Edit tour

Windows Analysis Report
rUfr2hQGOb.exe

Overview

General Information

Sample name:	rUfr2hQGOb.exe renamed because original name is a hash value
Original sample name:	5d2e9c5ef270a6f7ba2a0f5e74b6cec3.exe
Analysis ID:	1580900
MD5:	5d2e9c5ef270a6f7ba2a0f5e74b6cec3
SHA1:	54193e8db3583bc8984e1ee17160f6f5626b9a7d
SHA256:	5c2be41a3c7e2e01794d38eb83e6a1c181fe043d1b8e800ef97a1f89ded6aa4b
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

rUfr2hQGOb.exe (PID: 7552 cmdline: "C:\Users\user\Desktop\rUfr2hQGOb.exe" MD5: 5D2E9C5EF270A6F7BA2A0F5E74B6CEC3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["shapestickyr.lat", "tentabatte.lat", "curverpluch.lat", "bashfulacid.lat", "slipperyloo.lat", "wordyfindy.lat", "observerfry.lat", "manyrestro.lat", "talkynicer.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:30.355844+0100	2028371	3	Unknown Traffic	192.168.2.4	49730	23.55.153.106	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:28.547687+0100	2058480	1	Domain Observed Used for C2 Detected	192.168.2.4	53467	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:28.255317+0100	2058484	1	Domain Observed Used for C2 Detected	192.168.2.4	52137	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:27.769992+0100	2058492	1	Domain Observed Used for C2 Detected	192.168.2.4	51360	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:27.908992+0100	2058500	1	Domain Observed Used for C2 Detected	192.168.2.4	59456	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:27.630094+0100	2058502	1	Domain Observed Used for C2 Detected	192.168.2.4	51107	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:28.060295+0100	2058510	1	Domain Observed Used for C2 Detected	192.168.2.4	52930	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:28.395187+0100	2058512	1	Domain Observed Used for C2 Detected	192.168.2.4	57914	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:27.489240+0100	2058514	1	Domain Observed Used for C2 Detected	192.168.2.4	54638	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:01:31.163584+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49730	23.55.153.106	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: rUfr2hQGOb.exe

Avira: detected

Found malware configuration

Source: rUfr2hQGOb.exe.7552.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["shapestickyr.lat", "tentabatte.lat", "curverpluch.lat", "bashfulacid.lat", "slipperyloo.lat", "wordyfindy.lat", "observerfry.lat", "manyrestro.lat", "talkynicer.lat"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for submitted file

Source: rUfr2hQGOb.exe	Virustotal: Detection: 52%			Perma Link
Source: rUfr2hQGOb.exe	ReversingLabs: Detection: 63%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: rUfr2hQGOb.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bashfulacid.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: tentabatte.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: curverpluch.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: talkynicer.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: shapestickyr.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: manyrestro.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: slipperyloo.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: wordyfindy.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: observerfry.lat
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Source: rUfr2hQGOb.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov edx, ebx	0_2_00E68600
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00EA1720
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00E8C0E6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00E8E0DA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00E8C09E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00E881CC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov eax, dword ptr [00EA6130h]	0_2_00E78169
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00E8C09E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00E96210
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00E883D8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00EA0340
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E7C300
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_00E8C465
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00E8C465
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov edi, ecx	0_2_00E8A5B6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00E88528
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00EA06F0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov eax, ebx	0_2_00E7C8A0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_00E7C8A0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_00E7C8A0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_00E7C8A0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00E8C850
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00E82830
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_00E9C830
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then push esi	0_2_00E6C805
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00E889E9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_00E9C990
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00E8AAC0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_00E9CA40
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00E68A50
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_00E7EB80
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_00E6AB40
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00E74CA0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_00E6CC7A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00E9CDF0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_00E9CDF0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00E9CDF0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_00E9CDF0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_00E9EDC1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov edx, ecx	0_2_00E86D2E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00EA0D20
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00E62EB0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E82E6D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then jmp edx	0_2_00E82E6D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00E82E6D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00E76F52
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov esi, ecx	0_2_00E890D0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00EA1160
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E8D17D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00E8B170
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E8D116
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00E673D0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00E673D0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00E8D34A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00E7747D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_00E7747D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov eax, ebx	0_2_00E87440
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00E87440
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_00E7B57D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then jmp edx	0_2_00E837D6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00E69780
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00E87740
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then jmp eax	0_2_00E89739
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov edx, ecx	0_2_00E7B8F6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov edx, ecx	0_2_00E7B8F6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E7D8D8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E7D8D8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E7D8AC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E7D8AC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then jmp edx	0_2_00E839B9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00E839B9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00E8B980
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then dec edx	0_2_00E9FA20
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00E81A10
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then dec edx	0_2_00E9FB10
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00E8DDFF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then dec edx	0_2_00E9FD70
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov edx, ecx	0_2_00E89E80
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then dec edx	0_2_00E9FE00
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00E8DE07
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00E85F1B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 4x nop then mov ecx, eax	0_2_00E8BF13

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.4:52930 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.4:59456 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.4:53467 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.4:52137 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.4:57914 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.4:51107 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.4:54638 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.4:51360 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 23.55.153.106:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: shapestickyr.lat
Source: Malware configuration extractor	URLs: tentabatte.lat
Source: Malware configuration extractor	URLs: curverpluch.lat
Source: Malware configuration extractor	URLs: bashfulacid.lat
Source: Malware configuration extractor	URLs: slipperyloo.lat
Source: Malware configuration extractor	URLs: wordyfindy.lat
Source: Malware configuration extractor	URLs: observerfry.lat
Source: Malware configuration extractor	URLs: manyrestro.lat
Source: Malware configuration extractor	URLs: talkynicer.lat

Source: Joe Sandbox View

IP Address: 23.55.153.106 23.55.153.106

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 23.55.153.106:443

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000B19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=29751cbec042ae56fe44e73d; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:01:30 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: observerfry.lat
Source: global traffic	DNS traffic detected: DNS query: wordyfindy.lat
Source: global traffic	DNS traffic detected: DNS query: slipperyloo.lat
Source: global traffic	DNS traffic detected: DNS query: manyrestro.lat
Source: global traffic	DNS traffic detected: DNS query: shapestickyr.lat
Source: global traffic	DNS traffic detected: DNS query: talkynicer.lat
Source: global traffic	DNS traffic detected: DNS query: curverpluch.lat
Source: global traffic	DNS traffic detected: DNS query: tentabatte.lat
Source: global traffic	DNS traffic detected: DNS query: bashfulacid.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814418923.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814418923.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813898256.0000000000B19000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000B19000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: rUfr2hQGOb.exe	Static PE information: section name:
Source: rUfr2hQGOb.exe	Static PE information: section name: .idata
Source: rUfr2hQGOb.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E68600	0_2_00E68600
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E6B100	0_2_00E6B100
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8C0E6	0_2_00E8C0E6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E760E9	0_2_00E760E9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F500E9	0_2_00F500E9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC60CD	0_2_00EC60CD
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F180D0	0_2_00F180D0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8A0CA	0_2_00E8A0CA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F320D6	0_2_00F320D6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F360D4	0_2_00F360D4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F840CA	0_2_00F840CA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4E0C8	0_2_00F4E0C8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFC0AC	0_2_00EFC0AC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3C0B8	0_2_00F3C0B8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EEA0A0	0_2_00EEA0A0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F340A2	0_2_00F340A2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF20B4	0_2_00EF20B4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F860A3	0_2_00F860A3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F400A8	0_2_00F400A8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1009E	0_2_00F1009E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2E086	0_2_00F2E086
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8C09E	0_2_00E8C09E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0406A	0_2_00F0406A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4204E	0_2_00F4204E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDC02C	0_2_00EDC02C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED202F	0_2_00ED202F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8A034	0_2_00F8A034
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5601D	0_2_00F5601D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDE01F	0_2_00EDE01F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E881CC	0_2_00E881CC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F521D2	0_2_00F521D2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFA1C6	0_2_00EFA1C6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7A1CC	0_2_00F7A1CC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF01D0	0_2_00EF01D0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA61BB	0_2_00FA61BB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2C1AD	0_2_00F2C1AD
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8E180	0_2_00E8E180
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE8194	0_2_00EE8194
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0C18E	0_2_00F0C18E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E66160	0_2_00E66160
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECE161	0_2_00ECE161
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E78169	0_2_00E78169
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8C166	0_2_00F8C166
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F60151	0_2_00F60151
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8C09E	0_2_00E8C09E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED815B	0_2_00ED815B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7C148	0_2_00F7C148
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA813A	0_2_00FA813A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9813A	0_2_00F9813A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB4100	0_2_00FB4100
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9E2F8	0_2_00F9E2F8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED62F0	0_2_00ED62F0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F022D2	0_2_00F022D2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB02D5	0_2_00FB02D5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E842D0	0_2_00E842D0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F222B1	0_2_00F222B1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED0294	0_2_00ED0294
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F96284	0_2_00F96284
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA2276	0_2_00FA2276
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E64270	0_2_00E64270
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECC277	0_2_00ECC277
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_0101E39E	0_2_0101E39E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F74254	0_2_00F74254
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1E247	0_2_00F1E247
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECA25B	0_2_00ECA25B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F68232	0_2_00F68232
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E7E220	0_2_00E7E220
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1423C	0_2_00F1423C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F76239	0_2_00F76239
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F84228	0_2_00F84228
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0E227	0_2_00F0E227
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FAA21C	0_2_00FAA21C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9A211	0_2_00F9A211
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EEE219	0_2_00EEE219
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6E20A	0_2_00F6E20A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDA3EB	0_2_00EDA3EB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F263FD	0_2_00F263FD
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E883D8	0_2_00E883D8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDC3AE	0_2_00EDC3AE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF43AB	0_2_00EF43AB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F823A1	0_2_00F823A1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED436A	0_2_00ED436A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8E377	0_2_00F8E377
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F94369	0_2_00F94369
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2036C	0_2_00F2036C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFE34E	0_2_00EFE34E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC8359	0_2_00EC8359
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F78337	0_2_00F78337
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F92330	0_2_00F92330
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F40325	0_2_00F40325
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE430A	0_2_00EE430A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA430A	0_2_00FA430A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0C30F	0_2_00F0C30F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EEC4EF	0_2_00EEC4EF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E824E0	0_2_00E824E0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F004FA	0_2_00F004FA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FAC4F4	0_2_00FAC4F4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA64E1	0_2_00FA64E1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F764D6	0_2_00F764D6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFC4C6	0_2_00EFC4C6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E804C6	0_2_00E804C6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE24DB	0_2_00EE24DB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6C4A4	0_2_00F6C4A4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FAE4A8	0_2_00FAE4A8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF24BC	0_2_00EF24BC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8049C	0_2_00F8049C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7049E	0_2_00F7049E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EA0460	0_2_00EA0460
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E9A440	0_2_00E9A440
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5C438	0_2_00F5C438
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1042A	0_2_00F1042A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9C400	0_2_00F9C400
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F505F7	0_2_00F505F7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F485F7	0_2_00F485F7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC85EB	0_2_00EC85EB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8A5F4	0_2_00F8A5F4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E665F0	0_2_00E665F0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F365E8	0_2_00F365E8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4A5EB	0_2_00F4A5EB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F425D6	0_2_00F425D6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F345CA	0_2_00F345CA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA45C1	0_2_00FA45C1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E9A5D4	0_2_00E9A5D4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE05AE	0_2_00EE05AE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E9C5A0	0_2_00E9C5A0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F54588	0_2_00F54588
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F72588	0_2_00F72588
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFA56D	0_2_00EFA56D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E84560	0_2_00E84560
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3857A	0_2_00F3857A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1854D	0_2_00F1854D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8C53C	0_2_00E8C53C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF0538	0_2_00EF0538
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5652A	0_2_00F5652A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED050C	0_2_00ED050C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EEE505	0_2_00EEE505
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB06E9	0_2_00FB06E9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EA06F0	0_2_00EA06F0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1E6D1	0_2_00F1E6D1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE46C8	0_2_00EE46C8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA06D5	0_2_00FA06D5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E846D0	0_2_00E846D0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F406CF	0_2_00F406CF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F206B9	0_2_00F206B9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F886A8	0_2_00F886A8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F746A4	0_2_00F746A4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E6E687	0_2_00E6E687
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F68690	0_2_00F68690
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3069D	0_2_00F3069D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6E672	0_2_00F6E672
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F90675	0_2_00F90675
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDE67E	0_2_00EDE67E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC6677	0_2_00EC6677
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3E66E	0_2_00F3E66E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FAA65F	0_2_00FAA65F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E98650	0_2_00E98650
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7A64A	0_2_00F7A64A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA8634	0_2_00FA8634
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E7E630	0_2_00E7E630
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8C61A	0_2_00F8C61A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F28614	0_2_00F28614
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2C606	0_2_00F2C606
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8E7DC	0_2_00F8E7DC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F827C7	0_2_00F827C7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F567BA	0_2_00F567BA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE27B2	0_2_00EE27B2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECA784	0_2_00ECA784
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1C785	0_2_00F1C785
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2A78A	0_2_00F2A78A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0C772	0_2_00F0C772
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB2778	0_2_00FB2778
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED2767	0_2_00ED2767
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC4760	0_2_00EC4760
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6475D	0_2_00F6475D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1A743	0_2_00F1A743
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E72750	0_2_00E72750
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F02739	0_2_00F02739
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2471C	0_2_00F2471C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9A700	0_2_00F9A700
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE28EF	0_2_00EE28EF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF28E7	0_2_00EF28E7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F788E6	0_2_00F788E6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F968D8	0_2_00F968D8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA28D8	0_2_00FA28D8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F248CB	0_2_00F248CB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F948C4	0_2_00F948C4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F368CC	0_2_00F368CC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E7C8A0	0_2_00E7C8A0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F328A2	0_2_00F328A2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F628A3	0_2_00F628A3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5E8A2	0_2_00F5E8A2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E988B0	0_2_00E988B0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED8889	0_2_00ED8889
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA6896	0_2_00FA6896
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECC895	0_2_00ECC895
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F46865	0_2_00F46865
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7E864	0_2_00F7E864
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED6870	0_2_00ED6870
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E6C840	0_2_00E6C840
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F88852	0_2_00F88852
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4C85B	0_2_00F4C85B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6A84F	0_2_00F6A84F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED4838	0_2_00ED4838
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5A811	0_2_00F5A811
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6C9F4	0_2_00F6C9F4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8C9EB	0_2_00E8C9EB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EA09E0	0_2_00EA09E0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FAA9F4	0_2_00FAA9F4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F529DD	0_2_00F529DD
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F809D7	0_2_00F809D7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8A9C3	0_2_00F8A9C3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F209B0	0_2_00F209B0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F309A8	0_2_00F309A8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F18992	0_2_00F18992
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F34999	0_2_00F34999
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3C971	0_2_00F3C971
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E7E960	0_2_00E7E960
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F76965	0_2_00F76965
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF897A	0_2_00EF897A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE6978	0_2_00EE6978
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F08967	0_2_00F08967
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0A94A	0_2_00F0A94A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F60926	0_2_00F60926
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED293C	0_2_00ED293C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F48925	0_2_00F48925
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDA937	0_2_00EDA937
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFA90B	0_2_00EFA90B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFE91A	0_2_00EFE91A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E86910	0_2_00E86910
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFCAE1	0_2_00EFCAE1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4CAE2	0_2_00F4CAE2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC8AF7	0_2_00EC8AF7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA4ACA	0_2_00FA4ACA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB0ACF	0_2_00FB0ACF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF4AD7	0_2_00EF4AD7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F68ACE	0_2_00F68ACE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE0AA9	0_2_00EE0AA9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E88ABC	0_2_00E88ABC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2EA99	0_2_00F2EA99
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F46A8D	0_2_00F46A8D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F48A75	0_2_00F48A75
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FACA7E	0_2_00FACA7E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F66A7B	0_2_00F66A7B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F02A64	0_2_00F02A64
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4EA6F	0_2_00F4EA6F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E9CA40	0_2_00E9CA40
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F04A5A	0_2_00F04A5A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F06A5C	0_2_00F06A5C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F96A56	0_2_00F96A56
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9CA4A	0_2_00F9CA4A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6EA4C	0_2_00F6EA4C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EEEA0A	0_2_00EEEA0A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F42A11	0_2_00F42A11
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F94A10	0_2_00F94A10
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF0A1A	0_2_00EF0A1A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA0BC6	0_2_00FA0BC6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F74BB6	0_2_00F74BB6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E64BA0	0_2_00E64BA0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC2BBA	0_2_00EC2BBA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3EB90	0_2_00F3EB90
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E7EB80	0_2_00E7EB80
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2AB83	0_2_00F2AB83
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2CB8A	0_2_00F2CB8A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F28B77	0_2_00F28B77
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F26B7F	0_2_00F26B7F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F92B6F	0_2_00F92B6F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E6AB40	0_2_00E6AB40
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED8B5E	0_2_00ED8B5E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC4B52	0_2_00EC4B52
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0CB29	0_2_00F0CB29
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA0B23	0_2_00FA0B23
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9EB26	0_2_00F9EB26
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F82CFD	0_2_00F82CFD
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F98CB8	0_2_00F98CB8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E74CA0	0_2_00E74CA0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE2CA6	0_2_00EE2CA6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F44CA4	0_2_00F44CA4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED6CB1	0_2_00ED6CB1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDAC85	0_2_00EDAC85
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FACC93	0_2_00FACC93
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE8C9A	0_2_00EE8C9A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3AC8B	0_2_00F3AC8B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F70C66	0_2_00F70C66
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6AC60	0_2_00F6AC60
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA6C3E	0_2_00FA6C3E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F46C31	0_2_00F46C31
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0EC36	0_2_00F0EC36
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F10C26	0_2_00F10C26
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F62C2C	0_2_00F62C2C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F76C13	0_2_00F76C13
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1AC16	0_2_00F1AC16
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F40C1C	0_2_00F40C1C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F04C1A	0_2_00F04C1A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E9CDF0	0_2_00E9CDF0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6CDEA	0_2_00F6CDEA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F72DEA	0_2_00F72DEA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6ADB2	0_2_00F6ADB2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED2DA8	0_2_00ED2DA8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F48DBA	0_2_00F48DBA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F74DB9	0_2_00F74DB9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F86DA2	0_2_00F86DA2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7CD95	0_2_00F7CD95
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F54D91	0_2_00F54D91
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9CD8E	0_2_00F9CD8E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F30D8D	0_2_00F30D8D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F12D7E	0_2_00F12D7E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3CD53	0_2_00F3CD53
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8CD4C	0_2_00E8CD4C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECCD5E	0_2_00ECCD5E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8CD5E	0_2_00E8CD5E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF6D59	0_2_00EF6D59
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E86D2E	0_2_00E86D2E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EA0D20	0_2_00EA0D20
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F42D1B	0_2_00F42D1B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F64D08	0_2_00F64D08
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F38EE7	0_2_00F38EE7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED0ED2	0_2_00ED0ED2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFAEAF	0_2_00EFAEAF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F68EBE	0_2_00F68EBE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E98EA0	0_2_00E98EA0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F58EBF	0_2_00F58EBF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E62EB0	0_2_00E62EB0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E7AEB0	0_2_00E7AEB0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8AEA5	0_2_00F8AEA5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECEE86	0_2_00ECEE86
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7AE76	0_2_00F7AE76
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E80E6C	0_2_00E80E6C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E82E6D	0_2_00E82E6D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF2E69	0_2_00EF2E69
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8EE63	0_2_00E8EE63
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA8E77	0_2_00FA8E77
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC6E7D	0_2_00EC6E7D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECAE7F	0_2_00ECAE7F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4AE6E	0_2_00F4AE6E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EEAE75	0_2_00EEAE75
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8CE5D	0_2_00F8CE5D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FAAE38	0_2_00FAAE38
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF0E21	0_2_00EF0E21
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EEEE36	0_2_00EEEE36
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F90E11	0_2_00F90E11
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F94E0D	0_2_00F94E0D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F24E0A	0_2_00F24E0A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDAE17	0_2_00EDAE17
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDCE10	0_2_00EDCE10
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F56E0B	0_2_00F56E0B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE6FCA	0_2_00EE6FCA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3AFD8	0_2_00F3AFD8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8CFC8	0_2_00F8CFC8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8EFC8	0_2_00F8EFC8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC0FD0	0_2_00EC0FD0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3EFB3	0_2_00F3EFB3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F36FB5	0_2_00F36FB5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC4FA4	0_2_00EC4FA4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED8F81	0_2_00ED8F81
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDEF90	0_2_00EDEF90
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F76F88	0_2_00F76F88
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE0F6F	0_2_00EE0F6F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F32F70	0_2_00F32F70
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFCF60	0_2_00EFCF60
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4CF5A	0_2_00F4CF5A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E76F52	0_2_00E76F52
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0CF31	0_2_00F0CF31
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F40F24	0_2_00F40F24
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5AF17	0_2_00F5AF17
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F30F1B	0_2_00F30F1B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5CF0A	0_2_00F5CF0A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F650F3	0_2_00F650F3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F610E3	0_2_00F610E3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED90FB	0_2_00ED90FB
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F350EF	0_2_00F350EF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6D0DF	0_2_00F6D0DF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9D093	0_2_00F9D093
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F93092	0_2_00F93092
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED7060	0_2_00ED7060
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0507E	0_2_00F0507E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F81060	0_2_00F81060
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1906E	0_2_00F1906E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2F054	0_2_00F2F054
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9B04E	0_2_00F9B04E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E6D021	0_2_00E6D021
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9F03E	0_2_00F9F03E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E7D003	0_2_00E7D003
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F17016	0_2_00F17016
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB1014	0_2_00FB1014
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE31E0	0_2_00EE31E0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECD1FE	0_2_00ECD1FE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F151E6	0_2_00F151E6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDB1CA	0_2_00EDB1CA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F971D1	0_2_00F971D1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9B1C0	0_2_00F9B1C0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E891AE	0_2_00E891AE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFF1A5	0_2_00EFF1A5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F871A9	0_2_00F871A9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E9F18B	0_2_00E9F18B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6B19F	0_2_00F6B19F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB3181	0_2_00FB3181
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9117F	0_2_00F9117F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F55164	0_2_00F55164
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F51151	0_2_00F51151
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F0B15A	0_2_00F0B15A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F43159	0_2_00F43159
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F95157	0_2_00F95157
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3D142	0_2_00F3D142
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB514D	0_2_00FB514D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F89147	0_2_00F89147
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA3131	0_2_00FA3131
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F11121	0_2_00F11121
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2D12B	0_2_00F2D12B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F25129	0_2_00F25129
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF9131	0_2_00EF9131
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F83105	0_2_00F83105
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FAF2E8	0_2_00FAF2E8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4F2CA	0_2_00F4F2CA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F312B7	0_2_00F312B7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5D2B8	0_2_00F5D2B8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F832A3	0_2_00F832A3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F412A9	0_2_00F412A9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E99280	0_2_00E99280
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC3280	0_2_00EC3280
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECB264	0_2_00ECB264
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9D259	0_2_00F9D259
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F65240	0_2_00F65240
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E71227	0_2_00E71227
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8B23A	0_2_00F8B23A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F71234	0_2_00F71234
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECF23F	0_2_00ECF23F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F373E4	0_2_00F373E4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E6F3C0	0_2_00E6F3C0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7F3C4	0_2_00F7F3C4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E673D0	0_2_00E673D0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC13D7	0_2_00EC13D7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB13C7	0_2_00FB13C7
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F853BC	0_2_00F853BC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4739C	0_2_00F4739C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F33399	0_2_00F33399
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EF3394	0_2_00EF3394
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F3B38D	0_2_00F3B38D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F27367	0_2_00F27367
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8F377	0_2_00E8F377
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E8D34A	0_2_00E8D34A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E81340	0_2_00E81340
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F4D358	0_2_00F4D358
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2D341	0_2_00F2D341
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F79343	0_2_00F79343
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED333D	0_2_00ED333D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9F31D	0_2_00F9F31D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDD307	0_2_00EDD307
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC7300	0_2_00EC7300
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E69310	0_2_00E69310
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EDF317	0_2_00EDF317
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F2B4F4	0_2_00F2B4F4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F054E1	0_2_00F054E1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E6D4F3	0_2_00E6D4F3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA74D1	0_2_00FA74D1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F094C5	0_2_00F094C5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE54AC	0_2_00EE54AC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7D4A6	0_2_00F7D4A6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB3496	0_2_00FB3496
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F7748F	0_2_00F7748F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F59473	0_2_00F59473
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6B47D	0_2_00F6B47D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8346B	0_2_00F8346B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E7747D	0_2_00E7747D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00E87440	0_2_00E87440
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F39411	0_2_00F39411
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F75419	0_2_00F75419
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFB41E	0_2_00EFB41E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F435F8	0_2_00F435F8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F6D5E2	0_2_00F6D5E2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F075E8	0_2_00F075E8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F475EC	0_2_00F475EC
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECD5C9	0_2_00ECD5C9
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ECF5CA	0_2_00ECF5CA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F115C1	0_2_00F115C1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1B5BD	0_2_00F1B5BD
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F675B8	0_2_00F675B8
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EFF5B3	0_2_00EFF5B3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE358C	0_2_00EE358C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F49585	0_2_00F49585
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FA358E	0_2_00FA358E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8D556	0_2_00F8D556
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00ED9555	0_2_00ED9555
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE9554	0_2_00EE9554
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5754F	0_2_00F5754F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB5547	0_2_00FB5547
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F8F538	0_2_00F8F538
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F61533	0_2_00F61533
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FB153D	0_2_00FB153D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F71538	0_2_00F71538
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F01527	0_2_00F01527
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE7505	0_2_00EE7505
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F55504	0_2_00F55504
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F03504	0_2_00F03504
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F5150A	0_2_00F5150A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F416E6	0_2_00F416E6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F1D6C0	0_2_00F1D6C0
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EEF6D4	0_2_00EEF6D4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F55695	0_2_00F55695
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F9769F	0_2_00F9769F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F15687	0_2_00F15687

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: String function: 00E67F60 appears 40 times
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: String function: 00E74C90 appears 77 times

Source: rUfr2hQGOb.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: rUfr2hQGOb.exe	Static PE information: Section: ZLIB complexity 0.9993681066176471
Source: rUfr2hQGOb.exe	Static PE information: Section: euwqsiiy ZLIB complexity 0.9947880697513812

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Code function: 0_2_00E92070 CoCreateInstance,

0_2_00E92070

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: rUfr2hQGOb.exe	Virustotal: Detection: 52%
Source: rUfr2hQGOb.exe	ReversingLabs: Detection: 63%

Source: rUfr2hQGOb.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

File read: C:\Users\user\Desktop\rUfr2hQGOb.exe

Jump to behavior

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Section loaded: dpapi.dll	Jump to behavior

Source: rUfr2hQGOb.exe

Static file information: File size 1840128 > 1048576

Source: rUfr2hQGOb.exe

Static PE information: Raw size of euwqsiiy is bigger than: 0x100000 < 0x197400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Unpacked PE file: 0.2.rUfr2hQGOb.exe.e60000.0.unpack :EW;.rsrc:W;.idata :W; :EW;euwqsiiy:EW;vicydjgv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;euwqsiiy:EW;vicydjgv:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: rUfr2hQGOb.exe

Static PE information: real checksum: 0x1ca0a3 should be: 0x1c4d8d

Source: rUfr2hQGOb.exe	Static PE information: section name:
Source: rUfr2hQGOb.exe	Static PE information: section name: .idata
Source: rUfr2hQGOb.exe	Static PE information: section name:
Source: rUfr2hQGOb.exe	Static PE information: section name: euwqsiiy
Source: rUfr2hQGOb.exe	Static PE information: section name: vicydjgv
Source: rUfr2hQGOb.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_01039949 push 46D51A13h; mov dword ptr [esp], edx	0_2_0103C123
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_010A4114 push 3C074DB3h; mov dword ptr [esp], edx	0_2_010A413D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC60CD push edi; mov dword ptr [esp], eax	0_2_00EC646A
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC60CD push 14552601h; mov dword ptr [esp], eax	0_2_00EC64B4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC60CD push ecx; mov dword ptr [esp], 497E01B0h	0_2_00EC6513
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC60CD push 5B1E6D15h; mov dword ptr [esp], esi	0_2_00EC6586
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC60CD push 5AC742EDh; mov dword ptr [esp], ecx	0_2_00EC65E3
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC60CD push ebx; mov dword ptr [esp], 5F6D98F5h	0_2_00EC65EE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EC60CD push 524DB2BDh; mov dword ptr [esp], ecx	0_2_00EC6619
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00FF40C8 push esi; mov dword ptr [esp], eax	0_2_00FF4104
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EBC0AE push 559E139Eh; mov dword ptr [esp], eax	0_2_00EBC0D1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F400A8 push ebx; mov dword ptr [esp], 5FFACAF3h	0_2_00F4011E
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F400A8 push ebp; mov dword ptr [esp], eax	0_2_00F401F4
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00F400A8 push 1F1D3370h; mov dword ptr [esp], edx	0_2_00F40202
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EBC0B6 push 559E139Eh; mov dword ptr [esp], eax	0_2_00EBC0D1
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EB9E0C push edi; mov dword ptr [esp], ebx	0_2_00EBA167
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EBA008 push ebx; mov dword ptr [esp], eax	0_2_00EBA011
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EBC1FA push 0612EF1Ah; mov dword ptr [esp], edx	0_2_00EBD91D
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EB818A push esi; mov dword ptr [esp], edx	0_2_00EB88C6
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE8194 push 3B6360C1h; mov dword ptr [esp], eax	0_2_00EE85B5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE8194 push 5519F4F1h; mov dword ptr [esp], edx	0_2_00EE8645
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE8194 push 28FB7D6Ch; mov dword ptr [esp], eax	0_2_00EE86E5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EE8194 push 07B22B2Bh; mov dword ptr [esp], ecx	0_2_00EE872C
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EBC168 push ebx; mov dword ptr [esp], 2F0FDD2Bh	0_2_00EBC1A5
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EBC168 push ebp; mov dword ptr [esp], esi	0_2_00EBE1FA
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EBC168 push ebp; mov dword ptr [esp], 5E7D9D5Eh	0_2_00EBF49B
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EB8140 push ebx; mov dword ptr [esp], 1747360Bh	0_2_00EB91F2
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EB8140 push 46B0AB0Ch; mov dword ptr [esp], edx	0_2_00EBA414
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EB8140 push ebx; mov dword ptr [esp], eax	0_2_00EBA49F
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EB815C push ebx; mov dword ptr [esp], ecx	0_2_00EB87DF
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Code function: 0_2_00EB815C push 59915900h; mov dword ptr [esp], ebp	0_2_00EB88F0

Source: rUfr2hQGOb.exe	Static PE information: section name: entropy: 7.9729611172320425
Source: rUfr2hQGOb.exe	Static PE information: section name: euwqsiiy entropy: 7.953362081620798

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: EB8A19 second address: EB8A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007F0860AE70C4h 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B539 second address: 102B53E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B53E second address: 102B544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B544 second address: 102B554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F0860D30766h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B554 second address: 102B558 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B6B3 second address: 102B6B9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B928 second address: 102B92E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B92E second address: 102B93C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B93C second address: 102B940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102B940 second address: 102B946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102BA73 second address: 102BA77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102E9B5 second address: 102E9BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102E9BB second address: 102E9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102E9BF second address: 102E9C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102E9C3 second address: 102EA42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F0860AE70B8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 pushad 0x00000026 call 00007F0860AE70BEh 0x0000002b jbe 00007F0860AE70B6h 0x00000031 pop edi 0x00000032 push eax 0x00000033 jno 00007F0860AE70B6h 0x00000039 pop edx 0x0000003a popad 0x0000003b sbb dx, E893h 0x00000040 push 00000000h 0x00000042 mov dx, si 0x00000045 sub dword ptr [ebp+122D1838h], esi 0x0000004b call 00007F0860AE70B9h 0x00000050 jmp 00007F0860AE70C4h 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EA42 second address: 102EA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EA47 second address: 102EA71 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007F0860AE70B6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jo 00007F0860AE70C2h 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EA71 second address: 102EA77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EA77 second address: 102EA7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EA7C second address: 102EA8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EA8D second address: 102EA91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EA91 second address: 102EA97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EA97 second address: 102EB26 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0860AE70B8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push edi 0x0000000e jne 00007F0860AE70B8h 0x00000014 pop ecx 0x00000015 push 00000003h 0x00000017 mov si, DAABh 0x0000001b jp 00007F0860AE70BCh 0x00000021 push 00000000h 0x00000023 jnc 00007F0860AE70BBh 0x00000029 push 00000003h 0x0000002b mov dword ptr [ebp+122D1A96h], edi 0x00000031 push 9B4BE238h 0x00000036 jns 00007F0860AE70D1h 0x0000003c add dword ptr [esp], 24B41DC8h 0x00000043 jmp 00007F0860AE70C1h 0x00000048 lea ebx, dword ptr [ebp+1244978Ch] 0x0000004e or dword ptr [ebp+122D1A6Ah], eax 0x00000054 xchg eax, ebx 0x00000055 push eax 0x00000056 push edx 0x00000057 push ecx 0x00000058 push edi 0x00000059 pop edi 0x0000005a pop ecx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EBD0 second address: 102EBDA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0860D30766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EBDA second address: 102EC58 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0860AE70BDh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D3933h], eax 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F0860AE70B8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 jnl 00007F0860AE70BBh 0x00000036 call 00007F0860AE70B9h 0x0000003b jmp 00007F0860AE70BCh 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F0860AE70C9h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EC58 second address: 102EC5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EC5E second address: 102EC93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0860AE70C6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EC93 second address: 102EC99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102EC99 second address: 102ECBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jp 00007F0860AE70C8h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102ECBA second address: 102ECBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102ECBE second address: 102ECC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102ECC2 second address: 102ECD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 102ECD1 second address: 102ED55 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0860AE70C7h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f popad 0x00000010 pop eax 0x00000011 push 00000003h 0x00000013 movzx ecx, di 0x00000016 jl 00007F0860AE70CDh 0x0000001c call 00007F0860AE70C0h 0x00000021 mov edx, dword ptr [ebp+122D274Eh] 0x00000027 pop edi 0x00000028 push 00000000h 0x0000002a sbb edx, 4968445Bh 0x00000030 cmc 0x00000031 push 00000003h 0x00000033 push 00000000h 0x00000035 push ebx 0x00000036 call 00007F0860AE70B8h 0x0000003b pop ebx 0x0000003c mov dword ptr [esp+04h], ebx 0x00000040 add dword ptr [esp+04h], 00000017h 0x00000048 inc ebx 0x00000049 push ebx 0x0000004a ret 0x0000004b pop ebx 0x0000004c ret 0x0000004d push 95F7A4D1h 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 jnp 00007F0860AE70B6h 0x0000005b jng 00007F0860AE70B6h 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 101ED42 second address: 101ED47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 101ED47 second address: 101ED64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F0860AE70C7h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104D302 second address: 104D306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104D595 second address: 104D599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104D599 second address: 104D59F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104D59F second address: 104D5E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0860AE70C7h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0860AE70C6h 0x00000012 push edx 0x00000013 jmp 00007F0860AE70BFh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104D5E6 second address: 104D5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104D5EB second address: 104D620 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F0860AE70C7h 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F0860AE70B6h 0x00000012 popad 0x00000013 push ecx 0x00000014 jmp 00007F0860AE70BDh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104D768 second address: 104D78D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F0860D30766h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jnp 00007F0860D30766h 0x00000011 popad 0x00000012 pushad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007F0860D3076Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104DCF3 second address: 104DCF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104DCF7 second address: 104DD48 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0860D30766h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F0860D30773h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0860D30778h 0x00000018 push eax 0x00000019 push edx 0x0000001a jnc 00007F0860D30766h 0x00000020 jmp 00007F0860D30770h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104DD48 second address: 104DD4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104DD4C second address: 104DD52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104DD52 second address: 104DD59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104DEA2 second address: 104DEA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104E14D second address: 104E160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jng 00007F0860AE70B6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 101D0C9 second address: 101D120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0860D30770h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0860D30771h 0x00000012 pushad 0x00000013 jmp 00007F0860D30775h 0x00000018 jmp 00007F0860D30777h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 101D120 second address: 101D142 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0860AE70C8h 0x00000009 jbe 00007F0860AE70B6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104E5E3 second address: 104E5FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jng 00007F0860D30766h 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0860D3076Ah 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104E5FE second address: 104E608 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104E608 second address: 104E60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104ED5E second address: 104ED62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104ED62 second address: 104ED66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104F000 second address: 104F004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 104F004 second address: 104F00A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10561A3 second address: 1056202 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F0860AE70C5h 0x00000012 mov eax, dword ptr [eax] 0x00000014 jp 00007F0860AE70BAh 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jbe 00007F0860AE70C8h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105510C second address: 1055110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1055110 second address: 1055123 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105AC95 second address: 105ACAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0860D3076Dh 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105ACAA second address: 105ACB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105ACB0 second address: 105ACB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105ACB7 second address: 105ACC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F0860AE70B6h 0x00000009 jne 00007F0860AE70B6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105ACC8 second address: 105ACF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jg 00007F0860D30766h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0860D30778h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105AFE3 second address: 105AFE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105B2D2 second address: 105B2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0860D3076Ah 0x0000000c jnl 00007F0860D3076Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105D32C second address: 105D3B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 455976B8h 0x00000010 mov dword ptr [ebp+122D1A4Fh], eax 0x00000016 call 00007F0860AE70B9h 0x0000001b pushad 0x0000001c pushad 0x0000001d jmp 00007F0860AE70BBh 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 jp 00007F0860AE70B8h 0x0000002b popad 0x0000002c push eax 0x0000002d push esi 0x0000002e push edi 0x0000002f pushad 0x00000030 popad 0x00000031 pop edi 0x00000032 pop esi 0x00000033 mov eax, dword ptr [esp+04h] 0x00000037 js 00007F0860AE70C7h 0x0000003d jmp 00007F0860AE70C1h 0x00000042 mov eax, dword ptr [eax] 0x00000044 jmp 00007F0860AE70BEh 0x00000049 mov dword ptr [esp+04h], eax 0x0000004d pushad 0x0000004e ja 00007F0860AE70BCh 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105D682 second address: 105D6B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D30771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F0860D30776h 0x00000012 ja 00007F0860D30766h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105D6B8 second address: 105D6BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105D6BE second address: 105D6C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105D9AC second address: 105D9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0860AE70C9h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105D9CA second address: 105D9EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0860D30776h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105DF9C second address: 105DFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105DFA0 second address: 105DFC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0860D30777h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105E0B6 second address: 105E0BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105E1D7 second address: 105E1DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105E4C4 second address: 105E4C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105E4C8 second address: 105E4D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F0860D3076Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105E563 second address: 105E56D instructions: 0x00000000 rdtsc 0x00000002 js 00007F0860AE70BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105E56D second address: 105E5AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F0860D30777h 0x0000000d ja 00007F0860D30768h 0x00000013 popad 0x00000014 nop 0x00000015 mov dword ptr [ebp+122D1833h], ebx 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e ja 00007F0860D3076Ch 0x00000024 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105EA4E second address: 105EA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105EA52 second address: 105EAE1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0860D30766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b call 00007F0860D30776h 0x00000010 mov di, cx 0x00000013 pop esi 0x00000014 push 00000000h 0x00000016 or edi, dword ptr [ebp+122D2A4Fh] 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 call 00007F0860D30768h 0x00000026 pop esi 0x00000027 mov dword ptr [esp+04h], esi 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc esi 0x00000034 push esi 0x00000035 ret 0x00000036 pop esi 0x00000037 ret 0x00000038 call 00007F0860D30775h 0x0000003d pop esi 0x0000003e pushad 0x0000003f call 00007F0860D3076Fh 0x00000044 sub dword ptr [ebp+122D250Ah], ecx 0x0000004a pop esi 0x0000004b popad 0x0000004c push eax 0x0000004d pushad 0x0000004e jmp 00007F0860D3076Ch 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105F408 second address: 105F4B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 sub si, C221h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F0860AE70B8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 call 00007F0860AE70C5h 0x0000002e sub dword ptr [ebp+12474627h], ebx 0x00000034 pop edi 0x00000035 jnp 00007F0860AE70D6h 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push eax 0x00000040 call 00007F0860AE70B8h 0x00000045 pop eax 0x00000046 mov dword ptr [esp+04h], eax 0x0000004a add dword ptr [esp+04h], 0000001Dh 0x00000052 inc eax 0x00000053 push eax 0x00000054 ret 0x00000055 pop eax 0x00000056 ret 0x00000057 adc si, D115h 0x0000005c mov si, dx 0x0000005f push eax 0x00000060 pushad 0x00000061 pushad 0x00000062 push edx 0x00000063 pop edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105F4B4 second address: 105F4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105F4BD second address: 105F4C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10605E7 second address: 10605FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F0860D30766h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105FCA1 second address: 105FCA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105FCA7 second address: 105FCAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105FCAC second address: 105FCB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105FCB2 second address: 105FCB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1061ACE second address: 1061AD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F0860AE70B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106309B second address: 10630A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1067EB6 second address: 1067ED6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0860AE70C8h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1067ED6 second address: 1067EDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1067EDA second address: 1067EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1068457 second address: 1068481 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007F0860D30766h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0860D30779h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1068481 second address: 1068487 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106950A second address: 1069510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106A3E5 second address: 106A456 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 pushad 0x0000000a js 00007F0860AE70B6h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 pop eax 0x00000014 nop 0x00000015 mov edi, dword ptr [ebp+122D2CAFh] 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007F0860AE70B8h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000018h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 cmc 0x00000038 push 00000000h 0x0000003a mov bh, EAh 0x0000003c xchg eax, esi 0x0000003d jmp 00007F0860AE70BFh 0x00000042 push eax 0x00000043 pushad 0x00000044 jmp 00007F0860AE70C5h 0x00000049 push eax 0x0000004a push edx 0x0000004b jno 00007F0860AE70B6h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106A456 second address: 106A45A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10696A7 second address: 106973D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F0860AE70B6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 mov edi, dword ptr [ebp+122D2861h] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov edi, dword ptr [ebp+122D2D3Ah] 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007F0860AE70B8h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 mov dword ptr [ebp+12477480h], esi 0x0000004b mov eax, dword ptr [ebp+122D0E01h] 0x00000051 jmp 00007F0860AE70C2h 0x00000056 push FFFFFFFFh 0x00000058 mov dword ptr [ebp+122D1997h], ebx 0x0000005e nop 0x0000005f jp 00007F0860AE70C2h 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F0860AE70BEh 0x0000006d rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106973D second address: 1069743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1069743 second address: 1069747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106B44C second address: 106B452 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106B452 second address: 106B49E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jg 00007F0860AE70B8h 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 nop 0x00000014 jmp 00007F0860AE70BDh 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007F0860AE70B8h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 push 00000000h 0x00000037 sub dword ptr [ebp+1244B9D1h], edx 0x0000003d xchg eax, esi 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106D352 second address: 106D3AC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0860D3076Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jng 00007F0860D3076Ah 0x00000013 mov bx, 85ABh 0x00000017 push 00000000h 0x00000019 jns 00007F0860D30769h 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push edi 0x00000024 call 00007F0860D30768h 0x00000029 pop edi 0x0000002a mov dword ptr [esp+04h], edi 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc edi 0x00000037 push edi 0x00000038 ret 0x00000039 pop edi 0x0000003a ret 0x0000003b adc edi, 53746718h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push ecx 0x00000045 pushad 0x00000046 popad 0x00000047 pop ecx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106D3AC second address: 106D3BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0860AE70BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106E51D second address: 106E521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106E521 second address: 106E52A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106E52A second address: 106E555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0860D3076Ch 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0860D30774h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106E555 second address: 106E55B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106D637 second address: 106D63B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106F484 second address: 106F488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106F61A second address: 106F62C instructions: 0x00000000 rdtsc 0x00000002 js 00007F0860D30766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106F62C second address: 106F630 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106F630 second address: 106F636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106F702 second address: 106F706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10714D7 second address: 10714DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1072555 second address: 10725C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F0860AE70B8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 ja 00007F0860AE70BCh 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007F0860AE70B8h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 00000014h 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 mov ebx, dword ptr [ebp+122D1B3Fh] 0x0000004d push 00000000h 0x0000004f jmp 00007F0860AE70BBh 0x00000054 xchg eax, esi 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 push esi 0x00000059 pop esi 0x0000005a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10725C1 second address: 10725CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10746B0 second address: 10746B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1025745 second address: 1025763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 js 00007F0860D30772h 0x0000000b jp 00007F0860D30766h 0x00000011 jne 00007F0860D30766h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b push eax 0x0000001c pop eax 0x0000001d pop esi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1025763 second address: 1025769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1025769 second address: 102577B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0860D30766h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 107063F second address: 1070644 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10727A9 second address: 107282E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D30776h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov ebx, dword ptr [ebp+122D2AC3h] 0x00000010 push dword ptr fs:[00000000h] 0x00000017 mov edi, dword ptr [ebp+122D19A0h] 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007F0860D30768h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 00000019h 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e mov dword ptr [ebp+122D17BCh], ebx 0x00000044 mov eax, dword ptr [ebp+122D1375h] 0x0000004a jg 00007F0860D3076Fh 0x00000050 push FFFFFFFFh 0x00000052 mov edi, dword ptr [ebp+12476D54h] 0x00000058 mov dword ptr [ebp+122D1ACBh], edi 0x0000005e nop 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 107282E second address: 1072832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1072832 second address: 1072836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1072836 second address: 107283F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1076E10 second address: 1076E16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1076E16 second address: 1076E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1077E06 second address: 1077E20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0860D30776h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1077E20 second address: 1077E24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1077E24 second address: 1077E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 or di, 9F97h 0x0000000e mov di, 9078h 0x00000012 push 00000000h 0x00000014 jmp 00007F0860D3076Dh 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F0860D30768h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov di, bx 0x00000038 xchg eax, esi 0x00000039 push ecx 0x0000003a jmp 00007F0860D3076Eh 0x0000003f pop ecx 0x00000040 push eax 0x00000041 pushad 0x00000042 jbe 00007F0860D3076Ch 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1077E84 second address: 1077E8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1078F25 second address: 1078F2F instructions: 0x00000000 rdtsc 0x00000002 je 00007F0860D30766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1078039 second address: 107803E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 107803E second address: 10780C9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0860D3077Ch 0x00000008 jmp 00007F0860D30776h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 mov ebx, 4B42B9E4h 0x00000017 jmp 00007F0860D3076Fh 0x0000001c push dword ptr fs:[00000000h] 0x00000023 mov dword ptr [ebp+12458FEEh], esi 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F0860D30768h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000014h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov dword ptr [ebp+1247353Fh], ebx 0x00000050 mov eax, dword ptr [ebp+122D09B5h] 0x00000056 or dword ptr [ebp+122D2FEDh], ecx 0x0000005c push FFFFFFFFh 0x0000005e stc 0x0000005f nop 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F0860D3076Bh 0x00000068 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10780C9 second address: 10780EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0860AE70C3h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10780EA second address: 10780EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 107BA8B second address: 107BA93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 107BA93 second address: 107BA97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 107D566 second address: 107D56A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 107D56A second address: 107D578 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D3076Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1080F14 second address: 1080F20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0860AE70B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1080F20 second address: 1080F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1086339 second address: 108633D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108633D second address: 1086386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 jmp 00007F0860D30775h 0x0000000e pop ebx 0x0000000f je 00007F0860D3077Bh 0x00000015 jmp 00007F0860D30775h 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jg 00007F0860D30768h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1086386 second address: 108639C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jno 00007F0860AE70B6h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108639C second address: 10863A6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0860D3076Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10863A6 second address: EB8A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push edx 0x0000000b ja 00007F0860AE70BCh 0x00000011 jno 00007F0860AE70B6h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a mov di, 2444h 0x0000001e movzx esi, bx 0x00000021 popad 0x00000022 clc 0x00000023 push dword ptr [ebp+122D0041h] 0x00000029 cmc 0x0000002a call dword ptr [ebp+122D1B77h] 0x00000030 pushad 0x00000031 ja 00007F0860AE70BCh 0x00000037 xor dword ptr [ebp+122D2257h], edx 0x0000003d xor eax, eax 0x0000003f cld 0x00000040 mov edx, dword ptr [esp+28h] 0x00000044 mov dword ptr [ebp+122D1945h], ebx 0x0000004a mov dword ptr [ebp+122D2BD3h], eax 0x00000050 pushad 0x00000051 jmp 00007F0860AE70BEh 0x00000056 movzx esi, bx 0x00000059 popad 0x0000005a mov esi, 0000003Ch 0x0000005f jp 00007F0860AE70BCh 0x00000065 add esi, dword ptr [esp+24h] 0x00000069 clc 0x0000006a lodsw 0x0000006c jmp 00007F0860AE70C0h 0x00000071 add eax, dword ptr [esp+24h] 0x00000075 mov dword ptr [ebp+122D19A0h], eax 0x0000007b mov ebx, dword ptr [esp+24h] 0x0000007f jmp 00007F0860AE70C6h 0x00000084 nop 0x00000085 jl 00007F0860AE70C0h 0x0000008b pushad 0x0000008c push esi 0x0000008d pop esi 0x0000008e push eax 0x0000008f push edx 0x00000090 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108C345 second address: 108C34E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108B67D second address: 108B683 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108B92D second address: 108B933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108B933 second address: 108B93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108B93F second address: 108B944 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BBEF second address: 108BC0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jnl 00007F0860AE70B6h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 jnp 00007F0860AE70BEh 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BC0A second address: 108BC14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BC14 second address: 108BC18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BC18 second address: 108BC47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0860D30770h 0x0000000b pushad 0x0000000c jp 00007F0860D30766h 0x00000012 jmp 00007F0860D3076Ah 0x00000017 jnl 00007F0860D30766h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BD76 second address: 108BD99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 js 00007F0860AE70D1h 0x0000000c jmp 00007F0860AE70C5h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BEE8 second address: 108BEEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BEEE second address: 108BEFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F0860AE70B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BEFF second address: 108BF17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D30774h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108BF17 second address: 108BF21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F0860AE70B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065080 second address: 1065086 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10652B7 second address: 10652C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F0860AE70B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106556D second address: 106557F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F0860D3076Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106557F second address: 1065583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065583 second address: EB8A19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D30774h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push dword ptr [ebp+122D0041h] 0x00000010 call dword ptr [ebp+122D1B77h] 0x00000016 pushad 0x00000017 ja 00007F0860D3076Ch 0x0000001d xor eax, eax 0x0000001f cld 0x00000020 mov edx, dword ptr [esp+28h] 0x00000024 mov dword ptr [ebp+122D1945h], ebx 0x0000002a mov dword ptr [ebp+122D2BD3h], eax 0x00000030 pushad 0x00000031 jmp 00007F0860D3076Eh 0x00000036 movzx esi, bx 0x00000039 popad 0x0000003a mov esi, 0000003Ch 0x0000003f jp 00007F0860D3076Ch 0x00000045 add esi, dword ptr [esp+24h] 0x00000049 clc 0x0000004a lodsw 0x0000004c jmp 00007F0860D30770h 0x00000051 add eax, dword ptr [esp+24h] 0x00000055 mov dword ptr [ebp+122D19A0h], eax 0x0000005b mov ebx, dword ptr [esp+24h] 0x0000005f jmp 00007F0860D30776h 0x00000064 nop 0x00000065 jl 00007F0860D30770h 0x0000006b pushad 0x0000006c push esi 0x0000006d pop esi 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10655DE second address: 1065638 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0860AE70B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b xor dword ptr [esp], 6F08A7A7h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F0860AE70B8h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c mov edx, dword ptr [ebp+1244BD40h] 0x00000032 mov ecx, 4F2226A0h 0x00000037 call 00007F0860AE70B9h 0x0000003c push ecx 0x0000003d jp 00007F0860AE70B8h 0x00000043 pop ecx 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push ebx 0x00000048 jnc 00007F0860AE70B6h 0x0000004e pop ebx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065638 second address: 1065654 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0860D3076Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065654 second address: 1065658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065658 second address: 106566B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F0860D30766h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 106566B second address: 1065671 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10657A8 second address: 10657AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10657AC second address: 10657B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065AAF second address: 1065AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065E48 second address: 1065E4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065E4E second address: 1065E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065F6E second address: 1065F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1066188 second address: 106618D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108F9FA second address: 108FA1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0860AE70BDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F0860AE70C2h 0x00000011 je 00007F0860AE70B6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108FCF1 second address: 108FCF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108FCF5 second address: 108FCFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108FE69 second address: 108FE75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F0860D30766h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108FF92 second address: 108FF98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 108FF98 second address: 108FF9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109026A second address: 109026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109026E second address: 109028E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0860D3076Fh 0x0000000e jo 00007F0860D3076Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109028E second address: 1090292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10903FA second address: 1090400 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109D922 second address: 109D94C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70BBh 0x00000007 jno 00007F0860AE70B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F0860AE70C5h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DAB4 second address: 109DAC6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0860D3076Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DAC6 second address: 109DACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DACA second address: 109DAD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DC42 second address: 109DC46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DC46 second address: 109DC4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DC4E second address: 109DC56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DC56 second address: 109DC5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DC5A second address: 109DC5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109DC5E second address: 109DC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109E908 second address: 109E90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109E90E second address: 109E912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 109D689 second address: 109D6A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0860AE70C3h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A4835 second address: 10A4845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A3634 second address: 10A3638 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A3638 second address: 10A363C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A363C second address: 10A3658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0860AE70C6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A3658 second address: 10A3685 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push edx 0x0000000c jmp 00007F0860D30776h 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 je 00007F0860D30766h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A3685 second address: 10A368B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A4057 second address: 10A4079 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0860D3076Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d js 00007F0860D30766h 0x00000013 je 00007F0860D30766h 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A424B second address: 10A425A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F0860AE70BEh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A425A second address: 10A4264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A4264 second address: 10A4268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A6750 second address: 10A6756 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A6756 second address: 10A6769 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0860AE70BEh 0x00000008 jne 00007F0860AE70B6h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A68B6 second address: 10A68BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A924E second address: 10A9264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0860AE70B6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e jl 00007F0860AE70B6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A9264 second address: 10A926B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A926B second address: 10A9280 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A9280 second address: 10A928B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F0860D30766h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10A93DE second address: 10A940B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0860AE70BCh 0x00000013 jne 00007F0860AE70C3h 0x00000019 jmp 00007F0860AE70BBh 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10AEFD8 second address: 10AEFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10AEFE0 second address: 10AEFEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10AEFEB second address: 10AEFEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10AEFEF second address: 10AEFF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065C26 second address: 1065C2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065C2A second address: 1065CA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F0860AE70B8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov ebx, dword ptr [ebp+1247FDE1h] 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F0860AE70B8h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 0000001Bh 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 add eax, ebx 0x00000046 push esi 0x00000047 xor dx, 5E1Bh 0x0000004c pop edx 0x0000004d nop 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F0860AE70C9h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065CA4 second address: 1065CAE instructions: 0x00000000 rdtsc 0x00000002 je 00007F0860D30766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1065CAE second address: 1065CB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0860AE70B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10AF491 second address: 10AF4A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D3076Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B23CE second address: 10B23D8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0860AE70B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B23D8 second address: 10B23E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B23E1 second address: 10B23E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B23E7 second address: 10B2419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0860D30777h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f js 00007F0860D30766h 0x00000015 jp 00007F0860D30766h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B2419 second address: 10B241D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B632C second address: 10B6330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B56D1 second address: 10B56D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B5845 second address: 10B5865 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D30772h 0x00000007 jng 00007F0860D30766h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10B5865 second address: 10B586B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C128F second address: 10C12EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F0860D30766h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007F0860D3077Fh 0x00000012 jmp 00007F0860D30777h 0x00000017 push esi 0x00000018 pop esi 0x00000019 pushad 0x0000001a jmp 00007F0860D30776h 0x0000001f je 00007F0860D30766h 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F0860D30772h 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C12EE second address: 10C12F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10BF293 second address: 10BF2A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0860D30766h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10BF2A1 second address: 10BF2C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70C9h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10BF48B second address: 10BF4A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0860D3076Bh 0x00000008 jmp 00007F0860D3076Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10BF874 second address: 10BF87A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C0144 second address: 10C0148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C0148 second address: 10C014E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C0460 second address: 10C0478 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D30774h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C0478 second address: 10C0488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F0860AE70BEh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C0CF9 second address: 10C0CFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C44F8 second address: 10C44FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C44FE second address: 10C4507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C4507 second address: 10C450D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C4699 second address: 10C46A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0860D30766h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C4A7F second address: 10C4A97 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0860AE70C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C4A97 second address: 10C4ABE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D3076Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0860D3076Fh 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C4ABE second address: 10C4AC4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10C4D7D second address: 10C4D91 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0860D30766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F0860D3076Ah 0x00000010 pushad 0x00000011 popad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D09E1 second address: 10D09E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D09E7 second address: 10D09EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D0F11 second address: 10D0F1B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D11E0 second address: 10D11ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F0860D30777h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D11ED second address: 10D1201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0860AE70BBh 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D148B second address: 10D14C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D3076Eh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jc 00007F0860D30766h 0x00000010 jmp 00007F0860D3076Bh 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0860D30774h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D14C8 second address: 10D14D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 je 00007F0860AE70B6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D1632 second address: 10D1644 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0860D30766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F0860D30772h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D1644 second address: 10D164A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D2580 second address: 10D2584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D2584 second address: 10D259D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F0860AE70BFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D259D second address: 10D25E7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0860D30766h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0860D30773h 0x00000014 push edi 0x00000015 jmp 00007F0860D30771h 0x0000001a jmp 00007F0860D30775h 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D05C6 second address: 10D05D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0860AE70BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D05D9 second address: 10D05DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9FAC second address: 10D9FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9FB0 second address: 10D9FCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D30770h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007F0860D30768h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9FCC second address: 10D9FE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70C0h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9FE2 second address: 10D9FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9AEB second address: 10D9AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9AF1 second address: 10D9B05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D3076Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9B05 second address: 10D9B11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9B11 second address: 10D9B17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10D9C30 second address: 10D9C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10ECB62 second address: 10ECB76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F0860D3076Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10ECB76 second address: 10ECB8A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0860AE70BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10EC652 second address: 10EC675 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0860D30766h 0x00000008 jmp 00007F0860D30775h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10EC675 second address: 10EC67B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10EC67B second address: 10EC67F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10EF2D7 second address: 10EF2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F0860AE70C4h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10EF2F6 second address: 10EF2FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10F54F3 second address: 10F54FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F0860AE70B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10F9F24 second address: 10F9F42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D30779h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10FE3A2 second address: 10FE3A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 10FE3A6 second address: 10FE3AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1105F58 second address: 1105F66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F0860AE70B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1106109 second address: 1106111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1106111 second address: 1106117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1106117 second address: 110611C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 110611C second address: 1106136 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0860AE70C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1106293 second address: 11062B3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0860D3077Ah 0x00000008 jmp 00007F0860D30774h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 11062B3 second address: 11062B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 110671A second address: 1106744 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnp 00007F0860D30766h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0860D30778h 0x00000011 jl 00007F0860D30766h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1124E86 second address: 1124E8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1124E8A second address: 1124E90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1124E90 second address: 1124EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F0860AE70B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1124EA1 second address: 1124EAF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jo 00007F0860D30766h 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1124EAF second address: 1124EC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70BEh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1124EC2 second address: 1124EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1127572 second address: 1127576 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1127576 second address: 112757C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 112757C second address: 1127596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0860AE70BBh 0x0000000b pushad 0x0000000c jng 00007F0860AE70B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1127596 second address: 11275AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0860D3076Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 11275AC second address: 11275B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F0860AE70B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 113DE00 second address: 113DE19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F0860D3076Eh 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 11412E5 second address: 11412E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 11412E9 second address: 11412EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 11412EF second address: 1141306 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0860AE70B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F0860AE70B8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 11413D1 second address: 11413E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860D3076Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 11413E7 second address: 11413EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 11413EC second address: 11413F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1141631 second address: 1141637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 1141637 second address: 114163B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 114163B second address: 114168A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0860AE70C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F0860AE70B8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 push 00000004h 0x00000028 sub dword ptr [ebp+12477480h], ebx 0x0000002e or dl, FFFFFFE2h 0x00000031 push 16CCA711h 0x00000036 push eax 0x00000037 push edx 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b pop edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	RDTSC instruction interceptor: First address: 105FEC8 second address: 105FEE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F0860D30766h 0x00000009 ja 00007F0860D30766h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jnl 00007F0860D3076Ch 0x0000001b rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Special instruction interceptor: First address: EB8A6E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Special instruction interceptor: First address: 107D5E4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Special instruction interceptor: First address: 10E0595 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Code function: 0_2_00EB8140 rdtsc

0_2_00EB8140

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe TID: 7692	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe TID: 7708	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: rUfr2hQGOb.exe, rUfr2hQGOb.exe, 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: rUfr2hQGOb.exe, 00000000.00000003.1814003099.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814385680.0000000000A98000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: rUfr2hQGOb.exe, 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	File opened: NTICE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	File opened: SICE
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\rUfr2hQGOb.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Code function: 0_2_00EB8140 rdtsc

0_2_00EB8140

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Code function: 0_2_00E9E110 LdrInitializeThunk,

0_2_00E9E110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: rUfr2hQGOb.exe	String found in binary or memory: bashfulacid.lat
Source: rUfr2hQGOb.exe	String found in binary or memory: curverpluch.lat
Source: rUfr2hQGOb.exe	String found in binary or memory: tentabatte.lat
Source: rUfr2hQGOb.exe	String found in binary or memory: shapestickyr.lat
Source: rUfr2hQGOb.exe	String found in binary or memory: talkynicer.lat
Source: rUfr2hQGOb.exe	String found in binary or memory: slipperyloo.lat
Source: rUfr2hQGOb.exe	String found in binary or memory: manyrestro.lat
Source: rUfr2hQGOb.exe	String found in binary or memory: observerfry.lat
Source: rUfr2hQGOb.exe	String found in binary or memory: wordyfindy.lat

Source: rUfr2hQGOb.exe, rUfr2hQGOb.exe, 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: 2Program Manager

Source: C:\Users\user\Desktop\rUfr2hQGOb.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
rUfr2hQGOb.exe	53%	Virustotal		Browse
rUfr2hQGOb.exe	63%	ReversingLabs	Win32.Trojan.StealC
rUfr2hQGOb.exe	100%	Avira	TR/Crypt.XPACK.Gen
rUfr2hQGOb.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.55.153.106	true	false	high
wordyfindy.lat	unknown	unknown	false	high
slipperyloo.lat	unknown	unknown	false	high
curverpluch.lat	unknown	unknown	false	high
tentabatte.lat	unknown	unknown	false	high
manyrestro.lat	unknown	unknown	false	high
bashfulacid.lat	unknown	unknown	false	high
shapestickyr.lat	unknown	unknown	false	high
observerfry.lat	unknown	unknown	false	high
talkynicer.lat	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
curverpluch.lat	false	high
slipperyloo.lat	false	high
tentabatte.lat	false	high
manyrestro.lat	false	high
bashfulacid.lat	false	high
observerfry.lat	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
wordyfindy.lat	false	high
shapestickyr.lat	false	high
talkynicer.lat	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://steamcommunity.com/my/wishlist/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://player.vimeo.com	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/?subsection=broadcasts	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/en/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/market/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/news/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/subscriber_agreement/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.gstatic.cn/recaptcha/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/subscriber_agreement/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net/recaptcha/;	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.valvesoftware.com/legal.htm	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/discussions/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/stats/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://medal.tv	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://broadcast.st.dl.eccdnx.com	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/steam_refunds/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://s.ytimg.com;	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/workshop/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://login.steampowered.com/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb	rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/legal/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steam.tv/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/privacy_agreement/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/points/shop/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://sketchfab.com	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://lv.queniujq.cn	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
http://127.0.0.1:27060	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/privacy_agreement/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com/recaptcha/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://checkout.steampowered.com/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.steampowered.com/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/points/shop	rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/account/cookiepreferences/	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/mobile	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/	rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814577183.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B27000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;	rUfr2hQGOb.exe, 00000000.00000003.1813758578.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813898256.0000000000B19000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000B19000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000002.1814488149.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/about/	rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l	rUfr2hQGOb.exe, 00000000.00000003.1813979760.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, rUfr2hQGOb.exe, 00000000.00000003.1813726381.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.55.153.106	steamcommunity.com	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580900
Start date and time:	2024-12-26 13:00:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	rUfr2hQGOb.exe renamed because original name is a hash value
Original Sample Name:	5d2e9c5ef270a6f7ba2a0f5e74b6cec3.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:01:27	API Interceptor	6x Sleep call for process: rUfr2hQGOb.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.55.153.106	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	P0SJULJxI0.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	b0ho5YYSdo.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.945804288517632
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	rUfr2hQGOb.exe
File size:	1'840'128 bytes
MD5:	5d2e9c5ef270a6f7ba2a0f5e74b6cec3
SHA1:	54193e8db3583bc8984e1ee17160f6f5626b9a7d
SHA256:	5c2be41a3c7e2e01794d38eb83e6a1c181fe043d1b8e800ef97a1f89ded6aa4b
SHA512:	b0e8f808443892fba15efa9b6683bc51638b7a01243b81301f86c6772f656b8156d181c97775c8085b72b6d787aa26f982f650e87071cf0925f26c106929963b
SSDEEP:	49152:EevxaZNOfVYRCo5WqlAG7ALo9DgutMMWxmncg1sG:JxwNOJo5WqlAU6oNMMcmcg1z
TLSH:	2385334A98D32106DA7C697067D31F67CBA29BC44E9CAE6DB50C03270E568FA14EC5FC
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................H...........@...........................H...........@.................................Y@..m..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x889000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F0860AF219Ah
pslld mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add eax, 0600000Ah
or al, byte ptr [eax]
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	f40bfcaf0aba3157db44d5557136575e	False	0.9993681066176471	data	7.9729611172320425	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1ac	0x200	c4249243ceaeb236e3ce8ce2ab2c9a69	False	0.5390625	data	5.249019796122045	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x29b000	0x200	96b0110371dabc544064ebd427698b02	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
euwqsiiy	0x2f0000	0x198000	0x197400	0ec3b10d115bd08c1c2a49d72ce9b951	False	0.9947880697513812	data	7.953362081620798	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vicydjgv	0x488000	0x1000	0x400	9c421fbdeb7d7ae4c13f11198e7c97a7	False	0.7880859375	data	6.1857434043293384	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x489000	0x3000	0x2200	3bb55855e33f5ab20559be69f376e4d0	False	0.06284466911764706	DOS executable (COM)	0.7983285133597359	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T13:01:27.489240+0100	2058514	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)	1	192.168.2.4	54638	1.1.1.1	53	UDP
2024-12-26T13:01:27.630094+0100	2058502	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)	1	192.168.2.4	51107	1.1.1.1	53	UDP
2024-12-26T13:01:27.769992+0100	2058492	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)	1	192.168.2.4	51360	1.1.1.1	53	UDP
2024-12-26T13:01:27.908992+0100	2058500	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)	1	192.168.2.4	59456	1.1.1.1	53	UDP
2024-12-26T13:01:28.060295+0100	2058510	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)	1	192.168.2.4	52930	1.1.1.1	53	UDP
2024-12-26T13:01:28.255317+0100	2058484	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)	1	192.168.2.4	52137	1.1.1.1	53	UDP
2024-12-26T13:01:28.395187+0100	2058512	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)	1	192.168.2.4	57914	1.1.1.1	53	UDP
2024-12-26T13:01:28.547687+0100	2058480	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)	1	192.168.2.4	53467	1.1.1.1	53	UDP
2024-12-26T13:01:30.355844+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49730	23.55.153.106	443	TCP
2024-12-26T13:01:31.163584+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49730	23.55.153.106	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:01:28.835880041 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:28.835937023 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:28.836035013 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:28.861331940 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:28.861358881 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:30.355743885 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:30.355844021 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:30.361442089 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:30.361454964 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:30.361763954 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:30.413778067 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:30.501893997 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:30.543340921 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.163615942 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.163651943 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.163661003 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.163701057 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.163717985 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.163757086 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:31.163779974 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.163824081 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:31.163872004 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:31.359924078 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.359989882 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.360114098 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:31.360141993 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.367402077 CET	443	49730	23.55.153.106	192.168.2.4
Dec 26, 2024 13:01:31.367535114 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:31.368732929 CET	49730	443	192.168.2.4	23.55.153.106
Dec 26, 2024 13:01:31.368753910 CET	443	49730	23.55.153.106	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:01:27.344280958 CET	53211	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:27.481364965 CET	53	53211	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:27.489239931 CET	54638	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:27.627012968 CET	53	54638	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:27.630094051 CET	51107	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:27.768413067 CET	53	51107	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:27.769992113 CET	51360	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:27.906945944 CET	53	51360	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:27.908992052 CET	59456	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:28.046611071 CET	53	59456	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:28.060295105 CET	52930	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:28.198112965 CET	53	52930	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:28.255316973 CET	52137	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:28.392770052 CET	53	52137	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:28.395186901 CET	57914	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:28.532332897 CET	53	57914	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:28.547687054 CET	53467	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:28.687242985 CET	53	53467	1.1.1.1	192.168.2.4
Dec 26, 2024 13:01:28.691096067 CET	52500	53	192.168.2.4	1.1.1.1
Dec 26, 2024 13:01:28.829480886 CET	53	52500	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 13:01:27.344280958 CