC5A second address: B1AC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1AC60 second address: B1AC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1AEEA second address: B1AF20 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEAD052AC5Eh 0x00000008 jne 00007FEAD052AC56h 0x0000000e pushad 0x0000000f popad 0x00000010 jns 00007FEAD052AC62h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FEAD052AC60h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1AF20 second address: B1AF2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1AF2C second address: B1AF32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1B079 second address: B1B081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1B081 second address: B1B08B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1B08B second address: B1B091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1CD55 second address: B1CD5B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1CB87 second address: B1CB8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1CB8C second address: B1CB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1CB94 second address: B1CB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1CB9A second address: B1CBB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jng 00007FEAD052AC56h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebx 0x00000012 push ebx 0x00000013 jnp 00007FEAD052AC56h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1E503 second address: B1E51A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEAD1245E30h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1E51A second address: B1E52A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B1E52A second address: B1E53A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jnl 00007FEAD1245E26h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	RDTSC instruction interceptor: First address: B2626A second address: B26276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FEAD052AC56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Special instruction interceptor: First address: A2F0A6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Special instruction interceptor: First address: A545E1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Special instruction interceptor: First address: ABAE31 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Code function: 0_2_0087CBBC rdtsc

0_2_0087CBBC

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe TID: 7476	Thread sleep time: -120000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe TID: 7472	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C8QT9HkXEb.exe, C8QT9HkXEb.exe, 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: C8QT9HkXEb.exe, 00000000.00000002.2137492585.00000000011D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp2#
Source: C8QT9HkXEb.exe, 00000000.00000002.2137710536.0000000001231000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136351816.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124772896.0000000001230000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124650344.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136483432.0000000001230000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: C8QT9HkXEb.exe, 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	File opened: NTICE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	File opened: SICE
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\C8QT9HkXEb.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Code function: 0_2_0087CBBC rdtsc

0_2_0087CBBC

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Code function: 0_2_0085E110 LdrInitializeThunk,

0_2_0085E110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: C8QT9HkXEb.exe	String found in binary or memory: bashfulacid.lat
Source: C8QT9HkXEb.exe	String found in binary or memory: curverpluch.lat
Source: C8QT9HkXEb.exe	String found in binary or memory: tentabatte.lat
Source: C8QT9HkXEb.exe	String found in binary or memory: shapestickyr.lat
Source: C8QT9HkXEb.exe	String found in binary or memory: talkynicer.lat
Source: C8QT9HkXEb.exe	String found in binary or memory: slipperyloo.lat
Source: C8QT9HkXEb.exe	String found in binary or memory: manyrestro.lat
Source: C8QT9HkXEb.exe	String found in binary or memory: observerfry.lat
Source: C8QT9HkXEb.exe	String found in binary or memory: wordyfindy.lat

Source: C8QT9HkXEb.exe, 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: _Program Manager
Source: C8QT9HkXEb.exe	Binary or memory string: _Program Manager

Source: C:\Users\user\Desktop\C8QT9HkXEb.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
C8QT9HkXEb.exe	54%	Virustotal		Browse
C8QT9HkXEb.exe	58%	ReversingLabs	Win32.Trojan.Symmi
C8QT9HkXEb.exe	100%	Avira	TR/Crypt.XPACK.Gen
C8QT9HkXEb.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
https://lev-tolstoi.com/date	100%	Avira URL Cloud	malware
https://lev-tolstoi.com/d	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
steamcommunity.com	23.55.153.106	true	false	high
lev-tolstoi.com	104.21.66.86	true	false	high
wordyfindy.lat	unknown	unknown	false	high
slipperyloo.lat	unknown	unknown	false	high
curverpluch.lat	unknown	unknown	true	unknown
tentabatte.lat	unknown	unknown	true	unknown
manyrestro.lat	unknown	unknown	true	unknown
bashfulacid.lat	unknown	unknown	true	unknown
shapestickyr.lat	unknown	unknown	true	unknown
observerfry.lat	unknown	unknown	false	high
talkynicer.lat	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
slipperyloo.lat	false	high
observerfry.lat	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
https://lev-tolstoi.com/api	false	high
curverpluch.lat	false	high
tentabatte.lat	false	high
manyrestro.lat	false	high
bashfulacid.lat	false	high
wordyfindy.lat	false	high
shapestickyr.lat	false	high
talkynicer.lat	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://player.vimeo.com	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/?subsection=broadcasts	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.microsoft.co	C8QT9HkXEb.exe, 00000000.00000003.2136351816.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137710536.0000000001241000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/subscriber_agreement/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.valvesoftware.com/legal.htm	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.microsoft.c	C8QT9HkXEb.exe, 00000000.00000003.2136351816.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136537906.0000000001277000.00000004.00000020.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/d	C8QT9HkXEb.exe, 00000000.00000002.2137492585.00000000011F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://steam.tv/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
http://microsoft.co	C8QT9HkXEb.exe, 00000000.00000003.2136351816.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137710536.0000000001241000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/	C8QT9HkXEb.exe, 00000000.00000003.2136483432.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/privacy_agreement/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/points/shop/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sketchfab.com	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/inventory/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/privacy_agreement/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/recaptcha/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/about/	C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/my/wishlist/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/date	C8QT9HkXEb.exe, 00000000.00000002.2137710536.0000000001231000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136351816.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2136483432.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://help.steampowered.com/en/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/market/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/news/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/subscriber_agreement/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net/recaptcha/;	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/discussions/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/stats/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://medal.tv	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://broadcast.st.dl.eccdnx.com	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/steam_refunds/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/workshop/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.steampowered.com/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb	C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000122E000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001241000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/legal/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
http://127.0.0.1:27060	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.steampowered.com/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/account/cookiepreferences/	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137492585.0000000001208000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000002.2137782801.000000000128F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/mobile	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/	C8QT9HkXEb.exe, 00000000.00000003.2099602379.0000000001230000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/badges	C8QT9HkXEb.exe, 00000000.00000003.2124591130.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.0000000001278000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099461767.000000000127D000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2124633596.0000000001286000.00000004.00000020.00020000.00000000.sdmp, C8QT9HkXEb.exe, 00000000.00000003.2099496870.000000000120A000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.66.86	lev-tolstoi.com	United States		13335	CLOUDFLARENETUS	false
23.55.153.106	steamcommunity.com	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580885
Start date and time:	2024-12-26 12:51:17 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	C8QT9HkXEb.exe renamed because original name is a hash value
Original Sample Name:	942e86204245173e9297bf46dacf79b3.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@11/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
06:52:09	API Interceptor	11x Sleep call for process: C8QT9HkXEb.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.66.86	MV ROCKET_PDA.exe	Get hash	malicious	FormBook	Browse	www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
23.55.153.106	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse
	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse
	BootStrapper.exe	Get hash	malicious	LummaC	Browse
	Loader.exe	Get hash	malicious	LummaC	Browse
	Script.exe	Get hash	malicious	LummaC	Browse
	3zg6i6Zu1u.exe	Get hash	malicious	LummaC	Browse
	oiF7u78bY2.exe	Get hash	malicious	LummaC	Browse
	L5Kgf2Tvkc.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
lev-tolstoi.com	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	3zg6i6Zu1u.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	oiF7u78bY2.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	L5Kgf2Tvkc.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	fkawMJ7FH8.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc	Browse	172.67.157.254
	LNn56KMkEE.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	BVGvbpplT8.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.66.86
bg.microsoft.map.fastly.net	P9UXlizXVS.exe	Get hash	malicious	AsyncRAT	Browse	199.232.214.172
	Setup64v4.1.9.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	0Ty.png.exe	Get hash	malicious	Xmrig	Browse	199.232.214.172
	0442.pdf.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	0442.pdf.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	yvaKqhmD4L.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	#U5b89#U88c5#U7a0b#U5e8f_1.1.1.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	IoIB9gQ6OQ.exe	Get hash	malicious	AsyncRAT, PureLog Stealer	Browse	199.232.210.172
	eCompleted_419z.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	3FG4bsfkEwmxFYY.exe	Get hash	malicious	FormBook	Browse	199.232.214.172
steamcommunity.com	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BootStrapper.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Loader.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Script.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	3zg6i6Zu1u.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	oiF7u78bY2.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	L5Kgf2Tvkc.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BootStrapper.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Loader.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Script.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	23.44.201.30
	armv7l.elf	Get hash	malicious	Mirai	Browse	2.18.19.83
	armv5l.elf	Get hash	malicious	Mirai	Browse	23.62.62.162
CLOUDFLARENETUS	r06aMlvVyM.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse	172.67.150.49
	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	ZX2M0AXZ56.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.11.101
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	172.67.165.185

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	r06aMlvVyM.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	ZX2M0AXZ56.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.66.86 23.55.153.106
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	104.21.66.86 23.55.153.106

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.9477466558067835
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	C8QT9HkXEb.exe
File size:	1'927'680 bytes
MD5:	942e86204245173e9297bf46dacf79b3
SHA1:	e3a1824db55ca76304cf36a238bc3b24a76902d6
SHA256:	a6f5c5e95852cd706419be818733fa6c079c27af126b390928b315ff984a1918
SHA512:	40845e4bdac867d5b6a5b04dd831eb3d136ce74c90f3657621c53f4c415d24dc48abe838b79addad1ff7a564c8e4a835082da2eef62323c8f2cb28381fe1327b
SSDEEP:	49152:oqT0PJB7bjtHwuP0XlN6H/ncgPEeV4NsS:uj6sfcib4
TLSH:	F79533A79E58A341C0F6CA3618BBBAA97E7037D7398025322059B20F7C737DD6311A35
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................K...........@...........................L...........@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8be000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FEAD0DBD70Ah
cmovs ebx, dword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	dfafc5447b2700427b9ea87e7895f110	False	0.9995149101307189	data	7.976532320186572	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1ac	0x200	c4249243ceaeb236e3ce8ce2ab2c9a69	False	0.5390625	data	5.249019796122045	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x2bb000	0x200	0b5cab19f1c2ea2a4de86dca2c6ee3dc	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
tkjsnozr	0x310000	0x1ad000	0x1ac800	115c01c690a7dc742b3909542111fbc2	False	0.9945491403515169	MGR bitmap, old format, 1-bit deep, 32-bit aligned	7.953453704005043	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
hrfcsqbb	0x4bd000	0x1000	0x600	f6e5d6b2842dbbd2078e36d830aa5dc8	False	0.6022135416666666	data	5.275194370033577	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4be000	0x3000	0x2200	d601fd03b6897324dea902ff737d4a20	False	0.06353400735294118	DOS executable (COM)	0.832732194274232	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T12:52:10.248517+0100	2058514	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)	1	192.168.2.5	52304	1.1.1.1	53	UDP
2024-12-26T12:52:10.590393+0100	2058502	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)	1	192.168.2.5	50744	1.1.1.1	53	UDP
2024-12-26T12:52:10.731287+0100	2058492	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)	1	192.168.2.5	54297	1.1.1.1	53	UDP
2024-12-26T12:52:10.870391+0100	2058500	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)	1	192.168.2.5	53068	1.1.1.1	53	UDP
2024-12-26T12:52:11.013160+0100	2058510	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)	1	192.168.2.5	50270	1.1.1.1	53	UDP
2024-12-26T12:52:11.155382+0100	2058484	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)	1	192.168.2.5	59377	1.1.1.1	53	UDP
2024-12-26T12:52:11.296785+0100	2058512	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)	1	192.168.2.5	52639	1.1.1.1	53	UDP
2024-12-26T12:52:11.443943+0100	2058480	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)	1	192.168.2.5	64151	1.1.1.1	53	UDP
2024-12-26T12:52:13.217055+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49704	23.55.153.106	443	TCP
2024-12-26T12:52:14.136171+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	49704	23.55.153.106	443	TCP
2024-12-26T12:52:15.755339+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T12:52:16.792681+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T12:52:16.792681+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	104.21.66.86	443	TCP
2024-12-26T12:52:17.964219+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49706	104.21.66.86	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:52:11.729870081 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:11.729988098 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:11.730185032 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:11.731533051 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:11.731568098 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:13.216983080 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:13.217055082 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:13.222146988 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:13.222172976 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:13.222510099 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:13.276369095 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:13.279083967 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:13.323334932 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.136173964 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.136194944 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.136202097 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.136271000 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.136318922 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.136358023 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.136358023 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.136396885 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.136445999 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.136445999 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.248111010 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.248164892 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.248277903 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.248306036 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.248347044 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.277771950 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.277848959 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.277882099 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.277880907 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.277920961 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.279484987 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.279530048 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.279556990 CET	49704	443	192.168.2.5	23.55.153.106
Dec 26, 2024 12:52:14.279572010 CET	443	49704	23.55.153.106	192.168.2.5
Dec 26, 2024 12:52:14.444128036 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:14.444178104 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:14.444426060 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:14.444629908 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:14.444638968 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:15.755085945 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:15.755338907 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:15.810882092 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:15.810908079 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:15.811302900 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:15.812787056 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:15.812817097 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:15.812874079 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:16.792690039 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:16.792804956 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:16.792882919 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:16.793564081 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:16.793589115 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:16.793602943 CET	49705	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:16.793608904 CET	443	49705	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:16.824070930 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:16.824119091 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:16.824207067 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:16.824475050 CET	49706	443	192.168.2.5	104.21.66.86
Dec 26, 2024 12:52:16.824490070 CET	443	49706	104.21.66.86	192.168.2.5
Dec 26, 2024 12:52:17.964219093 CET	49706	443	192.168.2.5	104.21.66.86

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:52:10.104023933 CET	59872	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:10.240957022 CET	53	59872	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:10.248517036 CET	52304	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:10.585969925 CET	53	52304	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:10.590393066 CET	50744	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:10.727647066 CET	53	50744	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:10.731287003 CET	54297	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:10.868753910 CET	53	54297	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:10.870390892 CET	53068	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:11.008155107 CET	53	53068	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:11.013159990 CET	50270	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:11.150943995 CET	53	50270	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:11.155381918 CET	59377	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:11.293085098 CET	53	59377	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:11.296785116 CET	52639	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:11.442213058 CET	53	52639	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:11.443943024 CET	64151	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:11.581382036 CET	53	64151	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:11.584311962 CET	63627	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:11.723735094 CET	53	63627	1.1.1.1	192.168.2.5
Dec 26, 2024 12:52:14.302237988 CET	52675	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:52:14.443150043 CET	53	52675	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 12:52:10.104023933 CET	192.168.2.5	1.1.1.1	0xd98c	Standard query (0)	observerfry.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:10.248517036 CET	192.168.2.5	1.1.1.1	0x2d1a	Standard query (0)	wordyfindy.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:10.590393066 CET	192.168.2.5	1.1.1.1	0x6e2a	Standard query (0)	slipperyloo.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:10.731287003 CET	192.168.2.5	1.1.1.1	0xfac2	Standard query (0)	manyrestro.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:10.870390892 CET	192.168.2.5	1.1.1.1	0xb85	Standard query (0)	shapestickyr.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.013159990 CET	192.168.2.5	1.1.1.1	0x366a	Standard query (0)	talkynicer.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.155381918 CET	192.168.2.5	1.1.1.1	0xdcc	Standard query (0)	curverpluch.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.296785116 CET	192.168.2.5	1.1.1.1	0xf74e	Standard query (0)	tentabatte.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.443943024 CET	192.168.2.5	1.1.1.1	0x1c4f	Standard query (0)	bashfulacid.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.584311962 CET	192.168.2.5	1.1.1.1	0x787f	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:14.302237988 CET	192.168.2.5	1.1.1.1	0xb480	Standard query (0)	lev-tolstoi.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 12:52:10.240957022 CET	1.1.1.1	192.168.2.5	0xd98c	Name error (3)	observerfry.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:10.585969925 CET	1.1.1.1	192.168.2.5	0x2d1a	Name error (3)	wordyfindy.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:10.727647066 CET	1.1.1.1	192.168.2.5	0x6e2a	Name error (3)	slipperyloo.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:10.868753910 CET	1.1.1.1	192.168.2.5	0xfac2	Name error (3)	manyrestro.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.008155107 CET	1.1.1.1	192.168.2.5	0xb85	Name error (3)	shapestickyr.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.150943995 CET	1.1.1.1	192.168.2.5	0x366a	Name error (3)	talkynicer.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.293085098 CET	1.1.1.1	192.168.2.5	0xdcc	Name error (3)	curverpluch.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.442213058 CET	1.1.1.1	192.168.2.5	0xf74e	Name error (3)	tentabatte.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.581382036 CET	1.1.1.1	192.168.2.5	0x1c4f	Name error (3)	bashfulacid.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:11.723735094 CET	1.1.1.1	192.168.2.5	0x787f	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:14.443150043 CET	1.1.1.1	192.168.2.5	0xb480	No error (0)	lev-tolstoi.com		104.21.66.86	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:14.443150043 CET	1.1.1.1	192.168.2.5	0xb480	No error (0)	lev-tolstoi.com		172.67.157.254	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:24.906980038 CET	1.1.1.1	192.168.2.5	0xfb6f	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:52:24.906980038 CET	1.1.1.1	192.168.2.5	0xfb6f	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

lev-tolstoi.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	23.55.153.106	443	7288	C:\Users\user\Desktop\C8QT9HkXEb.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:52:13 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-26 11:52:14 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Dec 2024 11:52:13 GMT Content-Length: 35121 Connection: close Set-Cookie: sessionid=67f7401d803ff1f1949f0791; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-26 11:52:14 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-26 11:52:14 UTC	10097	IN	Data Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09 Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
2024-12-26 11:52:14 UTC	10545	IN	Data Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 Data Ascii: NIVERSE":"public","LANGUAGE":"english","COUNTRY":"US","MEDIA_CDN_COMMUNITY_URL":"https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/","MEDIA_CDN_URL":"htt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	104.21.66.86	443	7288	C:\Users\user\Desktop\C8QT9HkXEb.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:52:15 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: lev-tolstoi.com
2024-12-26 11:52:15 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 11:52:16 UTC	1130	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:52:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7kaueckacvmtbaj4up86dru485; expires=Mon, 21 Apr 2025 05:38:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MB4fFFwBuZT%2FjTaqIIxAxWnJtUedFVxbt33Ib%2F2EFlw2s%2Bwb2WXc3Gfxyk2K3uUkqnNrkm%2BUXL5wbjNwyoYfvQkTcRDxbn5TY4YHeTVfh4HrNA59%2BzOgFqr%2F8CJmKXGYXDE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80dd1c3f545e71-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1727&min_rtt=1713&rtt_var=671&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1597374&cwnd=238&unsent_bytes=0&cid=f2113ca9a077ade4&ts=1047&x=0"
2024-12-26 11:52:16 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 11:52:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	06:52:06
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\C8QT9HkXEb.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\C8QT9HkXEb.exe"
Imagebase:	0x820000
File size:	1'927'680 bytes
MD5 hash:	942E86204245173E9297BF46DACF79B3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	23.2%
Total number of Nodes:	69
Total number of Limit Nodes:	4

Executed Functions

Function 0082B100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

yQrS, xrefs: 0082B271
pE}G, xrefs: 0082B253
hI2K, xrefs: 0082B25D
(Y6[, xrefs: 0082B285
9]_, xrefs: 0082B28F
k=W?, xrefs: 0082B23F
Ym]o, xrefs: 0082B2B7
Gu@w, xrefs: 0082B2CB
D!M#, xrefs: 0082B1F9
.AtC, xrefs: 0082B249
zMzO, xrefs: 0082B267
b6j4, xrefs: 0082B57D
S%U', xrefs: 0082B203
Gq\s, xrefs: 0082B2C1
XyR{, xrefs: 0082B2D5

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: a4214266e54c5636fcfd06ce80a5974d555a7d6e29b3d8049d8b0a97b564b0c8
Instruction ID: 88dd0dba8bce5c3e0a2159820b47afeb275a61ea4f27ee34d9db6db4788a4e1b
Opcode Fuzzy Hash: a4214266e54c5636fcfd06ce80a5974d555a7d6e29b3d8049d8b0a97b564b0c8
Instruction Fuzzy Hash: 260245B1200B01CFD324CF25E891B9BBBE1FB45314F118A2CD5AB8BAA0D775A445CF50

Function 00828600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00828A4B

Part of subcall function 0082B7B0: FreeLibrary.KERNEL32(00828A31), ref: 0082B7B6
Part of subcall function 0082B7B0: FreeLibrary.KERNEL32 ref: 0082B7D7

Strings

}, xrefs: 0082890C
b]u), xrefs: 00828877
}, xrefs: 00828913

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: d51344af9724683835f13fe9de3465253aadede790f554fce7612e034de813c8
Instruction ID: bbf34f7de724d651cb4911a306aeae2da7da4e8fd231d32600620b31c1f22d05
Opcode Fuzzy Hash: d51344af9724683835f13fe9de3465253aadede790f554fce7612e034de813c8
Instruction Fuzzy Hash: 37C1E673A197244BC718DF69D84125AF7D6ABC8710F0EC52DA898EB355EA74DC048BC2

Function 0085E110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0086148A,?,00000018,?,?,00000018,?,?,?), ref: 0085E13E

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00861720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=<32, xrefs: 0086176D

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: fa82dba331c7333eca8b511b5dfe4551382e66bee974e0b524b386b2d4949567
Instruction ID: 11fa4c77511ae0935b686ebc4a2f92504c04192e3d2572e33559adebea6aac52
Opcode Fuzzy Hash: fa82dba331c7333eca8b511b5dfe4551382e66bee974e0b524b386b2d4949567
Instruction Fuzzy Hash: 663115346043045BEB189A54DC95B3EB3A5FB84750F1E853CE685D72A2D770DC409782

Function 00828A50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction ID: 7f38e0a4bd6d9e90c8378f11f353bed848b8ef8d41218248b9ded25d145c00e6
Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction Fuzzy Hash: 2321C537A627284BD7108E54DCC97917761E7D9328F3E86B8C9249F3D2C97BA91386C0

Function 00829D1E Relevance: 3.1, APIs: 2, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00829D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00829E78

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4df65b21b7261c2ecfeb7506abf3755bf23238e42633ba2023c1053cce097f57
Instruction ID: 88f7d860859cab52c85bd148665132d48ea9edfbbc97e91761d7c42b2f2d3643
Opcode Fuzzy Hash: 4df65b21b7261c2ecfeb7506abf3755bf23238e42633ba2023c1053cce097f57
Instruction Fuzzy Hash: 43412374D003009FE7149F78A9D2A9A7FB1FB06324F51529CD4906F3A6C631940ACFE2

Function 0082EF53 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0082F09C

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 82bb88ab8a4e7d2641b3d4e8c5150ed498c5e44c2d0c153cce0a9442dd7c5b7e
Instruction ID: aa5784d6de155b53207973e128eff77a214a7490f7cd6da9a87bb5dc1108cd1f
Opcode Fuzzy Hash: 82bb88ab8a4e7d2641b3d4e8c5150ed498c5e44c2d0c153cce0a9442dd7c5b7e
Instruction Fuzzy Hash: D441D8B4810B40AFD370EF3D9A4B7137EB8AB05250F504B1EF9E6866D4E231A4198BD7

Function 0085E0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 0085E0E0

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8398421fbd4fee63d930de9917310962a55d788c6f3774a6f843a2029e634f35
Instruction ID: b54896cccd8ab11937b50adef09e94c54920f025a24fbf6116ccd1379389300f
Opcode Fuzzy Hash: 8398421fbd4fee63d930de9917310962a55d788c6f3774a6f843a2029e634f35
Instruction Fuzzy Hash: EEF0E532814611FBC3112F38BD05A5B3AA8FFC3722F061435F804D71A1EB74E81AC692

Function 0082EC77 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0082ECA3

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 7dad1047ed5f2f402744979ae3b7c37692b2035bd333cc7d846aea7739f759ba
Instruction ID: 08ce611f0fc259ccb59eda8f6baeb9fbfa16e0832517ee98b76b30ac6d5030ab
Opcode Fuzzy Hash: 7dad1047ed5f2f402744979ae3b7c37692b2035bd333cc7d846aea7739f759ba
Instruction Fuzzy Hash: 8AE092343EA3427AF63982259CA3F263106AB42F38E316B05B3213D3D4CAD03101824C

Function 00829EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00829ED2

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 85f1a6a69b73e9138b7fc78c692019c94abac60bc93781a7202cfdc9e4513d63
Instruction ID: 910175a5153ecf51173963ea66e127386d1651f3baaae094038aa1828fc65480
Opcode Fuzzy Hash: 85f1a6a69b73e9138b7fc78c692019c94abac60bc93781a7202cfdc9e4513d63
Instruction Fuzzy Hash: 80E02B336806029BD704DB34FD57E593356FB16342B079428E205D6372EAB3D4109E11

Function 0085C570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,0085E0F9), ref: 0085C590

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5bc5c7d2166d368c2135e4d7bb0f63e00065ab94b6f7ae4a06cb9c2bd003d49a
Instruction ID: 54b26358d7ac50999802008eca3d71a8a030dc823e2b29b66825e79484eb27fe
Opcode Fuzzy Hash: 5bc5c7d2166d368c2135e4d7bb0f63e00065ab94b6f7ae4a06cb9c2bd003d49a
Instruction Fuzzy Hash: D9D0C931419622EBC6102F28BC05BC73A59EF59221F070891F548AA0B5C664EC91CAD1

Function 0085C55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 0085C561

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 278b797ee746c05dcb420238f6389d50f2b61d4176a75307a39031b049d70cf6
Instruction ID: d86df4a749a68c76fc1dd4e777a91fb9fcaf7812a6fc4bb19195f5e3ee6e4456
Opcode Fuzzy Hash: 278b797ee746c05dcb420238f6389d50f2b61d4176a75307a39031b049d70cf6
Instruction Fuzzy Hash: 08A001711841109ADA562B24BC09B847A61AB68721F124192E105590BA8661D8D29A84

Function 0082DDBB Relevance: 1.3, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 0082DDC3

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: 09d8381b8add93a250c26f4ee8602edf316bdd2874ad3089527efd54dbd46280
Instruction ID: 1ba6cbbf794c7bf356621b11821f18f4cf49e4d1f641c17f78e84bd16d52e18a
Opcode Fuzzy Hash: 09d8381b8add93a250c26f4ee8602edf316bdd2874ad3089527efd54dbd46280
Instruction Fuzzy Hash: 31C0807535C41057C7089734FE224373216FF97248B157519C447C2716D6B1A5414549

Function 00879865 Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00879B8E

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6e1871f5352e36da5bf3ed0a08423e946afbb8f9a0a05b1b9d0edd279bd614c2
Instruction ID: 8a934e0b15144036fd00cb8504b5c2dfcbcbe81ecb03917c79e905cf8f10deaa
Opcode Fuzzy Hash: 6e1871f5352e36da5bf3ed0a08423e946afbb8f9a0a05b1b9d0edd279bd614c2
Instruction Fuzzy Hash: D3F015B110860DDFD7002F6894886ADBBE0FF44325F224A2DE9D9C6A80D6708840CA0A

Non-executed Functions

Function 008442D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 008443AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0084443E

Strings

e>n<, xrefs: 0084588E
r:i8, xrefs: 00845899
+$e, xrefs: 00844365, 0084437A
13, xrefs: 00845BFC
N~4|, xrefs: 0084593E
n l, xrefs: 0084596A
|r, xrefs: 008453A8
<j:h, xrefs: 00845975
DD, xrefs: 00845CEE
=:, xrefs: 008457CE
b`, xrefs: 008455F9
uw, xrefs: 00845B57
=?, xrefs: 00845BF1
%r?p, xrefs: 0084595F
+$e, xrefs: 008443FA, 0084442B
gd, xrefs: 00845E60
tj, xrefs: 008453BE
ut, xrefs: 00845CE3
y{, xrefs: 00845B36
Xs, xrefs: 00845CD8

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1429676654
Opcode ID: b5c88012ef4ff91266e22d5500b714d3c232cd6ae068a833cc39658ecb739293
Instruction ID: 057a97b35cbc011e2241736e5529c7a2b54206331bf54f599decf508dfe804c9
Opcode Fuzzy Hash: b5c88012ef4ff91266e22d5500b714d3c232cd6ae068a833cc39658ecb739293
Instruction Fuzzy Hash: 93C20CB560C3848AD334CF14C452B9FBBF2FB82304F01892DD5E96B255D7B5864A8B9B

Function 008360E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

{zdy, xrefs: 0083611D
JyTK, xrefs: 00836160
*,-", xrefs: 008366EF
uqrs, xrefs: 00836AF0
w}MI, xrefs: 00836128
L4, xrefs: 00836BA0
L4, xrefs: 00836780
t~v:, xrefs: 008361E7
~mfQ, xrefs: 0083613E
3F&D, xrefs: 00836273
pt}w, xrefs: 008361F2
qRb`, xrefs: 00836133
ntxE, xrefs: 00836112

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: 0656e41e65f7a2c9f627dd5b64b2a26fa7b398ec3717f021e87549b470d113c0
Instruction ID: e287ca5d531e8b90b0c0c34a36ae5b54fa46bcf5382f7f721401ca8c2b00e909
Opcode Fuzzy Hash: 0656e41e65f7a2c9f627dd5b64b2a26fa7b398ec3717f021e87549b470d113c0
Instruction Fuzzy Hash: FE4224726082509FC7258F28D8917ABB7E2FFD5314F1A893CD4D9CB252EB748815CB82

Function 009EF052 Relevance: 14.1, Strings: 10, Instructions: 1619COMMON

Download Yara Rule

Strings

z/, xrefs: 009EF52C
5W#, xrefs: 009EF322
Vu_m, xrefs: 009EFE02
"s, xrefs: 009EFC81
9~, xrefs: 009EF276, 009EF321, 009EF36B
u3}, xrefs: 009EF503
_;, xrefs: 009EF55A
]@l2, xrefs: 009EFA51
Dbc, xrefs: 009EF730
k5Q, xrefs: 009F01E0

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: z/$Dbc$Vu_m$]@l2$k5Q$_;$"s$5W#$9~$u3}
API String ID: 0-3014607749
Opcode ID: 510d4945ade54214c8570b2a0a66f9beaf01c2af41528a7964112ae4a5b2e908
Instruction ID: 0345b2e75c8ffb0bf1673cf06b59d3b3e6929d7b275e90acd64318978bc2e0d5
Opcode Fuzzy Hash: 510d4945ade54214c8570b2a0a66f9beaf01c2af41528a7964112ae4a5b2e908
Instruction Fuzzy Hash: E4B2F6F360C2049FE304AE2DEC8577AB7E5EF94720F1A8A3DEAC487744E63558058697

Function 0083747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 008375C5

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 1e46907c02ad3c83710d1439f1dc9827636df1a3df098b81af5d0e88c9640fa4
Instruction ID: 2b3e70ad819f63f92f51f39c9b20a98a5ffe3893166e62feeda6a00db5a49ccd
Opcode Fuzzy Hash: 1e46907c02ad3c83710d1439f1dc9827636df1a3df098b81af5d0e88c9640fa4
Instruction Fuzzy Hash: F18215B15083518BC724CF28C8917ABB7E1FFD9324F198A6CE8D5972A5E734D805CB92

Function 008481CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 008484BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 008485B4

Strings

_^]\, xrefs: 00848A15
LF7Y, xrefs: 00848951

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: c7a42e813fad2b55fa4115422960cf84036ca5bb505bbf4f4fd72ae130b4d9f6
Instruction ID: 07222dc82d360363c3b44c5eddac5e5f5c5c80c27bc9b3ed3a6b9d4a340e7519
Opcode Fuzzy Hash: c7a42e813fad2b55fa4115422960cf84036ca5bb505bbf4f4fd72ae130b4d9f6
Instruction Fuzzy Hash: 81220071908391CFD3248F28D89072FBBE1FF85315F1A4A6CE9959B2A1DB709941CB92

Function 008483D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 008484BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 008485B4

Strings

_^]\, xrefs: 00848A15
LF7Y, xrefs: 00848951

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 1cbda27d13f2b29ef80b9634c139afd5bfd96a2528caccc523341edd13fe9929
Instruction ID: 2941bc32a4d9636d9b671abde555d843152a330c18ce697f22eab6a47dec9c70
Opcode Fuzzy Hash: 1cbda27d13f2b29ef80b9634c139afd5bfd96a2528caccc523341edd13fe9929
Instruction Fuzzy Hash: F412F071908391CFD3248F28D88071FBBE1FF85315F1A4A6CE9999B2A1DB719941CB92

Function 009F426C Relevance: 6.6, Strings: 4, Instructions: 1648COMMON

Download Yara Rule

Strings

vOs:, xrefs: 009F427A
Dh_g, xrefs: 009F4E02
">n}, xrefs: 009F4F31
L-n>, xrefs: 009F4933

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: ">n}$Dh_g$L-n>$vOs:
API String ID: 0-85346228
Opcode ID: 00d8fbc9e09c692b9660b9e93428eeb54cc1c2c1c3ac1df0af35bbe3607420a9
Instruction ID: 504e93dd90b40ac0ddd37d9b4433d26d2316e5bc4ec28ca6227e206ed6b6fcf7
Opcode Fuzzy Hash: 00d8fbc9e09c692b9660b9e93428eeb54cc1c2c1c3ac1df0af35bbe3607420a9
Instruction Fuzzy Hash: E7B24BF360C6049FE304AE2DEC8567AFBD9EBD4320F1A463DE6C4C7744E97558058692

Function 009FE49D Relevance: 6.6, Strings: 4, Instructions: 1607COMMON

Download Yara Rule

Strings

$_;, xrefs: 009FF363
_A!, xrefs: 009FF504
<O>M, xrefs: 009FF0FE
{E|, xrefs: 009FEDE3

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: <O>M$_A!${E|$$_;
API String ID: 0-2620906377
Opcode ID: a2b1c037df1dc217bd1668aa75f9ea2e472697df442c2ed8bac8229396654147
Instruction ID: 3c5c96eef8a1f13aeb79dff2063e34d4a9a740cd89fe675651c59433a50410de
Opcode Fuzzy Hash: a2b1c037df1dc217bd1668aa75f9ea2e472697df442c2ed8bac8229396654147
Instruction Fuzzy Hash: 6EB2B3F360C2009FE304AE29EC8577AB7E9EF94720F16893DEAC4C7744EA3558458697

Function 008424E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

"_,Y, xrefs: 00842530
pCj], xrefs: 00842528
.[TU, xrefs: 00842538
;GsA, xrefs: 00842520
=K0E, xrefs: 00842544

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: cbb77b86a2ee139a4658971b050ef9fb7128d366cf8f86f869e4a66e9b0f8c64
Instruction ID: 35d877597d389e6aa0ac051240519195917b134be11c13ee75344a70fff96aa7
Opcode Fuzzy Hash: cbb77b86a2ee139a4658971b050ef9fb7128d366cf8f86f869e4a66e9b0f8c64
Instruction Fuzzy Hash: DB91F0B16083059BC710DF24C891B6BB7A5FF95318F19852CF98ACB282E374D905C762

Function 00838169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

^`/4, xrefs: 008381E1
gfff, xrefs: 00838458
7, xrefs: 00838419
SP, xrefs: 00838396
2h?n, xrefs: 008383A0

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: 2563381f90bea92c56aa85590b384d6d42da54da41736ab441d291338d9efaff
Instruction ID: af99abcb020c9b37bf8286ff347e2957fff3bc96780c855f7a0beb7d1fc6abbb
Opcode Fuzzy Hash: 2563381f90bea92c56aa85590b384d6d42da54da41736ab441d291338d9efaff
Instruction Fuzzy Hash: AEA117B2A143518BD314CF28D85176FB7D2FBC4318F599A3DE485D7391EA78C9068782

Function 008491AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 008491DA

Strings

wpq, xrefs: 008492B7
+Ku, xrefs: 008492AF

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 9425a39222edbf415bbc89a8659e4cff61b8e71437efadfb7463546a1a661e4d
Instruction ID: 620e1009def6d291168b911a0f12aa7408eaf4a988c74a6866c67e0b0e993c10
Opcode Fuzzy Hash: 9425a39222edbf415bbc89a8659e4cff61b8e71437efadfb7463546a1a661e4d
Instruction Fuzzy Hash: 1A51BD7221C3568FC324CF29984076FB6E6FBC5310F55892DE4E9CB285DB74D50A8B92

Function 008490D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00849170

Strings

M/(, xrefs: 0084913D
M/(, xrefs: 0084919E

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: 74da868695019df649ca38ce8cb3c5ab63d150890fad0fdf731877a46bb74c83
Instruction ID: c7e0994b7ccf66b4dffa7e1d3b5f6fda0eca98b6a47d89299d7ce2fb6bde696e
Opcode Fuzzy Hash: 74da868695019df649ca38ce8cb3c5ab63d150890fad0fdf731877a46bb74c83
Instruction Fuzzy Hash: 6F21237165C3615FE714CE34988279FB7AAEBD6700F01892CE0D1EB1C5D679880B8792

Function 0084A5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

i, xrefs: 0084A527
VN, xrefs: 0084A520
VN, xrefs: 0084A5C6
i, xrefs: 0084A5CD

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: VN$VN$i$i
API String ID: 0-1885346908
Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction ID: a88081ee1a00bebd87c6a6b241d415ffefcaf745ce38bf9676df55e104d26470
Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction Fuzzy Hash: B821C6215883858AE3098EA580412A7BBE3FBD6718F29465ED0F19F391E63BC9094757

Function 008EC2C4 Relevance: 4.2, Strings: 3, Instructions: 445COMMON

Download Yara Rule

Strings

p/`, xrefs: 008EC892
KZ, xrefs: 008EC82B
x_, xrefs: 008EC808

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: KZ$p/`$x_
API String ID: 0-725335375
Opcode ID: a64866eacf1831d066a9a3f3cbb51294f925d75df0c45df5a4ee717cbfa29875
Instruction ID: 16c4c325ea504fe87f96518c4613733921fa9be99d9b57e30916ddbfd3e5ff15
Opcode Fuzzy Hash: a64866eacf1831d066a9a3f3cbb51294f925d75df0c45df5a4ee717cbfa29875
Instruction Fuzzy Hash: E5E1D0F3E146244BF3145E28DC5937AB692EBD4320F2F423D8E99AB7C4E97E5C058285

Function 0084A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0084A49C, 0084A188
.txt, xrefs: 0084A371
<\hX, xrefs: 0084A236

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 7430460a09cf70021c20e729d750975a9c41de7b2e8cc0504bbf81ce605c46b9
Instruction ID: 3119309aaaf2ce257b9ec2bdb50ee671c049294ec8bdf0c8693d48aa5d05bc8f
Opcode Fuzzy Hash: 7430460a09cf70021c20e729d750975a9c41de7b2e8cc0504bbf81ce605c46b9
Instruction Fuzzy Hash: 58C1217150C384DFD708DF28D881A2ABBE2FF85314F098A6CF0958B2A6D7759945CB53

Function 009B83E8 Relevance: 4.0, Strings: 3, Instructions: 239COMMON

Download Yara Rule

Strings

q-{/, xrefs: 009B85C3
~Z{], xrefs: 009B8456
>op, xrefs: 009B852D

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: q-{/$~Z{]$>op
API String ID: 0-1079866463
Opcode ID: 2773855bc2feea0821844301e59a0a3720c8d53fe7c86de324419bd0ca50fae4
Instruction ID: b8a8ba9a1a7b5259d9a7145e30df5ca74bb9bcdbecdce02ba6e2f7ed5364a7d1
Opcode Fuzzy Hash: 2773855bc2feea0821844301e59a0a3720c8d53fe7c86de324419bd0ca50fae4
Instruction Fuzzy Hash: F0715AF3A183145FE3006A7DEC45777BBD9DBC4720F2A463EE694D7784E93998024682

Function 0083D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 0083D4DD
bh, xrefs: 0083D4D6

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 8488f1df48e23be0dfaef3bff87ce1fb44a5178a9a6f31e622f0d04cabe379e0
Instruction ID: dc25ba434dad1331fb4d53bef52bf43146eeeab20a94001327b12a4cda3f1723
Opcode Fuzzy Hash: 8488f1df48e23be0dfaef3bff87ce1fb44a5178a9a6f31e622f0d04cabe379e0
Instruction Fuzzy Hash: F03227B1901716CBCB24CF29C8926BBB7B1FF95310F18825DD8969B394E734A941CBD1

Function 008D1147 Relevance: 3.0, Strings: 2, Instructions: 539COMMON

Download Yara Rule

Strings

2ubi, xrefs: 008D1266
2ubi, xrefs: 008D125F

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: 2ubi$2ubi
API String ID: 0-1850778588
Opcode ID: 3efdeead67b828da5246798ad3ffc74c59e2e949dfd850374b4cb00c4f023d86
Instruction ID: 07bf575988c3f34e7b1773b8a007365b124942585083cc1ebe0074e48749c7b7
Opcode Fuzzy Hash: 3efdeead67b828da5246798ad3ffc74c59e2e949dfd850374b4cb00c4f023d86
Instruction Fuzzy Hash: 4302D0F3F116244BF3545E29CC84366B693EBD4320F2B823D9E98977C4E97E5C0A4685

Function 00824270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 008242EB
IEND, xrefs: 00824661

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 392f47d40fe4532c53dd511f42a051966c26614939798677d7cfbc3dfb0d175d
Instruction ID: b317f5356641c68827502705b178b2e10573e5b696b06fe39e85afe6131ee7e1
Opcode Fuzzy Hash: 392f47d40fe4532c53dd511f42a051966c26614939798677d7cfbc3dfb0d175d
Instruction Fuzzy Hash: 8FD1D1719083589FE710CF18E845B5EBBE0FB94308F14492DF9999B382D775E988CB92

Function 00938359 Relevance: 2.6, Strings: 2, Instructions: 146COMMON

Download Yara Rule

Strings

z(8, xrefs: 00938359
b, xrefs: 00938460

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: b$z(8
API String ID: 0-2925637482
Opcode ID: fc79dc32e9e810542c07049c1f2bf94ef743a52fb6f0412de5a3867dfe14752f
Instruction ID: 9e3dbd52886d6ce8608126d3d945bd8ee53e032f205ca4b5f003c26b6ee95ebe
Opcode Fuzzy Hash: fc79dc32e9e810542c07049c1f2bf94ef743a52fb6f0412de5a3867dfe14752f
Instruction Fuzzy Hash: 9F4190B3F406250BF3548979CD683626683DBD5310F2F827D8E4967BC8EC7E5D0A5284

Function 008D006F Relevance: 1.8, Strings: 1, Instructions: 546COMMON

Download Yara Rule

Strings

<6;u, xrefs: 008D05D0

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: <6;u
API String ID: 0-2810342316
Opcode ID: fc6adbad6440b2719206564672c962d93c70821ae13c9776c1f5f3a43ccb3029
Instruction ID: e669a3b4cc083886c81214f098c7b51eb21a8d382370eaebf0559b5dd418a4f0
Opcode Fuzzy Hash: fc6adbad6440b2719206564672c962d93c70821ae13c9776c1f5f3a43ccb3029
Instruction Fuzzy Hash: C702F2B3F142244BF3548E28DD88366B792EBD5310F2B863D9E88A77C4D97E9C058785

Function 0093317B Relevance: 1.8, Strings: 1, Instructions: 529COMMON

Download Yara Rule

Strings

N^}, xrefs: 00933837

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: N^}
API String ID: 0-1014140450
Opcode ID: 2abf8658121f4e47568e3db58856e0bdaf7941bcc9fa44a39e83a964c1fcfb2e
Instruction ID: d1a4e17447727c4f8e7eac1e3d72768af248c67496bb55a3d31957db355d0e69
Opcode Fuzzy Hash: 2abf8658121f4e47568e3db58856e0bdaf7941bcc9fa44a39e83a964c1fcfb2e
Instruction Fuzzy Hash: AE02DCB3F112244BF3144E39CC98366B6D6DBE5320F2F863D9A98977C4E87E9C064285

Function 00939193 Relevance: 1.8, Strings: 1, Instructions: 520COMMON

Download Yara Rule

Strings

V,_, xrefs: 00939819

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: V,_
API String ID: 0-2240150687
Opcode ID: a27a16b0256faada9dbbb48464bcbf2beee6bf72b0a106982039c7664f0f4899
Instruction ID: 4064d266303564a5358493892419a986058b180021471d3fc3ee99ccfc6e4e41
Opcode Fuzzy Hash: a27a16b0256faada9dbbb48464bcbf2beee6bf72b0a106982039c7664f0f4899
Instruction Fuzzy Hash: 61F1BDB3F122204BF3445939DD58366B683DBD5320F2B823DDA989B7C9ED7E9C064285

Function 009945FF Relevance: 1.8, Strings: 1, Instructions: 508COMMON

Download Yara Rule

Strings

:C@, xrefs: 00994AEC

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: :C@
API String ID: 0-1826217687
Opcode ID: 8abe4f6d3639024de85cda6f051f090803f618c78ee594bd593ca377589737e8
Instruction ID: 9305187c97ea0d442bd8723086604ce46cd730fe6f3e0eb19868a229c7913550
Opcode Fuzzy Hash: 8abe4f6d3639024de85cda6f051f090803f618c78ee594bd593ca377589737e8
Instruction Fuzzy Hash: 6702CFF3F156204BF3445E29DC883A6B693EBD4320F2F853D8A88977C5E97E58068785

Function 0091238C Relevance: 1.7, Strings: 1, Instructions: 467COMMON

Download Yara Rule

Strings

[, xrefs: 009125AF

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: a0528968b1d11f33214746a3ce759e31c45a87b89d4c4b3331f88cab8dbbfd41
Instruction ID: d0a696030392762286cdcf8fdfa8d5c83d3220345d35fa10a69aa46a2857de2c
Opcode Fuzzy Hash: a0528968b1d11f33214746a3ce759e31c45a87b89d4c4b3331f88cab8dbbfd41
Instruction Fuzzy Hash: 02E112F3F042144BF3045E2DDC88376B6D6EBD5320F2B463D9A889B7C5E97A9C468285

Function 0088E50F Relevance: 1.7, Strings: 1, Instructions: 463COMMON

Download Yara Rule

Strings

b%=, xrefs: 0088EA0A

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: b%=
API String ID: 0-1719070853
Opcode ID: a7419d7fedd6b477b9cd0f378f16659ba7c1dd7bc3bc2f9e59421bcb75a58add
Instruction ID: 09002b61bbe75abb069ee609e54dc4494ee76ff063fc48dd195785e3d4e26b5c
Opcode Fuzzy Hash: a7419d7fedd6b477b9cd0f378f16659ba7c1dd7bc3bc2f9e59421bcb75a58add
Instruction Fuzzy Hash: 41F102B3F002154BF3145E38CD983A6B692EB94320F2F863D8E98977C4E97E9D058385

Function 0084D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 0084D2A4

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 144302a37e538617eb2930b8555bdcbf0a6b7c7d079d1b286c83460ea9f8a115
Instruction ID: 0177df744197fcff2602441a6fbccfc5fa5a17ff4783c1d79b94fb729eac9846
Opcode Fuzzy Hash: 144302a37e538617eb2930b8555bdcbf0a6b7c7d079d1b286c83460ea9f8a115
Instruction Fuzzy Hash: 9041C3706043819BE3158F38C9A0B62BFE1FF57318F28868CE5D68B393D775A8468B51

Function 0084D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

><+, xrefs: 0084D353

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: ><+
API String ID: 0-2918635699
Opcode ID: 1e143b407903595c77cb4ffa26de5db91d904fcdf71f3caaa23c888af08d65b9
Instruction ID: c01ac79bb6a26d867700cb073e8ffb7fbda6d9734d8315d8ec92decf799d3fdc
Opcode Fuzzy Hash: 1e143b407903595c77cb4ffa26de5db91d904fcdf71f3caaa23c888af08d65b9
Instruction Fuzzy Hash: 3FC1BD756047418FD729CF2AC490722FBE2FF9A310B29859DC4DA8B792D735E806CB50

Function 0084B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 0084B458

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction ID: a40e9ee15843c9d178ddd8e13581e4713ed26666926830687803ed534f8b7936
Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction Fuzzy Hash: F4C117B2A0835C5BD7258E29C49076BB7E9FF94314F198A2DE895CB382E734DC44C792

Function 008B7005 Relevance: 1.6, Strings: 1, Instructions: 334COMMON

Download Yara Rule

Strings

tif8, xrefs: 008B72F5

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: tif8
API String ID: 0-2579131591
Opcode ID: 2aa8a1c577e409c56408a191522ed23566f985e0cc41ddf40bf821916e2a91bf
Instruction ID: 3bd1517e4fea44ffc6b680f31dc4e022557cb9789e4c9b18b8de2e76608e69b3
Opcode Fuzzy Hash: 2aa8a1c577e409c56408a191522ed23566f985e0cc41ddf40bf821916e2a91bf
Instruction Fuzzy Hash: 08B18DB3F1162547F3544978CCA83A265839795324F2F82788E9DAB7C6EC7E5D0953C0

Function 009551DA Relevance: 1.6, Strings: 1, Instructions: 330COMMON

Download Yara Rule

Strings

"N], xrefs: 00955335

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: "N]
API String ID: 0-1807146042
Opcode ID: 485d4f644fefd9a684ec8a2374983ac5db546b003ea2f0b3008574dcbd22ab87
Instruction ID: 40819b169708b02205b98cc617ebced95a7d3f30c5d44f86c4183edbd738e153
Opcode Fuzzy Hash: 485d4f644fefd9a684ec8a2374983ac5db546b003ea2f0b3008574dcbd22ab87
Instruction Fuzzy Hash: 18B1AEB3F1162547F3544D29CC683A2A283DBD1325F2F82788E59ABBC5D97E5C0A53C4

Function 0089C4BB Relevance: 1.6, Strings: 1, Instructions: 323COMMON

Download Yara Rule

Strings

P, xrefs: 0089C5C7

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: c5ecedb50f3e0edf614e8f00e6ba841543388cadbaa1cc57aa16103dca870acc
Instruction ID: 10de114156c4e0bc39063def2304d96106152cd911331fc16d2e71b30d87dcd9
Opcode Fuzzy Hash: c5ecedb50f3e0edf614e8f00e6ba841543388cadbaa1cc57aa16103dca870acc
Instruction Fuzzy Hash: 59B17AF3F11A2547F3544828CC983A26583D7E5325F2F82788E5CAB7CAD87E9C4A5384

Function 0097406C Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

6, xrefs: 009740F1

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: b2345f0de53e7ccf3c8dcefcc2c4049c7e3b8fea50103129d407a99cae643a3c
Instruction ID: 18878565e668a935704ec3000f8f9eec59b0aa6531c8d37ae0d0309c328ec014
Opcode Fuzzy Hash: b2345f0de53e7ccf3c8dcefcc2c4049c7e3b8fea50103129d407a99cae643a3c
Instruction Fuzzy Hash: D3919CB3F116244BF3544D38CC983A26283D7E5325F2F82398E5D677C6E97E2C0A5284

Function 00847440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00847465

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: eb3ffc22bb26a9c96a0a09c8c3ecab3ff8aae1f67f070771bf2d4cf2cf3e4701
Instruction ID: 8ab2c64fb43ea424244d1dd9de0ce0c4e3534895f173362a157d8cdb2dfc783f
Opcode Fuzzy Hash: eb3ffc22bb26a9c96a0a09c8c3ecab3ff8aae1f67f070771bf2d4cf2cf3e4701
Instruction Fuzzy Hash: 9E7129B160C3085BD7189E68DC9273B76A1FF91318F1A883CE586DB292E374DC058756

Function 00967001 Relevance: 1.5, Strings: 1, Instructions: 257COMMON

Download Yara Rule

Strings

Aarh, xrefs: 00967001

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: Aarh
API String ID: 0-362394445
Opcode ID: d4e247937dc11b09ea3f6e071cdc35499830f0b69050ce3792bffc74a7d2924b
Instruction ID: e0b7a06bcfd9433c13a330ec5a1fd003cefe6bf789af550e9f2b42fabd008425
Opcode Fuzzy Hash: d4e247937dc11b09ea3f6e071cdc35499830f0b69050ce3792bffc74a7d2924b
Instruction Fuzzy Hash: 1191BDF3F406214BF3544868CC983A26683DBA5325F2F82788E5C6B7C6E8BE5D0953C4

Function 008E2107 Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

,, xrefs: 008E21DA

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 215b82c748aa016705b0a9b33358c90d5266eececd2f69ed79d8d7bd570a3c3f
Instruction ID: 15b9feac95768f8df82fd99c64e0ce86a3e022cb8660ee6d19f4ed8d2b570867
Opcode Fuzzy Hash: 215b82c748aa016705b0a9b33358c90d5266eececd2f69ed79d8d7bd570a3c3f
Instruction Fuzzy Hash: 1B81BFB3F102254BF3584938CC683A27683DB96310F2F82788E49ABBD5D97E5D0A53C4

Function 00934348 Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

#, xrefs: 0093440D

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 46a2430194f4bb846076fc91a349fbfc0bd2d105ecc5e35eaeb814e161b0ee9c
Instruction ID: b69e6f178252bb66f2a1665378e5ce427a29f8860793ccc3d183a57be652c6d9
Opcode Fuzzy Hash: 46a2430194f4bb846076fc91a349fbfc0bd2d105ecc5e35eaeb814e161b0ee9c
Instruction Fuzzy Hash: F181CCB3F016248BF3544D69CC583A2B293DBE5320F2F42788E586B7D5E97E6D0952C4

Function 009245FF Relevance: 1.5, Strings: 1, Instructions: 237COMMON

Download Yara Rule

Strings

SEDx, xrefs: 009245FF

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: SEDx
API String ID: 0-1147552628
Opcode ID: 03db0161c4b1df1212636036c36a710aa183335b2afe3d11c934d9fd127ee07c
Instruction ID: 4d5860e637ef798a74921e3fa5c1b5ab5b573eeb643f5088dc835486c63167a3
Opcode Fuzzy Hash: 03db0161c4b1df1212636036c36a710aa183335b2afe3d11c934d9fd127ee07c
Instruction Fuzzy Hash: E181CEB3F21A2547F3540E28DC943B17283DBA5325F2F81798E49AB3C5E9BE5C4A5384

Function 0097B0F0 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

2, xrefs: 0097B1B0

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 02cfb801c0272c8b1d614d04b763614144f3dc93983dc80083417cf27fa826a4
Instruction ID: f2625536bb75b4a4d426b9bfb84ec3e6928a7e1bc898313908246a9699c1cc78
Opcode Fuzzy Hash: 02cfb801c0272c8b1d614d04b763614144f3dc93983dc80083417cf27fa826a4
Instruction Fuzzy Hash: 6E81ADB3F116254BF3504D29CC983A276839BD5321F2F82788EAC6B7C5D97E9D0A5384

Function 00953157 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

1ouO, xrefs: 009533C9

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: 1ouO
API String ID: 0-2658344311
Opcode ID: 5f82c595141cdaa4778c63f306fefb99679f19c57a2399c55fb44fe5b63c3254
Instruction ID: 704ccc2346f8635a84553c8ff16d8b4c42acc30a07e49dae792de2b6a6245013
Opcode Fuzzy Hash: 5f82c595141cdaa4778c63f306fefb99679f19c57a2399c55fb44fe5b63c3254
Instruction Fuzzy Hash: 4D81ACB3F5162447F3884838CD983A67683DB96311F1F81798F49AB7C9D87E9D0A5384

Function 009840E6 Relevance: 1.5, Strings: 1, Instructions: 234COMMON

Download Yara Rule

Strings

z, xrefs: 009841F2

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: z
API String ID: 0-1657960367
Opcode ID: bfc8aa29805ae79e4846fd4b5183d7acd05aa3c5a9bae0d6166aeec4bd7200c0
Instruction ID: 09abb3949b2ef0cb96f14fca7a7768f61fc87c7e3c5e3cb3a7f946ad9d07f99b
Opcode Fuzzy Hash: bfc8aa29805ae79e4846fd4b5183d7acd05aa3c5a9bae0d6166aeec4bd7200c0
Instruction Fuzzy Hash: 0C8176B7F1162447F3544929CCA83A276839BE6315F2F41BC8E996B3C6E87F5C065388

Function 0082D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0082D455

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 33c448a8a2220ca663040e71f7126944494db2e62297e78b6790b7b8a5e9119c
Instruction ID: 2cd6b9066de64986cc65f9aa7afcf8548cabf241494cca1a737e666324ca4c37
Opcode Fuzzy Hash: 33c448a8a2220ca663040e71f7126944494db2e62297e78b6790b7b8a5e9119c
Instruction Fuzzy Hash: 255124712407108FC728CF28E8D4A36BBE1FB65714B29982CD597D7662D2B1FC86CB51

Function 0084C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 0084C173

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: f5bf5978e923221d5da5ad820def45f4bb31a6b5d048d504dfe638f8955c94a8
Instruction ID: 9a4fd395c23fe13caf2543d7aec3acca5a2924e9549edc545e66241f49278f57
Opcode Fuzzy Hash: f5bf5978e923221d5da5ad820def45f4bb31a6b5d048d504dfe638f8955c94a8
Instruction Fuzzy Hash: 6D51F521605B804BD729CB3A88613B7BBD3FBDB314B58969DC4D7C7686CA3CE4068710

Function 0084C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 0084C173

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: e4534a8b2d143ff7e07e8ebc4dac1e293fd64bb36140e7689aa1f0ada4053d55
Instruction ID: dfde88cd58418e0001291cfcb0c9215a48476fce1327f28b1f5867d28a2f2f45
Opcode Fuzzy Hash: e4534a8b2d143ff7e07e8ebc4dac1e293fd64bb36140e7689aa1f0ada4053d55
Instruction Fuzzy Hash: BD510925615B904AD729CB3A88503B3BBD3FF97314F5C969DC4D7D7A86CA3CA4028710

Function 0091A42C Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

x, xrefs: 0091A5B1

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: x
API String ID: 0-2363233923
Opcode ID: 2b8f2e4e4cc86a7ba73bb3a76f650d4d08514c8991921689a6572fada2194af9
Instruction ID: fd54416004b4e6eac6cd0ae34e3c73c2868fc6f3968716cd52e34709d6399b3f
Opcode Fuzzy Hash: 2b8f2e4e4cc86a7ba73bb3a76f650d4d08514c8991921689a6572fada2194af9
Instruction Fuzzy Hash: 8571C0B3F116244BF3504D68CC983A27293DB95311F2F82788E58AB7C9D97E6D0953C4

Function 008C45EB Relevance: 1.5, Strings: 1, Instructions: 212COMMON

Download Yara Rule

Strings

K;, xrefs: 008C47BE

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: K;
API String ID: 0-3236327308
Opcode ID: f2ecee6d94555b7119f1023af0797118fed26aebb72ebdc3d41500a333b299cf
Instruction ID: 01dbb4822bd33fd0e58ed0fbe2f602467caccbd495fa76dd02a609651e0357af
Opcode Fuzzy Hash: f2ecee6d94555b7119f1023af0797118fed26aebb72ebdc3d41500a333b299cf
Instruction Fuzzy Hash: D071A1B3F1062447F3544D38DC983927683DB95320F2F82798E989B7C9D97E5D095784

Function 008CE1D8 Relevance: 1.4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

Strings

J, xrefs: 008CE2AE

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: J
API String ID: 0-1141589763
Opcode ID: e0db8ba1f07022b3bb6a3f210618e499adef6b9d9b30bc6618cd3b502bbeaa33
Instruction ID: c36178989b21e87e7e6f7e83f4eddb64380bd843b8ffbfbc8a7fba04a684548b
Opcode Fuzzy Hash: e0db8ba1f07022b3bb6a3f210618e499adef6b9d9b30bc6618cd3b502bbeaa33
Instruction Fuzzy Hash: 8851DFB3F116254BF3444D28CC443A27283DBD6315F2F82788E586B7C9D97E5D4A9384

Function 00861160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 0086123B

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 200e6c8c3b1c31c80b2e62a88b42021125f4242b613dad0b2bc148c29992f509
Instruction ID: 1cc719583ff0c765030a670b549d042dc44c9dc39a05abbd136618cff03197f9
Opcode Fuzzy Hash: 200e6c8c3b1c31c80b2e62a88b42021125f4242b613dad0b2bc148c29992f509
Instruction Fuzzy Hash: 724122B1A043109BDB18CF64CC5AB7BBBA1FFD5354F09991CE5859B3A1E3759804CB82

Function 00944322 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

)3jd, xrefs: 00944332

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: )3jd
API String ID: 0-262029837
Opcode ID: d918650cc7139e4e70b1f04fe0808e87b11c7f3beb94cad41ceecbaee4111a32
Instruction ID: 7ec9cb99e4fb471481c07084f7d35aaa818a560fc342b5d920da8044db9b5cdc
Opcode Fuzzy Hash: d918650cc7139e4e70b1f04fe0808e87b11c7f3beb94cad41ceecbaee4111a32
Instruction Fuzzy Hash: 0851BDB3F102158BF3404D69CC983A27683DB9A310F2F8178CE885B7C5D9BE5D4A9384

Function 0084C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 0084D9F4

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: dedcb8104a6da66aac06cdd7bef8aee77bc9db4de7377df835761c69ab516a43
Instruction ID: 292047de0879eec7248c67aa89f9d509f3b9ed0809980b798f422ed6efead137
Opcode Fuzzy Hash: dedcb8104a6da66aac06cdd7bef8aee77bc9db4de7377df835761c69ab516a43
Instruction Fuzzy Hash: E641D1611047928FD722CF39C860762BFE2FB97310B199698C0D6DB696C738E846CB50

Function 0089403D Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

jC/, xrefs: 0089417C

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: jC/
API String ID: 0-513437215
Opcode ID: 3e1bdd2de119cc956828d44c6189ab5a9aded741b2e4102461174944eb4cca70
Instruction ID: deaebae3f1134a8c8cbd31be7cfc97bc24c94d3ea79d7609523b731969b3888b
Opcode Fuzzy Hash: 3e1bdd2de119cc956828d44c6189ab5a9aded741b2e4102461174944eb4cca70
Instruction Fuzzy Hash: A7518AB3F112254BF3444868CD583A27693ABD0321F2F82788F5CABBC5D9BE4D4A52C4

Function 00ACA0BA Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

5z, xrefs: 00ACA29D

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: 5z
API String ID: 0-1052659649
Opcode ID: f0336c4c0dcbb6aafc12dbe7d83da26ce859e080055eaeb77edbf860b299612b
Instruction ID: 9191d4c6ceb3067bfdcdbff08c33b42bebd30754f7503bb68787906ff0396add
Opcode Fuzzy Hash: f0336c4c0dcbb6aafc12dbe7d83da26ce859e080055eaeb77edbf860b299612b
Instruction Fuzzy Hash: F1318EB550C608DFD308AF25E845A7EF7F5EFA4315F12891DE6C682260E73A5890DB43

Function 009650B3 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

], xrefs: 009650C4

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID: ]
API String ID: 0-2329275837
Opcode ID: ccd77e61f3704473b14fbe9c3669aeb3d71db539346cde5b52370cd8f9da3f6f
Instruction ID: 98bd97368e1eac376c3f9663c45c31f67075f87bb0298d68767273ed01eee701
Opcode Fuzzy Hash: ccd77e61f3704473b14fbe9c3669aeb3d71db539346cde5b52370cd8f9da3f6f
Instruction Fuzzy Hash: 6F313A73F5162147F3548929CC943626293DBCA311F2F8278CA085BBC8DD7EAC5B5284

Function 00860340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 008603AD

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 4dbe4d28a186c65d8300481938f5574a492f52924c74e7c7018259cc1eaa14d0
Instruction ID: 3336c0a3f220868558caeb1155581e5509215d8d5f5492e3ff2ef21ad4debb74
Opcode Fuzzy Hash: 4dbe4d28a186c65d8300481938f5574a492f52924c74e7c7018259cc1eaa14d0
Instruction Fuzzy Hash: 383101715083048BC324DF58D8D266FBBE4FBC5328F15992CE69983390D735D848CBAA

Function 0084E180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55ffbc10a1a97e8bb887248411bac38abef7799c22c566d60c610dd82015ddcd
Instruction ID: 2ab7b29a90527efcc5f9b8e07bf1aca5a6a39666d06e3d17e8bbfc783cd32350
Opcode Fuzzy Hash: 55ffbc10a1a97e8bb887248411bac38abef7799c22c566d60c610dd82015ddcd
Instruction Fuzzy Hash: A862B2F1511B019FD3A0CF698881B93BBE9FB89354F15491EE6AEC7311CBB065058F92

Function 008265F0 Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86990bffd56595cf7602632816a2ba4bb8cffefd095703b537a01157c9051ac4
Instruction ID: 45859220f37cd3bc9da94c30d97117fcb94b020f960fa0fc9ff2cb6e1e34b588
Opcode Fuzzy Hash: 86990bffd56595cf7602632816a2ba4bb8cffefd095703b537a01157c9051ac4
Instruction Fuzzy Hash: 6B52D5B0908BA48FEB31CF24D4843A7BBE1FB51314F14896DC5D786AC2E779A8D58712

Function 008273D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction ID: 88b44671eb1172ab1d8d267e57f26d8aa7a362a3f88185e4d0c1340abe44d363
Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction Fuzzy Hash: 2F22D332A0C7258BC725DF19E8806ABB3E1FFC4319F19892DD9C6D7285D734A891CB46

Function 008970DD Relevance: .6, Instructions: 570COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff4f6f8773812bfe01d707eb7ffe8219958a60e6aca5f565d307708e4dfb709f
Instruction ID: 427acf287e30f22392410def70f2f55898ad6d8761f054b618fff1d79a01f393
Opcode Fuzzy Hash: ff4f6f8773812bfe01d707eb7ffe8219958a60e6aca5f565d307708e4dfb709f
Instruction Fuzzy Hash: F11257E3F65B144BF7540878DD883A21983D7E5325F2F8274CB589B7C6D8BE8C0A5288

Function 00895133 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36fdb97bcfbd3acc9948d22f010f76b85b2907b8bf8e8e19c4e6e2284265a9da
Instruction ID: 2a1e001762226268d94b701f2fd914eff2e6baaee2c39138ecfcb5361b538c72
Opcode Fuzzy Hash: 36fdb97bcfbd3acc9948d22f010f76b85b2907b8bf8e8e19c4e6e2284265a9da
Instruction Fuzzy Hash: B212E3B3E116214BF3444D79DC983A6B6D2DB94320F2B863C9E88AB7C5D97E9C058385

Function 008A04CF Relevance: .5, Instructions: 468COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e93f2d8369d586d5ec4903cfe58266391c4c10d2ed6eb9d1c6cb3b6fcf0a3d4
Instruction ID: 1b70e4629adfe7ec4d2d9998242e84a60ce09735501b1357ef35a1c2a2337a37
Opcode Fuzzy Hash: 1e93f2d8369d586d5ec4903cfe58266391c4c10d2ed6eb9d1c6cb3b6fcf0a3d4
Instruction Fuzzy Hash: 30F1F2F3F102154BF3048E38DC94366B792EB95720F2B823D9A889B7C5EA7E9C054785

Function 008BA3CA Relevance: .5, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2691001c28db054a711b087ee77f6a070ec5f532f6513593babefcdf35554198
Instruction ID: 2c5d5b7c11be516638348cff6027f812415f8d7a8dc5c48afe930bc3c3da0383
Opcode Fuzzy Hash: 2691001c28db054a711b087ee77f6a070ec5f532f6513593babefcdf35554198
Instruction Fuzzy Hash: 39E1CFB3E111244BF3548E29CC993A2B692EBD5320F2F82398E98A77C4DD7E5C0942C5

Function 0085A5D4 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 239efb3899dd6e20b314e5e14ac48ea901526dd542edbbbe578752eb136dbbbf
Instruction ID: 418199d80470481a8b909de01c3af7848d2e5a133c62d95174ff642dcda71662
Opcode Fuzzy Hash: 239efb3899dd6e20b314e5e14ac48ea901526dd542edbbbe578752eb136dbbbf
Instruction Fuzzy Hash: E1D13436528316CBCB188F38E896266B7F5FF48741F4B9A7CC882872A0E779C954C751

Function 008971A7 Relevance: .4, Instructions: 419COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6a9ae915ce9b54adc038dfb7b310bdfb7e5cf35b4e841fe9ad8ede5318f0d8
Instruction ID: 8bdbe65af929a7a81d57a0296f3b876445ff1d2faa5a005d84ae5830818b6322
Opcode Fuzzy Hash: 6f6a9ae915ce9b54adc038dfb7b310bdfb7e5cf35b4e841fe9ad8ede5318f0d8
Instruction Fuzzy Hash: 76D16AE7F65B044BFB5404B8DD893A11983D7A5325F2F8274CB588B7C6D8BE8C4A4348

Function 008B04ED Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd2d2bdeb07650bfaca94fd5006441e1bf100a001d45dd5c189a0fe88169cd12
Instruction ID: cc7fa78df98ba32f3268ef93750b29c74d522ec56f15506e938f0f5b1c23e167
Opcode Fuzzy Hash: bd2d2bdeb07650bfaca94fd5006441e1bf100a001d45dd5c189a0fe88169cd12
Instruction Fuzzy Hash: 58D1DFB3F5062547F3444969CC983A26283DBD5325F2F82388F5CAB7C5E8BE9C0A5384

Function 0095A3A3 Relevance: .4, Instructions: 376COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c41e4cba07cf44a3d9801c988301bf02a64200d6fe3a3d36aa853b216a62e463
Instruction ID: 85fcbeee0c20005aaaed906494498394fb01b257463eea0dcdcc2abc6b56b5b4
Opcode Fuzzy Hash: c41e4cba07cf44a3d9801c988301bf02a64200d6fe3a3d36aa853b216a62e463
Instruction Fuzzy Hash: 3AD18BB3F5162547F3584838CC683A26683DBD1324F2F82788F59AB7C5D8BE9C065384

Function 009744C8 Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55a77685b58a0db3ab380298d4f53025daa69cea94f3cc98c62a0fa9bc7d9371
Instruction ID: 223827f72759c1cc1f117f0dd1b77439305b06cbeeede3c9945c89916d077b21
Opcode Fuzzy Hash: 55a77685b58a0db3ab380298d4f53025daa69cea94f3cc98c62a0fa9bc7d9371
Instruction Fuzzy Hash: 9EC19CF3F1163547F3584978CC9836266839BA5325F2F82788E4C6BBCAE97E5C0952C4

Function 0089E32E Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f3eddf0d9ac5c8d2c8d96e8374412de122c28617ed3d4589f2d6d874187538c
Instruction ID: d69d2269e087fea5e7645ccc205c00f260f20fa670b9193c5daa5a4c88d39a61
Opcode Fuzzy Hash: 2f3eddf0d9ac5c8d2c8d96e8374412de122c28617ed3d4589f2d6d874187538c
Instruction Fuzzy Hash: 60C1CBB3F10A254BF3544929CC943A2B2839BD6725F2F82788E4C6B7C5E97E5C0992C4

Function 008FA519 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621c892d3a7c1e280e26268df125c32259a549f891b62802cc88a5fd8ee21d13
Instruction ID: 796eb684917aaec32c0eece900f248d070387d7e02ca3c8453d17c631010ae19
Opcode Fuzzy Hash: 621c892d3a7c1e280e26268df125c32259a549f891b62802cc88a5fd8ee21d13
Instruction Fuzzy Hash: 5CC1CBF3F106254BF3484D38CC683A27692EBA5320F2F42788E59AB7C5E97E5D095384

Function 008B10A4 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e865809310c0a5a223d7519759b001617021e3d8174da584dd0a2ad1cbcb7546
Instruction ID: b25ad0f0461bbe6e5177c8244de76bf96477f653682865fe9b44fe7fd730ddd7
Opcode Fuzzy Hash: e865809310c0a5a223d7519759b001617021e3d8174da584dd0a2ad1cbcb7546
Instruction Fuzzy Hash: 1BC1AEB3F6162047F3540968DC583A26683DBE6325F2F82788E6CAB7C5D87E5C4A53C4

Function 0093A4DC Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 911f95943b977a9106bb8d5352cf01e8579f4430d737ee4293f7ad241c524774
Instruction ID: ea6d67566af9ec2b43b35f6cd859ed1b47505d8954d20f86bd33d9222435655d
Opcode Fuzzy Hash: 911f95943b977a9106bb8d5352cf01e8579f4430d737ee4293f7ad241c524774
Instruction Fuzzy Hash: 17C17EF3F1162547F3544979CD983A26643DBE5321F3F82398E48AB7C9E87E9C0A5284

Function 0096231B Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41513e9d7e3f8d33a93db653a8f77744a9c116631d0edf9ae281562f1b45275c
Instruction ID: f14f11899ae37be9cf4a98ca06f4c2035db7e88b2bc76aa70e36389e8913ab57
Opcode Fuzzy Hash: 41513e9d7e3f8d33a93db653a8f77744a9c116631d0edf9ae281562f1b45275c
Instruction Fuzzy Hash: 62C19EB3F1162507F3984879CC983A265839BD5321F2F82388F5DAB7C5DD7E5C0A5284

Function 0089213D Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db7031c39a45a09ac3f02701f593a0ffcbb07e8d315eec738121a7cb24d1dd4e
Instruction ID: 34fbfc612a0d79e6e26c732e167b5649b6b4b2de0910b69034cdf7edb1b034ad
Opcode Fuzzy Hash: db7031c39a45a09ac3f02701f593a0ffcbb07e8d315eec738121a7cb24d1dd4e
Instruction Fuzzy Hash: 96C1BEB3F6162547F3544928CCA83A22283DBD5321F2F827C8E999B7C6DD7E5D0A5380

Function 0092C116 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5e329cd3288e2c6f045b1a5a792c081238870d3e97823c009d198c7fa039c22
Instruction ID: 71d01b71bccb59370857d67f65bb53fa4fc719ef1ec910dc4d033f2674988e67
Opcode Fuzzy Hash: d5e329cd3288e2c6f045b1a5a792c081238870d3e97823c009d198c7fa039c22
Instruction Fuzzy Hash: D1C1BEB3F1162547F3540978CCA83A26683DBE6324F2F8278CE586B7C5D9BE5C4A5384

Function 00981028 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 510fc2f55ddc5ec8f03d055033698b64531450cce569f51ef7651ca3715b534d
Instruction ID: 96a8aa19058d7007f7499c16f16a83c96ac1f6d06557fa23936ac4b77e9096fa
Opcode Fuzzy Hash: 510fc2f55ddc5ec8f03d055033698b64531450cce569f51ef7651ca3715b534d
Instruction Fuzzy Hash: 02C18AF3F1162547F3544839CD983A2658397E5325F2F82388F58ABBC9EC7E9D0A5284

Function 009163FA Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3aa63178f4dc5451a5730721841a84cc77636ffa42199b2901991a2efb86928
Instruction ID: 631a41dd69faed8bab908b882bd97f83cb8fb60c03ea882660159709da08462e
Opcode Fuzzy Hash: c3aa63178f4dc5451a5730721841a84cc77636ffa42199b2901991a2efb86928
Instruction Fuzzy Hash: ACC1ADB3F5062507F3584839CD683A26683D7D5321F2F82788E59ABBC9DC7E9C4A5384

Function 0083E220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb0240d17546543f75235a51233fde73274451b7a0f06d9772d0935fee8ab53e
Instruction ID: 494fb16876007a5fc207a86c7e12d2cfd0f26cc2325ddd67d3d49e52cdda59db
Opcode Fuzzy Hash: eb0240d17546543f75235a51233fde73274451b7a0f06d9772d0935fee8ab53e
Instruction Fuzzy Hash: 58B1F571504301AFD7149F24DC42B2ABBE2FFD8315F144A2DF998E72E1E77299088B82

Function 008B8292 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb40ef23416e0b0826b83100b5b485addb96bd0f16e59dc0ff4d2c55c2d27d3f
Instruction ID: 6269a3463c53968f16bbf02259c2920535492c18c9b8b1163af8b3ba24670982
Opcode Fuzzy Hash: fb40ef23416e0b0826b83100b5b485addb96bd0f16e59dc0ff4d2c55c2d27d3f
Instruction Fuzzy Hash: 2FB169F3F5062547F3584839CC683A266839BE5324F2F82798F9D6B7C5D87E8D0A5284

Function 009970DB Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8590b3211a9488180e6ec06027d0175f3a4c7f348fa08add25b5636cdd9f44c8
Instruction ID: 9532aae3ad84b456af6dec668059fac31758af538434f95d9023518d212966ca
Opcode Fuzzy Hash: 8590b3211a9488180e6ec06027d0175f3a4c7f348fa08add25b5636cdd9f44c8
Instruction Fuzzy Hash: 99B19CB3F1062547F7584D38CC583A26693DB96321F2F82788E986B7C9DD7E5C0A9384

Function 0090E454 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d2bd15a3e3fdf8f88a0d26b82c88fc4fec70074327e248f8e8b9072aa789575
Instruction ID: 8242380e8149af5564d7154ca20dd65752de5154f16b34908b707340a911d383
Opcode Fuzzy Hash: 0d2bd15a3e3fdf8f88a0d26b82c88fc4fec70074327e248f8e8b9072aa789575
Instruction Fuzzy Hash: CAB1BCB3F116254BF3544D78CC983A26683DB95324F2F82388F986B7C9E97E5C4A5384

Function 0088F007 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6853822ce3bec4180c399f28ad1bcb8a27ef12d0ae7d4ec5e26b6d7663ae3cd2
Instruction ID: 2facd50d37c189862292ef716844ad202e7939b8ccd82c66fd38f90190e5ed77
Opcode Fuzzy Hash: 6853822ce3bec4180c399f28ad1bcb8a27ef12d0ae7d4ec5e26b6d7663ae3cd2
Instruction Fuzzy Hash: CDB18AB3F115250BF3544938CD583A265839BE5325F2F82788F4DABBCAEC7E5C0A5280

Function 009940CC Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eac3fd64cc7abf15179c552b5a8046402d5f54650bc50029ec1fa8dff6933d3
Instruction ID: 72a254cca5210b69d632be107f44bb31ba378062d897919ddb82cd14eaf562ff
Opcode Fuzzy Hash: 9eac3fd64cc7abf15179c552b5a8046402d5f54650bc50029ec1fa8dff6933d3
Instruction Fuzzy Hash: CAB199F3F507224BF3440C78DC983A26682D795324F2F82388F58AB7C6D97E5D0A5284

Function 008BE217 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62456b347bde0872ecc2db98a8ad517b2041efd88d1ea5ddfa53ce7a9998c9b9
Instruction ID: 313b899f40201a945c9bb952e8312a9ee57126480fc523cdf49b7281f66c6460
Opcode Fuzzy Hash: 62456b347bde0872ecc2db98a8ad517b2041efd88d1ea5ddfa53ce7a9998c9b9
Instruction Fuzzy Hash: 4AB19AF3F1062547F3544939CC983A26283EBD5324F2F82788F986BBC9D87E5D0A5284

Function 008E62DD Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec6f7e3383bc0246240cadd914db334323989123dda680083bfb5bb9057bf845
Instruction ID: 6cd1f8a46472a43bfe22f6437c10e04435167e9ce258c04e982e89b1a0940697
Opcode Fuzzy Hash: ec6f7e3383bc0246240cadd914db334323989123dda680083bfb5bb9057bf845
Instruction Fuzzy Hash: 7DB1A0F7F5162507F3444829DC983A26683D7E5325F2F82788F586BBC9E8BE5C0A5384

Function 008A9083 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a292c76341564434be18ebb92b11afc16ba98396e9f954a9db149566e82c2d8e
Instruction ID: fa5997ef87fefe4762c4a6926e5b5671da392b9f09aea1c76856f9746b288883
Opcode Fuzzy Hash: a292c76341564434be18ebb92b11afc16ba98396e9f954a9db149566e82c2d8e
Instruction Fuzzy Hash: CBB179B3F116254BF3444D78CC683A27693EB95321F2B42388E996B7C4D97E6D495380

Function 0093E00E Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f5d76fc64a97de78459cc2fe9b510838d899b695bf3977511592746e7c4e3e8
Instruction ID: cafbeb55d3bc5246382ebe720bb74602f0282116fa55b932a64d99d049c24116
Opcode Fuzzy Hash: 5f5d76fc64a97de78459cc2fe9b510838d899b695bf3977511592746e7c4e3e8
Instruction Fuzzy Hash: 31A16BB3F112244BF3584D79CC583626683ABD5320F2F82788E9D6B7C5D9BE5C4A9384

Function 009830EE Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9298d099dd88f7ef48b5bc5087f2d4388a87c0c443b44023420c14a17fea6c41
Instruction ID: 60548ff4e8414dba64dffd96cf845cac757487aeb08e6a3a3b14fe88640af98b
Opcode Fuzzy Hash: 9298d099dd88f7ef48b5bc5087f2d4388a87c0c443b44023420c14a17fea6c41
Instruction Fuzzy Hash: 0BA187F3F1162507F7484878CDA83A266839795324F2F823D8F5AAB7C5D8BE5C0A5384

Function 008DC414 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cb98b265d336b886d2a01b3086292b2e8f3aff7cf33d071acb835fcce98b253
Instruction ID: fb05b5f62e4eaa1583f59aa9bb143dd088b9b1b2161a68447afe680cd9289d1b
Opcode Fuzzy Hash: 8cb98b265d336b886d2a01b3086292b2e8f3aff7cf33d071acb835fcce98b253
Instruction Fuzzy Hash: ECB19FB3F116254BF3904D69CC94392B283EB94325F2F82788E88AB7C5D97E5C0A57C4

Function 00992155 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91ff712c0fc2104bd92b83c0781caea9b73fc340b895510c976f7bb9409656f7
Instruction ID: 45084cb02232509309ed96d5f63bd133ac69ee7a39c7503c886fb2426399cb71
Opcode Fuzzy Hash: 91ff712c0fc2104bd92b83c0781caea9b73fc340b895510c976f7bb9409656f7
Instruction Fuzzy Hash: CFA19DB3F1162547F3584968CC983A26283DBD5320F2F82398F5CAB7C5E97E5D4A5384

Function 0093A019 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 563367c5a7d6cca75b18a8a4be9e76db72d32080dbff7a779d22794d448415ec
Instruction ID: f262eedfa2e65ee4b42c29b28939828fd39d9d6b95399ffabdf71906f0b3bc2f
Opcode Fuzzy Hash: 563367c5a7d6cca75b18a8a4be9e76db72d32080dbff7a779d22794d448415ec
Instruction Fuzzy Hash: 7FA1A9B3F1162147F3544D38CC68362B283AB96321F2F82798E98AB7C5DD7E6C095384

Function 008823E2 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 665ab23b1a6cd8dae674851e465f6cde2d5407f683085db5fd7e9cece44a1b1b
Instruction ID: 5913171fea89536c2428dc9820e8a4bbb2e7478f73be7240978e77fa1b43417f
Opcode Fuzzy Hash: 665ab23b1a6cd8dae674851e465f6cde2d5407f683085db5fd7e9cece44a1b1b
Instruction Fuzzy Hash: D0A18EB3F1162547F3588979CC983A26683DBD5321F2F82388E59AB7C5DC7E9C0A5384

Function 0088C475 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9e4b4ee4fda5e5fc034009b5204958593e8943cd98a5bd0fdc51b5dbbab0231
Instruction ID: e08513f847c61ec0b779d8a4bae488e50e0ad7fe008894e32a79f17bb208448e
Opcode Fuzzy Hash: f9e4b4ee4fda5e5fc034009b5204958593e8943cd98a5bd0fdc51b5dbbab0231
Instruction Fuzzy Hash: 13B189B3F016254BF3544D28CC583A27693ABE5325F2F42788A8C6B7C9D97F5C4A9384

Function 009445C6 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 068b1cc4d18040dc987ab53ded6196ea1539bafbc552bf5f5d158fa839eed6d4
Instruction ID: 67389d313157a0e13fb1ce5efb9ef512bf8abebad04f095641218c6a918b4d4a
Opcode Fuzzy Hash: 068b1cc4d18040dc987ab53ded6196ea1539bafbc552bf5f5d158fa839eed6d4
Instruction Fuzzy Hash: 3BB18BB3F1062147F3984D28CCA83A26682EB95320F2F46798F9DAB3C1D97F9D055384

Function 00826160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: f5374c9df47912941db72f6c430166b1d621d0da3a37918e98438ed96dfabf4d
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: 20C15CB29487518FC360CF68DC86BABB7E1FF85318F08492DD1D9C6242E778A195CB46

Function 00936357 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a2515f3f06586e1b73e06185cbdf308bc3012450e8d3775846a42cd457ef71
Instruction ID: 76c38c2753b6e1199ab21adfa59dc49733ebf6fafb9b90c0122ab54ddacf7216
Opcode Fuzzy Hash: e8a2515f3f06586e1b73e06185cbdf308bc3012450e8d3775846a42cd457ef71
Instruction Fuzzy Hash: BCA1BCB3F2152547F3944938CC583A2668397D5321F2F82798E5CAB7C9EC7E9D0A5384

Function 0094E5FE Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08923ab5e7cf403addd8826e9c5921ce5d1dd0ea2196af0865c8781599389e6e
Instruction ID: 8989277b68375fc73d61131b6744ea8f6aef3ce8721e067a66bae9c6fe085cdd
Opcode Fuzzy Hash: 08923ab5e7cf403addd8826e9c5921ce5d1dd0ea2196af0865c8781599389e6e
Instruction Fuzzy Hash: E5A169B3F2162447F3584D79CD9836265839795321F2F82788F6DAB7CAD8BE4D0A42C4

Function 008B0074 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4997cb49ee505fadb2ab19c94a264dce17ec03bd162ad853f10accb449f91018
Instruction ID: 1dc8e6677916e7329c5f3f75ca45539d8c3ea0b28307e33b104f20fd77bd58d0
Opcode Fuzzy Hash: 4997cb49ee505fadb2ab19c94a264dce17ec03bd162ad853f10accb449f91018
Instruction Fuzzy Hash: A7A179B3F111254BF3544E28CC983A2A293ABD5320F2F42788E186B7C5D97F5D1A93C4

Function 008A84CA Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4ff1a68570b73a682b6072862aec8a525ad172e8d645002c0e8ec6c9969af52
Instruction ID: aab5c1ca43aa6529b6c0d0fd121fe3786d88fab985cc859d157e909cb9755160
Opcode Fuzzy Hash: a4ff1a68570b73a682b6072862aec8a525ad172e8d645002c0e8ec6c9969af52
Instruction Fuzzy Hash: 66A1BEB3F116254BF3544D68CC983926683EBD5321F2F82788E986B7C9E97E5D069380

Function 00901179 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47153204d75948ebc91fd5c5761eb805bf79f966cae75f722875bc73a6301f11
Instruction ID: 35d37c428bf19d8a28266155037a591e2f66ffa1ce7c94b3627990bf406727f1
Opcode Fuzzy Hash: 47153204d75948ebc91fd5c5761eb805bf79f966cae75f722875bc73a6301f11
Instruction Fuzzy Hash: 91A177B3F0152547F3584929CC683A2A283DBD5321F2F82798F9E6B7C5E97E5C065384

Function 00927052 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3732ada2bde222e0ae6f93deaffa8903f3405dc7931a1027acd3977d5ba9d78
Instruction ID: 2b8e069b1b69f88c1c29a3fc766175fe77daa4b59944b95c317f06509e5d9ce3
Opcode Fuzzy Hash: d3732ada2bde222e0ae6f93deaffa8903f3405dc7931a1027acd3977d5ba9d78
Instruction Fuzzy Hash: B0A19CF7F116244BF3500D29DC883926693A7E5325F2F82788E8C6B7C5E97E9D0A5384

Function 00923079 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beecb5826c288a7a4498bdc52e546bd458df58720b77da54818523c7939a9376
Instruction ID: 0b451c3fd5dd3d56bde490cdbf528358088f6921ce7f7e0ba592ea00a1fa4634
Opcode Fuzzy Hash: beecb5826c288a7a4498bdc52e546bd458df58720b77da54818523c7939a9376
Instruction Fuzzy Hash: 9DA1ACB3F116254BF3544938DC983A26683DBA1311F2F82788F986B7C9E87E5C0A5384

Function 008AD112 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66c7c0ef11438362b2a04b2c8aa68ba1e09cf84f76c3f9748caeb14b26aac343
Instruction ID: 9afd3bcaa822f7285d8819ffd5cc88c4a93e5f5f17a7d8c321d92e11c81196e7
Opcode Fuzzy Hash: 66c7c0ef11438362b2a04b2c8aa68ba1e09cf84f76c3f9748caeb14b26aac343
Instruction Fuzzy Hash: 42A149F3F1062147F3584879CD583626583DBE5325F2F82388E59ABBC9ECBD9C4A1280

Function 0090C23D Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8edd2f034d0b5d67dbae1070c55cb4bd28a05f4f11c4554baa8ca71d916ea35b
Instruction ID: f64b9b0c12e56271ab6e359638603225bcf8940538e8cc33b45149ed5f457bec
Opcode Fuzzy Hash: 8edd2f034d0b5d67dbae1070c55cb4bd28a05f4f11c4554baa8ca71d916ea35b
Instruction Fuzzy Hash: 6EA159B3F1062547F3544D39CC683A26683DBD1315F2F82788F89ABBC9E97E5C4A5284

Function 008E24E3 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93f7f4d2aed9395b85a9a345ab8b2d976cad6212b79f5b3082a352e1a1facd5d
Instruction ID: 3a80bd65331e9c562e6ce1f481d8d18e320573b019c388b84a140ce46d6c01ac
Opcode Fuzzy Hash: 93f7f4d2aed9395b85a9a345ab8b2d976cad6212b79f5b3082a352e1a1facd5d
Instruction Fuzzy Hash: A5A1CBB3F11A254BF3544825CC983A22683ABE1324F3F42788E9C6B7C6D97E5D4A5384

Function 008CD18D Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a49afbc8d7f82ada3883aa67e4e5ff5aadcf521a7fb306f1e169a8388d45c3c
Instruction ID: 1f09d09e31638991dd1ceca8de24eb6a30e6d41f9cc2fbbcca75d29f4f2c4750
Opcode Fuzzy Hash: 6a49afbc8d7f82ada3883aa67e4e5ff5aadcf521a7fb306f1e169a8388d45c3c
Instruction Fuzzy Hash: EDA1ADB3F1022547F3544838CD683A26983A795324F2F823D8E5DABBC6DC7E9D0A42C4

Function 0092E409 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84d1173208298e4b6007107bc6e8949b889ae992e84b85ee3857edf6079628b4
Instruction ID: 546ff3c6c42c97caa4fef7627cc0645abd91e5f7250a4f8347df09272d4fcc12
Opcode Fuzzy Hash: 84d1173208298e4b6007107bc6e8949b889ae992e84b85ee3857edf6079628b4
Instruction Fuzzy Hash: C3A1ACF3F1162547F3484939CC983A26683DBD5315F2F82788B49AB7C9DD7E9C0A5284

Function 008E03FF Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e19942334233d2488423f6c133c3dee3f41bd626e50f8f291ca77c5ee7dbb273
Instruction ID: 79c728ebb874ced428d5c68bada56509be8015d62d5efad84263d54cb6d420f0
Opcode Fuzzy Hash: e19942334233d2488423f6c133c3dee3f41bd626e50f8f291ca77c5ee7dbb273
Instruction Fuzzy Hash: 35A190B3F116254BF3544838CC983A26643DBE5325F2F82788F58AB7C9DCBE5C4A5284

Function 008AC2C9 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec01cf14f4b1adfa5ba77b83eef2b4888c430ec115ebc6294659a6b158294c49
Instruction ID: 8f02401ad90566e2308e6e47eac7243437ff084805ca304a4c973da2de99fdaf
Opcode Fuzzy Hash: ec01cf14f4b1adfa5ba77b83eef2b4888c430ec115ebc6294659a6b158294c49
Instruction Fuzzy Hash: 20A1B0F3F6162547F3544838DC983A26583DBE1325F2F82788E58AB7C6D87E9D0A52C4

Function 0092833B Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71308c10a599ac92c13b973f21e41b857b29b1fb5ab1c7713173cae38925b562
Instruction ID: fe2149abf83d13c7b42f2f8ebaf25ee3b0a2e864e9f05ab2008e50a98ce5c2bc
Opcode Fuzzy Hash: 71308c10a599ac92c13b973f21e41b857b29b1fb5ab1c7713173cae38925b562
Instruction Fuzzy Hash: 6BA19AF7F126254BF3540829DC583A2628397E5325F2F81398E8C2B7C6EC7E9D4A4384

Function 008E851C Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e791215693cc1a285529ef3f6bdad14eba18c6fc7c38e17f7e677f125ebeee12
Instruction ID: a157704aabc9c4b4c46fdd6320cbb414e12b8dce422b84884742e425aec76d45
Opcode Fuzzy Hash: e791215693cc1a285529ef3f6bdad14eba18c6fc7c38e17f7e677f125ebeee12
Instruction Fuzzy Hash: 49A199B3F5062547F3584879CD983A265839B91324F2F82398F9DAB7C6DCBE5C0A5384

Function 0089A12C Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e494eb3a6d855f500bd16d8f482ce2c92dfb9339ef85dc026fad9bb1f5cca9c2
Instruction ID: 11845e41efe93cd78045176cd6214d948614d849f60bbb5e397b277aeadbc2ec
Opcode Fuzzy Hash: e494eb3a6d855f500bd16d8f482ce2c92dfb9339ef85dc026fad9bb1f5cca9c2
Instruction Fuzzy Hash: 09A1ADF3F5122547F3440969DC983A26683DBE1325F2F82388E58AB7C5E97F9D0A5384

Function 008CA365 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 066eac973dea4f5d9cf90f6fc5ff77c0293f55f751e4747d3b2fb600cf460b08
Instruction ID: d95598858eb003c41c01d4852caa93674cd9c8469cca57082e43187442f37c17
Opcode Fuzzy Hash: 066eac973dea4f5d9cf90f6fc5ff77c0293f55f751e4747d3b2fb600cf460b08
Instruction Fuzzy Hash: EAA1AFB3F5062547F3544D38CC983A27683DBA6320F2F82788E99AB3C5D97E9D095384

Function 008B3038 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1702874d5bf9c6a416e09a1e9690e4f429635a826cc345c0ff12154bc6356f
Instruction ID: c003dc59d9b6d162db14e73f3a58f482126e8d87ba6bc2832d1f9094cff339ba
Opcode Fuzzy Hash: da1702874d5bf9c6a416e09a1e9690e4f429635a826cc345c0ff12154bc6356f
Instruction Fuzzy Hash: 95A15CB3F115254BF3544969CC543A26683DBE5321F2F82788E4CAB7C9E97E9C0A53C4

Function 008861FE Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 234d2d0141da55af61b4e49ab4475689d0a82a2a93751c17f91a109685913fbd
Instruction ID: 02473a84911d671c9b332a3cbe6adab07bb09e3c7b4fca24f7088f9d57d4d42b
Opcode Fuzzy Hash: 234d2d0141da55af61b4e49ab4475689d0a82a2a93751c17f91a109685913fbd
Instruction Fuzzy Hash: 2CA1DCB3F1162547F3644D79CC983A26683DB85320F2F82788E8CAB7C5D87E9C095384

Function 008C00C9 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a064122592faf40eaae97b22198a2252c4231e7186a7dcfe35aaed98143d9ddb
Instruction ID: 92d1584ea120e537d772485cfaa0c032aca5ed61cd339c60f207929704f9ba41
Opcode Fuzzy Hash: a064122592faf40eaae97b22198a2252c4231e7186a7dcfe35aaed98143d9ddb
Instruction Fuzzy Hash: C9918EB3F116254BF3444D29CC683A27693E7C5321F2F82798A585B7C9DD7E9C0A5384

Function 00963054 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca47057174fe12eabae500b7d5eb124c2b4f135126f1e481e0c8d929c22f0bc
Instruction ID: df3cc971f2eef204e16cc885be632032518f73cdfe3fb92436c1e934cf4f5b2d
Opcode Fuzzy Hash: 3ca47057174fe12eabae500b7d5eb124c2b4f135126f1e481e0c8d929c22f0bc
Instruction Fuzzy Hash: D5A18CB3F1162547F3584838CC583A266839BD5320F2F82798E8DAB7C6ED7E9D095384

Function 0098F054 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36a59a8c16b8e13465db2ca4fa69309b2775fa6e027ea73b625d913cefdef2b4
Instruction ID: e6f6e2a6ef18f425ed1138ac8ddd18b18025e8ecfd94e3955c305a89e7c7346b
Opcode Fuzzy Hash: 36a59a8c16b8e13465db2ca4fa69309b2775fa6e027ea73b625d913cefdef2b4
Instruction Fuzzy Hash: 4AA18CB3F1162547F3544928CCA83A17293DBE5321F2F82788E8D6B7C5E97E5D0A5384

Function 008CC314 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03a88d059d81629c9cffd655860e0054ee924ca2831e60727897cedc38a125f4
Instruction ID: 7bb79af83f038dd17e61f82676b9ea2e2595f1df98d7625e5915e7eef1582775
Opcode Fuzzy Hash: 03a88d059d81629c9cffd655860e0054ee924ca2831e60727897cedc38a125f4
Instruction Fuzzy Hash: 4DA19CB7F116254BF3544D38CC583A2668397E1321F2F82788E5CABBC5E87E9C4A5384

Function 008D63E8 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e1215c2fb4466a7bd2546656156277d78ee9602100ecd55812bf3a5aba3fd8
Instruction ID: 3039ab9306cd8dc55bd3f35292b177a4cd0f63ed50cd61a2eee562bfe00b698b
Opcode Fuzzy Hash: e5e1215c2fb4466a7bd2546656156277d78ee9602100ecd55812bf3a5aba3fd8
Instruction Fuzzy Hash: 7C9189B7F1162547F3844928CC983A26653DBD5321F2F82788F486B7C9D97E5D0A5384

Function 008904D5 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508344e5430fdc8f1e167e14e4a3e8973ebe9e81c89e4479918ad95200ee3208
Instruction ID: 85762619f29b001d61fcb03ef30f71081e441755b802f5733cc6db1485422583
Opcode Fuzzy Hash: 508344e5430fdc8f1e167e14e4a3e8973ebe9e81c89e4479918ad95200ee3208
Instruction Fuzzy Hash: 13A1ABB3F116254BF3944D38CC983A26683DBA5324F2F82788F596B7C5E87E5D0A5384

Function 0095C430 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e30bf2852f6bb2ff07d2471a94a061e46a9f7eb42168815d5fc9c550c0f7e67
Instruction ID: b00a4834fe0fdc72418fa70004e04a84ac0185575ae4d3067578a3516c125fbe
Opcode Fuzzy Hash: 5e30bf2852f6bb2ff07d2471a94a061e46a9f7eb42168815d5fc9c550c0f7e67
Instruction Fuzzy Hash: 74919CF7F5162147F3544878DD983A225839BE1324F2F82388FAC6B7C6D87E5D0A4284

Function 00943082 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b5336147eda361db36c719f737ec3e9ce3c2b912a89f2ee6f77927be4b8276
Instruction ID: 4a77f0f023d0e4d277e09ddc55aa1518ba00e84293441b00d8bc6e2ad655db22
Opcode Fuzzy Hash: 34b5336147eda361db36c719f737ec3e9ce3c2b912a89f2ee6f77927be4b8276
Instruction Fuzzy Hash: A891BDB3F2152647F3544D28CC983A276839BD5325F3F81788E48AB7C5D97E9D0A9384

Function 0098A26F Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04ea8cbad0836abbf67741caaac0886faf868fd495d78c13abff26a0e0afc88
Instruction ID: fd1e4c4dec3736d5a2d9eb855bafe691a2378e8136fbb6915ff12c78bcf12257
Opcode Fuzzy Hash: c04ea8cbad0836abbf67741caaac0886faf868fd495d78c13abff26a0e0afc88
Instruction Fuzzy Hash: 1A91BDF3F516144BF3484929CC983A23683DBD6325F2F81398F599B7C6D8BE9D0A5248

Function 0097C5DD Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f01a791c5c84342ee0641ec335ebc334bab68091b2da1ac674b796a8ce36044
Instruction ID: a2920fd4b9906c751477706b6516be1d86b399a19c582a1605b61cd398781228
Opcode Fuzzy Hash: 5f01a791c5c84342ee0641ec335ebc334bab68091b2da1ac674b796a8ce36044
Instruction Fuzzy Hash: 7091A9B3F111254BF3540E29CC683A27A939BD2321F2F82788E9D6B7C4D97E5D0A5784

Function 009203F5 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a503b7a68d4711ef3ccadd5fd25888fd10334151215b01722f839f0915de3061
Instruction ID: d0f192c50502f63ae4d83fd63b5badebe321c24465fc67d89e40bedb22b9403e
Opcode Fuzzy Hash: a503b7a68d4711ef3ccadd5fd25888fd10334151215b01722f839f0915de3061
Instruction Fuzzy Hash: EE91AEB3F5162547F3544839DD593A225839BD1324F2F82788F5CAB7CAEC7E8D0A5284

Function 00980436 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f3d6b2bf931fbc9bd0b93264bc2f4a8fb53ce3385de953a7461f02eab938501
Instruction ID: 6fcfdfaebf90334b016095a7bebad589cb4d64574163ec4daa1a289e68c51148
Opcode Fuzzy Hash: 3f3d6b2bf931fbc9bd0b93264bc2f4a8fb53ce3385de953a7461f02eab938501
Instruction Fuzzy Hash: 8391BDB3F1162647F3544D38CD983A26683DBD5321F2F82388E58ABBC9D8BE5D495384

Function 008B459D Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2632ce5734e11b02f2927f526d15be933e9e83ed9d8a9bfd9861ee7e6053d986
Instruction ID: ed36ba6218542c7245ac2de7a8909433bb285ef5aee90e2e176e82b0915f6e00
Opcode Fuzzy Hash: 2632ce5734e11b02f2927f526d15be933e9e83ed9d8a9bfd9861ee7e6053d986
Instruction Fuzzy Hash: 7F91ACB3F1162447F3584C28CCA83A26683D7D5321F2F82798F59AB7C6DD7E9C494284

Function 008D7026 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40ea56e3accbefe570eef0feb44301997fa9b227ee46d08b63254e0eaf8687cb
Instruction ID: ca8e4c12b2b3cd577577aaa6b174e626b2a8e1ad2c4c8993e802746842952b46
Opcode Fuzzy Hash: 40ea56e3accbefe570eef0feb44301997fa9b227ee46d08b63254e0eaf8687cb
Instruction Fuzzy Hash: 8091ABB3F116244BF3544939CC583A27683EBD6315F2F42788E48AB7C5E97E9D0A5384

Function 008DA069 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41b7c3073732f0011bf9e429fa2735aed6debbabd3e3a426a32d34c70eb95afa
Instruction ID: f507d2238888e4c8d4d4c7634c4e7b104e4bbed5e5d5a6d4e2f5d1ca65c45eba
Opcode Fuzzy Hash: 41b7c3073732f0011bf9e429fa2735aed6debbabd3e3a426a32d34c70eb95afa
Instruction Fuzzy Hash: 0E91DDB3F022244BF3544929CC583A2B6939BD5321F2F82798E8C6B7C5D97E5D4A9384

Function 0091915E Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a5e5d304ec809911d009b5af97f3d8d75e04d5185e168247be7851d34f7ee9e
Instruction ID: 5f38ec17e02d642a135ab8fa3e20add63db04dc977ca8398285c331ade53f33c
Opcode Fuzzy Hash: 6a5e5d304ec809911d009b5af97f3d8d75e04d5185e168247be7851d34f7ee9e
Instruction Fuzzy Hash: E89191B3F5062447F3544929CC943A27693DBD5315F2F82788F58AB7CAD87E5C0A5384

Function 0097A2EC Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 128021e505c576e675bab16b7d0a5f1597c4667fad234fc52570ef87b087a5e2
Instruction ID: 9027667836171939997d39af536577826d916d09ba6b14f8ce247a7870d2753b
Opcode Fuzzy Hash: 128021e505c576e675bab16b7d0a5f1597c4667fad234fc52570ef87b087a5e2
Instruction Fuzzy Hash: D191AEB3F1162647F3544968DC983A26283DBE1321F2F82788E5CAB7C5E97E9C455384

Function 009141B5 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd6f0d33cfc833f23cfef6edc190b0f87b5f481204520d1c3dae157bdd9df7f3
Instruction ID: 25892ca2a89f0b809ff01c22e57b7ac22d1c694d8f8dd9336204e6f7f1385604
Opcode Fuzzy Hash: fd6f0d33cfc833f23cfef6edc190b0f87b5f481204520d1c3dae157bdd9df7f3
Instruction Fuzzy Hash: 0D919BB7F116254BF3504D29CC483A26683DBD5325F2F82388E5CAB7C5E97EAC0A5384

Function 008404C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: 7b5f5aee15ee52377c36f8cef0d553f7ccfa1411ffdb1c82f07948bfb9ae5661
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 96B16132618FC18AD325CA3D8855397BED25B97334F1C8B5DA1FA8B3E2D674A102C715

Function 00996144 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0bf591f971b2389ebcc246702b96055ea65c3fc059074c6a22ba59f3c756ff0
Instruction ID: 45565f58f4e8039a938d89b2df852361a551c3c9746ccbd88b5c38db8f47ca3e
Opcode Fuzzy Hash: e0bf591f971b2389ebcc246702b96055ea65c3fc059074c6a22ba59f3c756ff0
Instruction Fuzzy Hash: 2091BCB3E016254BF3144D68CC583A2B693DB96324F2F82788E986B7C4E9BE5D0657C0

Function 00926285 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf94e1f3301920775bb09842cc150cf77591b8d61f4b568bdea7cdce9528cba8
Instruction ID: ef71c78bbf59ef4c364b8fd3104d32ded97ae479e0b512b5ffa9d80d7ad5fbed
Opcode Fuzzy Hash: cf94e1f3301920775bb09842cc150cf77591b8d61f4b568bdea7cdce9528cba8
Instruction Fuzzy Hash: 5091AAB3F116254BF3544879CD983A26683DBD1321F2F82388F986BBC9D97E5D0A4384

Function 008BC2A1 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d79e98cc9630c335cc3a69cac12229000b41d1061a96d1d7ec34196e0bbd993
Instruction ID: 9ff5e5ee93d4d0bd06470034f18b0e7af2ae2dff97eab545753cc1cc2cf20a39
Opcode Fuzzy Hash: 9d79e98cc9630c335cc3a69cac12229000b41d1061a96d1d7ec34196e0bbd993
Instruction Fuzzy Hash: BF91A0B3F1162447F3944D29CC943A27283DBA5321F2F41798E49AB7C5DD7EAC095784

Function 008EE35B Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a169dd42d5cca3d238dc103ad4fc7da344f8bcd9bbd5f67c087e98e23132db
Instruction ID: e6ca5ea53c4a358cb37b5f0f94c79c8f2e86e7465e9bb88f0af55c679ab8dc33
Opcode Fuzzy Hash: e1a169dd42d5cca3d238dc103ad4fc7da344f8bcd9bbd5f67c087e98e23132db
Instruction Fuzzy Hash: E69187B3F106258BF3544D64CC843A2B293EBA6321F2F41788E486B7C5D97E5D4A9384

Function 008A43AA Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 234f11048562ba99315cbdd3c7cc0785534adb7db5128fe7b46ff3654fbc257e
Instruction ID: b6e56979c43c4171e14aae148fa82ecad99d89b7cdf30987c992cd2129884e38
Opcode Fuzzy Hash: 234f11048562ba99315cbdd3c7cc0785534adb7db5128fe7b46ff3654fbc257e
Instruction Fuzzy Hash: AF817CF7F1162547F3544838CC983A266839BE5321F2F82798F586BBC9E87E5D0A5284

Function 008A20AD Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc300971cee9f3fd9ca98ce3a852aa1129ce6bcc547a4ade1a68a62f1c86cb6f
Instruction ID: 6480b4472efa2ee1d08046b89ea075719ba9c08ec18de6c9e52ecafb14f1df8a
Opcode Fuzzy Hash: fc300971cee9f3fd9ca98ce3a852aa1129ce6bcc547a4ade1a68a62f1c86cb6f
Instruction Fuzzy Hash: D581ADB3F2162047F3544969CC883A2B683DBD6311F2F82788E58AB7C5D9BE5D0A5384

Function 008CF048 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 870efa804e14bddb8a3bab6f047953ab38ce23cda5056d96758110aed64458d9
Instruction ID: 9c75b7d39224eed763f6512242fe8e7600662eb988a166123489b71f06312323
Opcode Fuzzy Hash: 870efa804e14bddb8a3bab6f047953ab38ce23cda5056d96758110aed64458d9
Instruction Fuzzy Hash: 5E816CB3F1162547F3504D29CC98362B693EB95721F2F42798E486B3C5DD7E6C0A9384

Function 00860460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b3d8905309ccad64063a164f119b575d556338f4a88c7592caf7d1d2a676d075
Instruction ID: 3304099596034aed67717233c8c44dde21a78426b3b8b78092761ab8b0e21084
Opcode Fuzzy Hash: b3d8905309ccad64063a164f119b575d556338f4a88c7592caf7d1d2a676d075
Instruction Fuzzy Hash: 266149356083059BD7159F18C890A3FB3A2FFD4760F1A852CE985DB2A1EB30DC51DB8A

Function 008910E2 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f841f209244eb15c5326a9cfc23f684a02a8f9aedd09bda5b9f2707bf52f268
Instruction ID: d152209c78adbad1adf2f16bcc5c401bed85c5ccfcb53d9a2e31ccdea4d2164f
Opcode Fuzzy Hash: 6f841f209244eb15c5326a9cfc23f684a02a8f9aedd09bda5b9f2707bf52f268
Instruction Fuzzy Hash: DD818BB3F102244BF7544D39CD983A26683DB95325F2F42788E886B3C5D9BF6D4A9384

Function 0094B1CE Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7309103697b76aab2838c4d37c5f61d7ba368e39fe47bae044aaa7547e463e2a
Instruction ID: b371c7490d9dd7db1dc4f308706ba3c2c6f68b6893677b159999c7acc94c331a
Opcode Fuzzy Hash: 7309103697b76aab2838c4d37c5f61d7ba368e39fe47bae044aaa7547e463e2a
Instruction Fuzzy Hash: CC81F1B3F106254BF3544E28CC983A27683EB96321F2F42788E9C6B7C5D97E6D095384

Function 008C232A Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37252834e44b306b673e065aff8338ee9462dc7f8ae725f9c5a683d6124d527a
Instruction ID: acc5fead2e9a8fed16238fdb277db497da5d262cca5be1de70944d3ec59ccec8
Opcode Fuzzy Hash: 37252834e44b306b673e065aff8338ee9462dc7f8ae725f9c5a683d6124d527a
Instruction Fuzzy Hash: 06819CB3F1062647F7588D39CC683A26683DBD5310F2F827C8E49ABBC9D97E5C455284

Function 008DA4B0 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501c17ef53e17b2538bad9d6c8694fd4f6acd0ff6dd137b2def4d763d141488e
Instruction ID: d1f1b88977a999a179c7594dac19f1b72bba4f4c8036cce9bac2275b3458339c
Opcode Fuzzy Hash: 501c17ef53e17b2538bad9d6c8694fd4f6acd0ff6dd137b2def4d763d141488e
Instruction Fuzzy Hash: 4481DEB3F5062547F3484D29CC983A27243DBD6321F2F82788E586B7C5D9BE9D4A5384

Function 009544D0 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15338a30f1a74c750c2d1987f7314a7922f0ab97323a915ecc5ed2cca23e6404
Instruction ID: 60f2a7a4ffa28fe7b86c6e8bd32f8e719eefe1e3f64683f5dd0c43a8c6e98832
Opcode Fuzzy Hash: 15338a30f1a74c750c2d1987f7314a7922f0ab97323a915ecc5ed2cca23e6404
Instruction Fuzzy Hash: 3381BBB3F016254BF3544E28CC883A27293AB95325F2F82788E4C6B7C5D97E5D4A93C4

Function 0094E1E8 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c976abf9ea46b5eb8e95a95894570b83726ebdfdfdf10a8a133ad11deb405a46
Instruction ID: e034d8151137ad0d5b120668db1f72a695144473fd3d0212b4ec58fbd2f4cdee
Opcode Fuzzy Hash: c976abf9ea46b5eb8e95a95894570b83726ebdfdfdf10a8a133ad11deb405a46
Instruction Fuzzy Hash: 908168B3F516244BF3544878CD883926683A7D5325F2F82788F9C6BBC9DCBE5C0A5284

Function 0092517E Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f59a230e346b94424200a3820ee7e965146b5ad4f5b15f595cdee407ab06339f
Instruction ID: 2f0efea259f22c54df9e4e69bd70bc1667b8cd48ca79a00cb2fd418e2e3ab611
Opcode Fuzzy Hash: f59a230e346b94424200a3820ee7e965146b5ad4f5b15f595cdee407ab06339f
Instruction Fuzzy Hash: 4A8181F3F1162547F3584C28CDA83A26683DBE5325F2F82388F599B7C9D87E4D4A5284

Function 00918490 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad1939161ef1f963f2a5132efe118e381e8dfb7f4ee19a8560638ad7b6288c7
Instruction ID: 7805d649c2025855f2cab988100c7a8208b8ba49352357512ba61c58fb71ffca
Opcode Fuzzy Hash: 3ad1939161ef1f963f2a5132efe118e381e8dfb7f4ee19a8560638ad7b6288c7
Instruction Fuzzy Hash: 9C818CB3F2162447F3504D28CC583A27293DB95321F2F42788E98AB7C4DA7E9D0A93C4

Function 008C63C2 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd6a1c7da8fc76871aa10a14b1deabf67231cffa7f2379d51a9b24a94b76763b
Instruction ID: e3024780a4d12e82dbd4e16d18210437de97d1c0618ae6c96bbd51ff1e917ab7
Opcode Fuzzy Hash: fd6a1c7da8fc76871aa10a14b1deabf67231cffa7f2379d51a9b24a94b76763b
Instruction Fuzzy Hash: FD819BB3F5162507F3944978CC993A26683DB90320F2F82398F9DAB7C5DC7E9D0A5284

Function 00948353 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681162ba63fdad7385dff1903192abc17357f952b6192cc0013941e5848162f5
Instruction ID: 964096cdde3e9ec35b48ae182bf717416e9161461547e06b770bd37a27211f17
Opcode Fuzzy Hash: 681162ba63fdad7385dff1903192abc17357f952b6192cc0013941e5848162f5
Instruction Fuzzy Hash: 2A81AEB3F5052447F3584928CC583A262839BD5324F2F8278CE5DABBC9DC7E9C4A5384

Function 0085C5A0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: efe6c1da6a10326a7d5e03c65f1ae414cfdfcc2febeb28fabf608223fe1cb416
Instruction ID: c2f0cf9efd60505da567584d312f9c702d142f71903914fbcc6e801e73baff8c
Opcode Fuzzy Hash: efe6c1da6a10326a7d5e03c65f1ae414cfdfcc2febeb28fabf608223fe1cb416
Instruction Fuzzy Hash: 93514875A083054FD718AE68C88062FBBD2FBE9711F19896CE885D7791E6319C05CF86

Function 008F8043 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45ecc2e82dcd2fb42f659dd4f01cac1bf19ec7886f7119cba8681a3b4a259ea
Instruction ID: 158f0d96fb66f6884b8e5eface78eb70f3d14842dabfc3b5aea0da801a4c6e70
Opcode Fuzzy Hash: d45ecc2e82dcd2fb42f659dd4f01cac1bf19ec7886f7119cba8681a3b4a259ea
Instruction Fuzzy Hash: 27818CB3F116254BF3444D29DC983A27243EBE1325F2F81388A58AB7C9DD7E9D0A5784

Function 0091810D Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ab232330d7ba35585675f14a916b8ab3746c40bbb12776bfef2a93086773f0
Instruction ID: 0fb8ae804cab1da2707299d2a5af74500ce5e448588f9dd3cd40ac0149d6ea04
Opcode Fuzzy Hash: 31ab232330d7ba35585675f14a916b8ab3746c40bbb12776bfef2a93086773f0
Instruction Fuzzy Hash: 1F81BE73F2162547F3548D38CC883A2B293DBD5311F2F82788E58AB7C5D9BEAD495284

Function 009890A0 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c17b43446faa30fa678387fa5db995b6df0dd60126932026d016f338e1461b3
Instruction ID: cbfcb3cbe5d625cb777b24569e8d423c825be7cc61cb3737e10cf0e7e6cb9a9d
Opcode Fuzzy Hash: 6c17b43446faa30fa678387fa5db995b6df0dd60126932026d016f338e1461b3
Instruction Fuzzy Hash: 6F819DB3F012254BF3448D79DC883A27293EBD5321F2F42788A486B7C5E97E5D4A9784

Function 0090E0CA Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db0993f6a0d27e302f848b1ea8419b84593fa3f259cd0dac1e1a448bb1dd9e28
Instruction ID: 0acd2af77c8d7576b82101166a6677c64ab9928700ccfb787d3fb6117077bda6
Opcode Fuzzy Hash: db0993f6a0d27e302f848b1ea8419b84593fa3f259cd0dac1e1a448bb1dd9e28
Instruction Fuzzy Hash: C6816CB3F216254BF3444D28CC983627283EBD5315F2F81798E58AB7C9D97E9C1A5384

Function 0097F195 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 999d4ff419b68d46079d74be53bf22d1eeb49563fef10434d206bd00d8b7abb8
Instruction ID: 40537fee2bf211a7065d0c8c106a6b85d5d8b799d552425e2c115bd715666205
Opcode Fuzzy Hash: 999d4ff419b68d46079d74be53bf22d1eeb49563fef10434d206bd00d8b7abb8
Instruction Fuzzy Hash: 098178B3F106244BF3544D68CC983A2B692EB99311F2B82788E48AB7C5D97F6D0957C4

Function 008BD11F Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aceb3852567537780be40cfe68845fe984dad0d015d16a794a696fdc4f2753b1
Instruction ID: 56f34cdab7c17e82ad41247106673f803efe2c9bc0e86ba879a865840dec0eb4
Opcode Fuzzy Hash: aceb3852567537780be40cfe68845fe984dad0d015d16a794a696fdc4f2753b1
Instruction Fuzzy Hash: D4818CB3F1022447F3544E25CC583A27693EBD5721F2F82788E986B7C8D97E6D0A9384

Function 0092F02B Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f721080edd1635d90e524352247fa10bd47684440264bc087e8d41634d1ce0b8
Instruction ID: 64218534b1ff6a0db0f04a86d931726e427f65c8129951505ccf2295b26dc686
Opcode Fuzzy Hash: f721080edd1635d90e524352247fa10bd47684440264bc087e8d41634d1ce0b8
Instruction Fuzzy Hash: 2B818CB3F1022547F3584938CD593A22583DB95320F2F827D8F9DAB7C5D8BE9D4A5288

Function 008F60AD Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 552f38f3e920014d9960e557198b6003467958f3ab814627c6cae30f1ad8f81e
Instruction ID: 7ae3f38f74204f4178ff5a775f7ab04db9b531979a8c07bb7c6987356181052b
Opcode Fuzzy Hash: 552f38f3e920014d9960e557198b6003467958f3ab814627c6cae30f1ad8f81e
Instruction Fuzzy Hash: 3881AAB3F116254BF3580928CC583A27683DBD1321F2F82788E8D6B7C5E97E5D4A5384

Function 0090B024 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 801301b22f7ddcf5d9fb28d80b4b48c6b1d32806e148d7b262ed7ce7f62c40a3
Instruction ID: 0c001c17d3118251edc4e2f6abae8ef6c1f6e24d342da8ff1ef62bc408b0c26c
Opcode Fuzzy Hash: 801301b22f7ddcf5d9fb28d80b4b48c6b1d32806e148d7b262ed7ce7f62c40a3
Instruction Fuzzy Hash: 5571E2B3F106244BF3584D29CC983A27283DBD6315F2F817C8A59AB7C5E97E9C095384

Function 0090A3DA Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afc8fb69025c889f9e0234969d47ad33000581173161a5436da837ae1e5c1d5
Instruction ID: f24ef42f37104b159926381be75ea3e7b351298884d18740a86966fdcd2e3120
Opcode Fuzzy Hash: 6afc8fb69025c889f9e0234969d47ad33000581173161a5436da837ae1e5c1d5
Instruction Fuzzy Hash: 6571BDB3F216244BF3544D68CC8839176939BD5321F2F82788E9C6B7C6D97E5D099384

Function 008C0501 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b9b4ec666a9b1917c8ac8d5bd5d565da231d0dcf71594065c668b9814c2631e
Instruction ID: 9495ecc408d17bca545f2c4ca114fcec6c5ee3f3245417b9b382f61e16166ed8
Opcode Fuzzy Hash: 4b9b4ec666a9b1917c8ac8d5bd5d565da231d0dcf71594065c668b9814c2631e
Instruction Fuzzy Hash: D871BDB3F1162547F3944C69CC983A26283DBD6321F2F827C8E68AB7C5DC7E5D0A5684

Function 0088A446 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af50af01f631e4efab8c946e523be3d3caba17ae38f9d3b80c11a2d89030c088
Instruction ID: b67924648418c35e402afd822ddcfc624aec5b2cbd8ebab751dcad2ed641cdbb
Opcode Fuzzy Hash: af50af01f631e4efab8c946e523be3d3caba17ae38f9d3b80c11a2d89030c088
Instruction Fuzzy Hash: CF71C0B7F1122547F3544D28CD583A2B682EBA5311F2F82788E8C6B7C9E97E6C4953C4

Function 0098E037 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa481eb967dfbc01173d1f075ac3878dc57c5cbb0f74cb9a1354afb3408e32b
Instruction ID: dda1e1594b3e2807fe819a49c84536c3676fdbc3679f1e94bac4232473ba827c
Opcode Fuzzy Hash: faa481eb967dfbc01173d1f075ac3878dc57c5cbb0f74cb9a1354afb3408e32b
Instruction Fuzzy Hash: B871CCB3F1162547F3544E29CC983A27283DBD5711F2F82388A485B7C9DD7EAC1A5384

Function 0096041C Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a88076c8a43eaa92b55e7024a3bf7c6fb393d6675c2c6050a0075f81e991c10
Instruction ID: 8dbd133d79993372bc31f041b16131654b7357efe342cabe3ac54083f6fb6bd5
Opcode Fuzzy Hash: 0a88076c8a43eaa92b55e7024a3bf7c6fb393d6675c2c6050a0075f81e991c10
Instruction Fuzzy Hash: EC718DB3F1062547F3644938CC983A26683CBD5321F2F82798E9C6B7C5D9BE5C4A5384

Function 009400A7 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcac19471c4bbbf4c597e2955076da5b6b548674e0a5ae1546292793fa82e09a
Instruction ID: ce9bc139bb44a0903842252c22d8f3230d83f71575fd2a92db81622e1f9b6654
Opcode Fuzzy Hash: bcac19471c4bbbf4c597e2955076da5b6b548674e0a5ae1546292793fa82e09a
Instruction Fuzzy Hash: 2981E3B3F216254BF3404D29CC983627653DBD6311F2F41788E486B7C5D97E6D0AA784

Function 008A6580 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdd32722d3bd4ce58f50de1db4f9a290a5cca876ee5d8ee5e3014696fec2e61b
Instruction ID: d8c4f3e5152a5f1d15288769b45d16eb6281001360cadf684062fe9faa700939
Opcode Fuzzy Hash: cdd32722d3bd4ce58f50de1db4f9a290a5cca876ee5d8ee5e3014696fec2e61b
Instruction Fuzzy Hash: F6717DB3F116350BF3544D78CC983A2A682DBA5320F2F42388E89AB7C5E97E5C4953C4

Function 0097309C Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39688a895b68d2aa418eabc0af9d9e23fac25b654cfee65ccad3ad1cc5d1f608
Instruction ID: 6bfd67fdd996600b30e78a5327e77ac0c9591924f5a312611f817b13adbf5c86
Opcode Fuzzy Hash: 39688a895b68d2aa418eabc0af9d9e23fac25b654cfee65ccad3ad1cc5d1f608
Instruction Fuzzy Hash: 3E71ACB3F1162647F3540D38CC983A2B643DBE2311F2F82788A895B7C8D97E5D4A9384

Function 00888316 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9203e2e4fcac3746fd13a0bd2f37d7691f1dd795a73dc1a5c3ab216d5e296905
Instruction ID: 274d400433c5b73b84d1a316e96f2a764e3e7a93bed0339bd0e3a63e2824fde0
Opcode Fuzzy Hash: 9203e2e4fcac3746fd13a0bd2f37d7691f1dd795a73dc1a5c3ab216d5e296905
Instruction Fuzzy Hash: 4171B4B3F106148BF3484E29CC643B17393EB96315F2E817C9A459B3D5E97EAC499384

Function 0094A5AB Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19aa41a590b3e5a804667047e6263cf1e713b5a7630c7d4d9f62f4b1a57a4409
Instruction ID: 991c95cd16b6c18035ce088372edc5dc926f27d6db88e03a949e11a6bccdac82
Opcode Fuzzy Hash: 19aa41a590b3e5a804667047e6263cf1e713b5a7630c7d4d9f62f4b1a57a4409
Instruction Fuzzy Hash: 6671BFB3F116254BF3544929CC183A27283DBE5326F2F81788E4CAB7C5D97E9D4A6384

Function 008A708B Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 090cc6c89a2eebb2a0250bfbfdcf61a6049a32e0d94577c1bb00088f06e3c0fe
Instruction ID: 915af12e437ee790c581cd1f33ed0adfece8b6fb32518e8ddf7cb554a1c80f71
Opcode Fuzzy Hash: 090cc6c89a2eebb2a0250bfbfdcf61a6049a32e0d94577c1bb00088f06e3c0fe
Instruction Fuzzy Hash: 0171A1B3F506244BF3444D68CC883A17653EB95314F2F82788E88AB7C9D9BEAD495384

Function 009682CF Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6beecc561bec5340205a8d829d7b78a646e557c6c2e439273d5ceb95836410f4
Instruction ID: f1918bd4392eebedd6a5769ab73da10e6db790971e63274aeced6690d975adca
Opcode Fuzzy Hash: 6beecc561bec5340205a8d829d7b78a646e557c6c2e439273d5ceb95836410f4
Instruction Fuzzy Hash: 75718AB3F1162007F3584838CD983A66683DBD5321F2F82798E996B7C9D97E5D0A5384

Function 0094C417 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45c961f0e3d790e142d6b012d6bea22c670055a7c07a5c5bd26d9ed4fa4ec060
Instruction ID: 66694c9186eea2474f3f40551177bd9cc1a578f717e1caa9d2d7fb1616c870e3
Opcode Fuzzy Hash: 45c961f0e3d790e142d6b012d6bea22c670055a7c07a5c5bd26d9ed4fa4ec060
Instruction Fuzzy Hash: 7571AEB3F106258BF3404E28CC543A27693DB95325F2F42788E88AB7C5EA7FAC555384

Function 008F013D Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1623911571d13b9d70805704cc2ad70ed5c26521bcc60924d959961a9323097c
Instruction ID: 645baefdee76e55783e33b663f9ac8e1638ce4f23167a07f57ce107d9496d0d5
Opcode Fuzzy Hash: 1623911571d13b9d70805704cc2ad70ed5c26521bcc60924d959961a9323097c
Instruction Fuzzy Hash: 0C7180B3F616254BF3844D24CC983A23253D7D6321F2F82788E585B7C5D9BEAD499384

Function 008EA3FA Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7563a0016292eed4e24df0c0ea21fbb24768f05cf9efcf7531432b8807bef519
Instruction ID: ca472e9ae99953b59246bf3959ab19fd8d49118a6e2fc722ccc9118c4cf4dd28
Opcode Fuzzy Hash: 7563a0016292eed4e24df0c0ea21fbb24768f05cf9efcf7531432b8807bef519
Instruction Fuzzy Hash: 9561BBB3F112254BF3544D68CC583A2B693DB95320F2F82798E886B7C5E9BE5D0993C4

Function 0096606E Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45fa6856bfd1861fb995d4c51ee2ee6bd13f91b1b3bbae3c8e9e901e2b660b67
Instruction ID: 3a8cefaa3591ddc4271e819aeb13264668ae1253732ff67c0722e1107315bd9b
Opcode Fuzzy Hash: 45fa6856bfd1861fb995d4c51ee2ee6bd13f91b1b3bbae3c8e9e901e2b660b67
Instruction Fuzzy Hash: 6C6157B3F1122547F3644D29CD983A2B6839BD1321F2F42788E9C677C4D97EAD4A5384

Function 008C116C Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af18b037b7af2c458192bd16a619dd36411d2be993796c98371f9f6b8972505
Instruction ID: e6416710fe91dfbf67bc02f6b6380cd2abdd9b94ee9a148a9d804a1db9707520
Opcode Fuzzy Hash: 8af18b037b7af2c458192bd16a619dd36411d2be993796c98371f9f6b8972505
Instruction Fuzzy Hash: A4619CB3F1162547F3544E29CC843A27293DBD6311F2F81798E486B7C8DD7E6D0AA288

Function 0093F0E0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23560f95f629f331cb2bdb23078be35c58a22c413adad5c2ec52a94811a5ba06
Instruction ID: 6d13dc4653bc075ac3f8a0eae10a4f0945543b38ee1c4a8a3805eee28b997f13
Opcode Fuzzy Hash: 23560f95f629f331cb2bdb23078be35c58a22c413adad5c2ec52a94811a5ba06
Instruction Fuzzy Hash: E861ACB3F106204BF3944D39CC583A27283EB96311F2F82798E99AB7C5ED7E5D495284

Function 00980126 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c297a41c207660837a3df6e1aa4d924ec9f81320a541483c0c0bde0ddb3367
Instruction ID: cf5ad7282e2d612b649d707386d70a2021cf95b510d75e2361d31297f821a282
Opcode Fuzzy Hash: 47c297a41c207660837a3df6e1aa4d924ec9f81320a541483c0c0bde0ddb3367
Instruction Fuzzy Hash: E46168B7F1162547F3504D28CC983A26283DBD9325F2F82B88E9C6B7C5D97E5C496384

Function 00906272 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7e0d4bfe40f7e26fa3d08844b7ebca039c5177743e18a3e42871bd157314975
Instruction ID: 7cb1499f5a83ad0c8a16c5b03da8f4c8e04f049432878c9078b4f1d849ee5773
Opcode Fuzzy Hash: b7e0d4bfe40f7e26fa3d08844b7ebca039c5177743e18a3e42871bd157314975
Instruction Fuzzy Hash: B761B0B7F116244BF3544D28CC483A27693DBD6311F2F82788D586B3C9E97EAC4A5784

Function 008B23E8 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a228a809e288eaaff0ff1016c6b6ec07415e26369efaca1af341cb73b1e81da0
Instruction ID: d31b3c0587e09cd293bc39c6dc70f56634dec098e2793d1ee4a4e289d56f426a
Opcode Fuzzy Hash: a228a809e288eaaff0ff1016c6b6ec07415e26369efaca1af341cb73b1e81da0
Instruction Fuzzy Hash: 54618BB3F506244BF3544E29CC543A27293EBD5720F2F81798A886B3C5DDBEAD469384

Function 008C815A Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64050a0da576ab33f643c216150e41ad44047d29fbc72181789131477008e170
Instruction ID: 471e9c4d6ad732085298b74e205803433d9f9f9e72583e14715a37ac9155d731
Opcode Fuzzy Hash: 64050a0da576ab33f643c216150e41ad44047d29fbc72181789131477008e170
Instruction Fuzzy Hash: F0619CB3F106254BF3048E29CC943627293EBD5721F2F42788B595B7C4D97EAC1A9384

Function 008D5147 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd1ca05e7e4728acff921faa970da0c97ca4e3b71b8781eb5fae60e7b777e907
Instruction ID: 0b8c41e1ce89d9ef35d0880571eb2a4dd8da979f8c81fb52a7864810c070a6ef
Opcode Fuzzy Hash: dd1ca05e7e4728acff921faa970da0c97ca4e3b71b8781eb5fae60e7b777e907
Instruction Fuzzy Hash: BA619AB3F116254BF3944D28CC543A2B283EB95721F2F82788E996B7C5ED3E6D095384

Function 008EF16A Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b714049a2a5fa27293d69a3c5135afd574e5d7c1c7a4f7b5a184e735f1055656
Instruction ID: ef128f4310880ecb8fff7232917754203670f09e9cb6baddaf47110f351a2030
Opcode Fuzzy Hash: b714049a2a5fa27293d69a3c5135afd574e5d7c1c7a4f7b5a184e735f1055656
Instruction Fuzzy Hash: E96179B3F116254BF3504E29CC84362B393EBD5711F2F81788A486B7C5DA7E6D1AA384

Function 008C843C Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05429a6b268b485bab588c948d80b9ce8f34a011f83a08079d375182f034768b
Instruction ID: 0d2f970340930bde8f422c2daa0fb6aaa8537c28f246c2d26c41f865cb9269e0
Opcode Fuzzy Hash: 05429a6b268b485bab588c948d80b9ce8f34a011f83a08079d375182f034768b
Instruction Fuzzy Hash: 8B51CFB3F5162547F3184868CC983B16643DBE9325F2F82788F5DAB7C6D8BE5C0A5284

Function 0090045E Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16025f2b20bb59f12eea628edd2b4f6e6f6ed6a7a414d81c035c3cf80fa412d9
Instruction ID: 387da0ab1849f77536bf17ea9e2445ece2ea667e3309919ae7fd8bbbf88e0eef
Opcode Fuzzy Hash: 16025f2b20bb59f12eea628edd2b4f6e6f6ed6a7a414d81c035c3cf80fa412d9
Instruction Fuzzy Hash: D0514AB3F2162547F3444D28CC583A27253EB95720F3F42398E586B3C5EA7EAD1A5784

Function 0095E0C3 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e17bc32ed2ffd4adebb9329caaa0bdfca9d104a76a0c111254fb7a4501c92ab1
Instruction ID: c3bcd194e6ebb34ee5d5a31f21a59ce5a9886b8add3d761376d855e0e796631b
Opcode Fuzzy Hash: e17bc32ed2ffd4adebb9329caaa0bdfca9d104a76a0c111254fb7a4501c92ab1
Instruction Fuzzy Hash: DA51C0B3F5162447F3544D28CC983A27683DBD5311F2F82788E68AB7C9D87E9E495384

Function 008A81FF Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74d2d9bd568ad26dcfe0d3e7bbeb85a825d85144a978d01ed0bd2f95e18c28b4
Instruction ID: ed329178105efe410c7bf59ed1ba6590cd2d64262f7a12a94c8ae90bbaa4ef92
Opcode Fuzzy Hash: 74d2d9bd568ad26dcfe0d3e7bbeb85a825d85144a978d01ed0bd2f95e18c28b4
Instruction Fuzzy Hash: DB519DF3F116254BF3544968CC583A27293EB96321F2F42788B88AB7C5D97E9C495384

Function 0093E4D8 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a567ed48db4d3f96ee26ea018f578b19c86d985159ee722c9e66ca39826b1ae6
Instruction ID: b00220b493a5fcf957088c617b45a4598a88de1e3b7f92a046aee7540a3407fe
Opcode Fuzzy Hash: a567ed48db4d3f96ee26ea018f578b19c86d985159ee722c9e66ca39826b1ae6
Instruction Fuzzy Hash: 80519EB3F1062947F3644D29CC583A27653DBD5710F2F82788E886BBC5D97E9C096784

Function 0093C2C3 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 021f58d907f55ac2ab9fe2f8b2441d356b0f232bd1a7746a12544f28235757b1
Instruction ID: cac2345d1d4fa75a2c288889a21c6f60c165b12e33363313d9860b727d95cacd
Opcode Fuzzy Hash: 021f58d907f55ac2ab9fe2f8b2441d356b0f232bd1a7746a12544f28235757b1
Instruction Fuzzy Hash: 9151C0B3F205254BF3444E28CC593A27393EB95321F2F41788E88AB7C0D97EAD199384

Function 0092D068 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6ec8bd309a8e7ca323e47e55daf8c79afbe8eaf6fd2d631f37a64da838423d0
Instruction ID: 1b8e1542a69949da6e62a54573e5ffa367af16190f27c20e30c65d06cab0dc71
Opcode Fuzzy Hash: b6ec8bd309a8e7ca323e47e55daf8c79afbe8eaf6fd2d631f37a64da838423d0
Instruction Fuzzy Hash: FE517BB3F106244BF3584D78CC683A26683DB95321F2F423D8E5D677C5E9BE5D0A5284

Function 0095B014 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1dafc1e67a077529f4c3e8404798a73821be76b9f84da20610b305881e5b807
Instruction ID: b78046087ecc993e23a7ebfc667788273e1ae15c112baae80fd23e11187825f1
Opcode Fuzzy Hash: a1dafc1e67a077529f4c3e8404798a73821be76b9f84da20610b305881e5b807
Instruction Fuzzy Hash: D6515EB7F116248BF3508E25CC943A17392EB95711F2F40798E486B3C4EA7F6D1A9784

Function 008B4302 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c62cb65e12fd5134c5f5551e6a75affaa0298a700c6f308dbd6264e5e9791bb1
Instruction ID: 80431c24d5feb86f07742af8fe77ef2154ffb75bfe843fa90e11baf3ff231f0f
Opcode Fuzzy Hash: c62cb65e12fd5134c5f5551e6a75affaa0298a700c6f308dbd6264e5e9791bb1
Instruction Fuzzy Hash: AC518EB3F1163047F3508969DC883A275839BD5711F2F82B88E8CAB7C9E87E5D0A52C4

Function 0085F18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f6a442c2aaf4b6987c2e40d3630f4b5d586feb875a13fd9837e488862e2b333
Instruction ID: febf239a2ca209d6f29f8d16f6e32526306457b05a27dafb57e60a2787f743ed
Opcode Fuzzy Hash: 8f6a442c2aaf4b6987c2e40d3630f4b5d586feb875a13fd9837e488862e2b333
Instruction Fuzzy Hash: AD4128727087554BD719CE38889117BFBD6EBD9305F1A883ED9C2C7286D524E90A8B81

Function 008F6457 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb8c40fda2f03912a7926d828620298e93e48fc50f18191d61a43af3cc98d81
Instruction ID: 0b47ec4ac7f51891c8708cbdc99062299439fc9ab5d837d436f5af6f213397fe
Opcode Fuzzy Hash: 1cb8c40fda2f03912a7926d828620298e93e48fc50f18191d61a43af3cc98d81
Instruction Fuzzy Hash: 03518CB3F2162547F3444978CC983A27643DB95325F2F42788A58AB3C5E87E9D4A5384

Function 00940433 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 624dba9b1e8cba02032f1a034b6193b1003f14ab88f3f649afa8b4c0c689287e
Instruction ID: 9ff0dfea00eecf1d8d0d61457d94bec4b203502cdc4cb53c2342b98492934685
Opcode Fuzzy Hash: 624dba9b1e8cba02032f1a034b6193b1003f14ab88f3f649afa8b4c0c689287e
Instruction Fuzzy Hash: 47516DB3F1162447F3944D28CC983A26643EBD5321F2F82788E995B7C6DD7EAD4A5380

Function 00979045 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3df6b30a54d307a31a40851df637206c030e9a745f0d3f015666b8a5260326e8
Instruction ID: 3c376a87ce4b054635e1c0d233c50eb6dd8999ffd778407c84d2e20fa5343b37
Opcode Fuzzy Hash: 3df6b30a54d307a31a40851df637206c030e9a745f0d3f015666b8a5260326e8
Instruction Fuzzy Hash: D441ACB3F0062547F3688929CCA83B26682DB95310F2F427D8F9E6B7C1D87E6C095384

Function 008C51F9 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c5f236a33a757ff747775f05eabc215538c4a4f92426651ddf5d598fa25696c
Instruction ID: 87a34dbd171282481965bec6dc9eb44d1918e4ed764fa67bdbe8075e1f37e11f
Opcode Fuzzy Hash: 5c5f236a33a757ff747775f05eabc215538c4a4f92426651ddf5d598fa25696c
Instruction Fuzzy Hash: A7418DB3F0122547F3488D79CC983A26693DBC5311F2F82788A199B7C5ECBE6C5A5390

Function 009523C9 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d96391f3597b2147069dc3b0791d749b2a8c5206d2fcdec6d5463a0dadd01a8
Instruction ID: 20cd8ab7366c7bc2d2fac399f0cefdf64ec1904c5b23244be97cd3ca3580988d
Opcode Fuzzy Hash: 0d96391f3597b2147069dc3b0791d749b2a8c5206d2fcdec6d5463a0dadd01a8
Instruction Fuzzy Hash: 5A416FB3F1162487F3804E28CC883A27293EB95321F2F4178CD48AB7D5D97EAD596794

Function 009285BB Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a029513b94c6c5e18187ef0e8a3b00c5ffb02c29925d8a711a7c6d6aa8a6fa4b
Instruction ID: d9b382dc9028eeb1e4c920e20cadbd986ce60dd95d8ab06472003a1c00f9ab88
Opcode Fuzzy Hash: a029513b94c6c5e18187ef0e8a3b00c5ffb02c29925d8a711a7c6d6aa8a6fa4b
Instruction Fuzzy Hash: 2C4149F7F126204BF3540965DC983626643A7E5319F2F41788F4D2B7C6D87E5D0A5388

Function 00852070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38fba216180150b73413a89d0049241a6d0776c7c70882297b165246b1732cab
Instruction ID: 17f8202198affcfe888f57811100da7b795b69cae52ac3185b3516f7d170897a
Opcode Fuzzy Hash: 38fba216180150b73413a89d0049241a6d0776c7c70882297b165246b1732cab
Instruction Fuzzy Hash: 268169B411A380CBD3B4DF85D59869BBBE1FB89358F128A1DD68C8B354CBB05448CF96

Function 008F40DC Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d20042c8a404c2ff22bce56f86d5293dbfde82cd024ec6863fccab034667ab4
Instruction ID: 321b5d6470e13d1bd04e89f9de6c5e0ded920faeb29a9869d5760c03fc6940b4
Opcode Fuzzy Hash: 8d20042c8a404c2ff22bce56f86d5293dbfde82cd024ec6863fccab034667ab4
Instruction Fuzzy Hash: 79317EF3E6163547F35048B4DD883A2598297A1724F2F83348F6CA7AC5D8BE4C1A12C4

Function 0095C258 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b399c19eb1fc3c066c3851127684ab4b8e619b13debf4affb818a40e3698d468
Instruction ID: 82936994606c22186a2a4d434e6a2a8c5207987316baf210ca85c344b5b45d86
Opcode Fuzzy Hash: b399c19eb1fc3c066c3851127684ab4b8e619b13debf4affb818a40e3698d468
Instruction Fuzzy Hash: 443150F3F6162647F3944878CC583A255838BE1325F2F82788F5CAB7C5E87E9D095284

Function 00977083 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60fa3378b9eae681d0e0e93dfad7f81063cfd0eddc085ae8c9cb102571690bd7
Instruction ID: 388d7d5d02a479760747c87a74f9f47682844f056cb0fe262d5e29c4a90901fc
Opcode Fuzzy Hash: 60fa3378b9eae681d0e0e93dfad7f81063cfd0eddc085ae8c9cb102571690bd7
Instruction Fuzzy Hash: E8314BF3F10A2107F3588839DDA936265839B95315F1F827D8F4AAB7C5E87E9C055284

Function 0085A440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction ID: 446f841353d87b1e71441bfb8a778b0780d96c70d6c58ec2607eaa2665e4d80e
Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction Fuzzy Hash: 9731F872A046184BC71D9D7D489026ABA93EBC5735F29C73DEE76CB3C1EA758C444242

Function 0093A322 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63aea68bf725dc13a0d543b5e9a8057a6d79e5bdb9ba29bb012c588e7c052d53
Instruction ID: e3291e2081ad2e4b7da6040907d18c50caa83e8ee81c7a370d4b6f248794e39d
Opcode Fuzzy Hash: 63aea68bf725dc13a0d543b5e9a8057a6d79e5bdb9ba29bb012c588e7c052d53
Instruction Fuzzy Hash: 143166B3F216254BF3940879CC583622183AB96324F3F42798E6CAB7C2D87E5D1A13C4

Function 00952238 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c503c878e7feb0725a3dc72247081fc3bbc3675006513745fdb403cf8089a6
Instruction ID: 2a06a7188513e8cd957adcf08711f244914ea07ec1318fe7f78b7a0db954ccc3
Opcode Fuzzy Hash: 53c503c878e7feb0725a3dc72247081fc3bbc3675006513745fdb403cf8089a6
Instruction Fuzzy Hash: FD31A0B3F12A2147F3684969DC943626283DBD5722F3F827C8E486BBC5DC7E5C0A5294

Function 009381AD Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b9fd06686e44f599975bd628a529d32abcd0652813682b622552dca0efa080a
Instruction ID: 4f393e77ead355e3ec758c9971db3b0cb58288662f97e05f51bda49750b4bf5c
Opcode Fuzzy Hash: 2b9fd06686e44f599975bd628a529d32abcd0652813682b622552dca0efa080a
Instruction Fuzzy Hash: 0B3129F3F51A200BF39448A8DD993621583ABD4325F2F82798F4D6B3C6E8BD4C0952C4

Function 008D837D Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0892f6cec9ee4a12021fa043d308b5cae6c5a4657dd5d91f725c3c1b4c9efb93
Instruction ID: 353b07f2b9c4ec82358e45ad7c01c119b3637b80db9c13367cc469cda4878217
Opcode Fuzzy Hash: 0892f6cec9ee4a12021fa043d308b5cae6c5a4657dd5d91f725c3c1b4c9efb93
Instruction Fuzzy Hash: D63159F3F6092547F3144879CC54392658397E1324F2F83789E68ABBC9E8BE9C4602C4

Function 00940297 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1261135015dd908733300fade6b8e45e397c222e8be7672720c639dd7ca43b00
Instruction ID: fc418d12dc78e49052fd5dc3477cfd4be766c8824bc95f9d204c019ad24601de
Opcode Fuzzy Hash: 1261135015dd908733300fade6b8e45e397c222e8be7672720c639dd7ca43b00
Instruction Fuzzy Hash: A1318FB7F51A2647F3904D15DC983627243DBDA301F2F40788E086B7C5D97E5D0A9784

Function 0091E0F8 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65d07a95b4d2f650261bf8e81d6f2323ddc5dcd0ec4d30e5e39b6addeb380d59
Instruction ID: dfedaaa8912f4415ec62bb03d5f259f54a9cc3130ea45843272886ce6ae42ddc
Opcode Fuzzy Hash: 65d07a95b4d2f650261bf8e81d6f2323ddc5dcd0ec4d30e5e39b6addeb380d59
Instruction Fuzzy Hash: DE316BB3F5262547F394083ADD993A265C397D5721F3F82794A6C9B7CADCBD4C0A1280

Function 008B64FA Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f826b9ba94b8d9c7358f6c16345bc801d38810af07277ec4fd47032028e7d28
Instruction ID: 6a1d0f971648603ee3e4fb5c186b79ec5f1330ae32e015f7b6225b38f181625f
Opcode Fuzzy Hash: 9f826b9ba94b8d9c7358f6c16345bc801d38810af07277ec4fd47032028e7d28
Instruction Fuzzy Hash: 11318EB3E1063147F36848B9C9A8362A543DB95325F2B83399F696B7CACCBE4C0553C4

Function 0091403B Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b83649e191bdd0fdffd7ddbd8115d6469798187c0a060c6fe03f8ac0c89f42c
Instruction ID: 014c2bbe6f45cb1ffd9212af92accab710070c940dd65053056034d80b437b97
Opcode Fuzzy Hash: 7b83649e191bdd0fdffd7ddbd8115d6469798187c0a060c6fe03f8ac0c89f42c
Instruction Fuzzy Hash: 39314AB3F116150BF74448B9DD98392258397D5325F2F8238CB685B7CAECBE4C4A5384

Function 008CC17A Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88b3df52aba139b57a8345182a29936033e7d5516c5a183f42956310f875b4ab
Instruction ID: 78579a387524c4e56852d798961e88165eea158820b7b4790be041c7f1d76cb4
Opcode Fuzzy Hash: 88b3df52aba139b57a8345182a29936033e7d5516c5a183f42956310f875b4ab
Instruction Fuzzy Hash: D5316BB7F516250BF39448B8CD983A25583D7A5310F2B82388F9CAB7C5DCBE5C0912C4

Function 0089035C Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf9d827d2044d9129ffa522468aff24d97b736d15a14a59933ab6df933b4701c
Instruction ID: 92bf3ce1415529691c12998ec8654bec3dbcb2909d20c250c84f02cb96b393f2
Opcode Fuzzy Hash: cf9d827d2044d9129ffa522468aff24d97b736d15a14a59933ab6df933b4701c
Instruction Fuzzy Hash: 833139B3F1052507F7988839CD583A2248397D4314F2F82398F8DAB7CAD8BE5D0A52C8

Function 0088318F Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba42b65abd4ff2a79fad7b49a412de05e8069dcb85c9cf7c74e92770082d803a
Instruction ID: 80e5a2259340abe72353383295bd4cddbc060e087967f85bfbc6cdc56cb6156f
Opcode Fuzzy Hash: ba42b65abd4ff2a79fad7b49a412de05e8069dcb85c9cf7c74e92770082d803a
Instruction Fuzzy Hash: BF313CF3F5062107F3448479DD983A26583D7D4324F2F81398F489BBCAD8BE58474288

Function 0090F0FD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7201f3ab92d18d1754968ac3ffe1f60df574fa4ff1cf2a3198e145c62935afe
Instruction ID: c0302fda841e8ff957f32e16fd7bea91e27bcacc15a52cddada7ba1c9fed40fc
Opcode Fuzzy Hash: a7201f3ab92d18d1754968ac3ffe1f60df574fa4ff1cf2a3198e145c62935afe
Instruction Fuzzy Hash: 6A3116B3F0112147F35448B9CDA83A255439B95324F3F83389E6C6BBD9DCBE5D4A1280

Function 0092A25C Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f45c508445898976c4c8ba5b278c3cffdd4c0bb87e1859806cfdefb1b9f3e907
Instruction ID: 78566d70a980b8932f98dce2ab01912b7f0fbd563f2e304d666c64ca73051774
Opcode Fuzzy Hash: f45c508445898976c4c8ba5b278c3cffdd4c0bb87e1859806cfdefb1b9f3e907
Instruction Fuzzy Hash: 0A3180F7F5153047F304883ADC583A254839BD1325F2F82788E6C6BBC6D87E4D4A5294

Function 00974364 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 753ef5e667dc20fa8b579dca7bca5d5e260f9c26ad2ee7e1225fae4168ee59b3
Instruction ID: 17fa05d68555f8ce55970b59d1782d36d836d8ab0b08d169ac7f034b18faa00b
Opcode Fuzzy Hash: 753ef5e667dc20fa8b579dca7bca5d5e260f9c26ad2ee7e1225fae4168ee59b3
Instruction Fuzzy Hash: B9215EB3F5162047F7988875CDAA3A61183C3C5320F2F823A8F2A677C5DCBE5C4A1284

Function 008FD179 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec390869463811d12825f6f46bd92b5f9d5c8e051db9336a8390de35a3050cea
Instruction ID: 1c86b35f5cb38948e0245be53fe8002710f7c6efa0c475ca208f2cf22711c011
Opcode Fuzzy Hash: ec390869463811d12825f6f46bd92b5f9d5c8e051db9336a8390de35a3050cea
Instruction Fuzzy Hash: 2D2104B3F516350BF3908879CE9936255839BD5321F2F82758E4CABACADCBD5C0A12C0

Function 0094A443 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2245ed808dba2c2fe955b4d6380ee2ee4f7e110f25b4e87364887d76eac9996f
Instruction ID: 11a2694b8ea2cbed60d164b60717be62ab5b7714016503a2b550877a6d2ec980
Opcode Fuzzy Hash: 2245ed808dba2c2fe955b4d6380ee2ee4f7e110f25b4e87364887d76eac9996f
Instruction Fuzzy Hash: F92179B7F1162603F7584878DDA936255439BD1328F2F82398F6E6BBC6DC7E4C061284

Function 0090A277 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5ffaadd25da7bfde16458c1a480d5aa1728f7376e4d810788b017657c62e6ad
Instruction ID: 81be5959524c090b4dd22c8b317b9573166d6bddc28f3d14e6f7869523972006
Opcode Fuzzy Hash: b5ffaadd25da7bfde16458c1a480d5aa1728f7376e4d810788b017657c62e6ad
Instruction Fuzzy Hash: 782129B3F516214BF3984879CDA53A655829795331F2F83798EAD6B7C1DCAE4C0A12C0

Function 008AA27B Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32e8585ccb2bf9015678417fbde164c935be571c4d772d121c208fc808ecb874
Instruction ID: 1ff08ad001e3bf825ff4ebf0f5db5f966a783c983e37584374e4718a88a3fe89
Opcode Fuzzy Hash: 32e8585ccb2bf9015678417fbde164c935be571c4d772d121c208fc808ecb874
Instruction Fuzzy Hash: 382129F3F5053547F3944878CD593A261829B91324F2B42788F1CBBBC5D87E9D4A22C4

Function 008C03CF Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e9f90e034165fb1e3a5dc8eee8095136c6cb73e7802860c4b99798ee0939f21
Instruction ID: e166977fced11242e98c887cd3ca285367e23e49b6dd60b90f3a6eefb26a55cc
Opcode Fuzzy Hash: 1e9f90e034165fb1e3a5dc8eee8095136c6cb73e7802860c4b99798ee0939f21
Instruction Fuzzy Hash: 7F215CB3F0112547F7984838CD693A22543A7C5325F2B837A8A996B7C9DCBE9C0A53C4

Function 00856210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: dad9ce4b835805e3a627dfb7c7e5acddcf2ce6fe5e4c76e2a831ef9f3dcf53c7
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 93110633A041D44EC3128D3C8400565BFE35AE3336F998399E8B8DB2D2E6228D8E8351

Function 0083C300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: 606a90b92697e2ba54aa6f83d14b8795536acfad835727f0b9405ecb7b3c6ed5
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: 76F03C60104B918AD7328F3985243B3BFE0EB63228F545A8CC5E397AD2D376E10A8794

Function 0084E0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: 03cadc702afe6d6e2ce913bc4de1b895b7918b23da6d5b50fc10dd2fabc135b5
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: 19F065104087E68ADB234B3E44606B2FFE0FB67121B181BD5C8F1DB2C7C3159496C366

Function 0084D116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2136659674.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true

Associated: 00000000.00000002.2136643380.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136659674.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136698166.0000000000873000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000A0C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B22000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136710283.0000000000B30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136934313.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137275621.0000000000CDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2137300080.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_820000_C8QT9HkXEb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f756133c3e344ba686d33a601ef78274ac30df8e3cd3542421911caf0e6e0521
Instruction ID: b5343b96a9af2acbc8c147c39ddcbf807ae99c6959894f293eeaa1859f4b1944
Opcode Fuzzy Hash: f756133c3e344ba686d33a601ef78274ac30df8e3cd3542421911caf0e6e0521
Instruction Fuzzy Hash: BE01F9706442429BD304CF38CDA4566FBA1FB96364B09D75CC45687796C634D442C795

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report C8QT9HkXEb.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
C8QT9HkXEb.exe

Function 0082B100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Function 00828600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 0085E110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00861720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Function 00829D1E Relevance: 3.1, APIs: 2, Instructions: 142
libraryCOMMON

Function 0082EF53 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Function 0085E0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Function 0082EC77 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Function 00829EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Function 0085C570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Function 0085C55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON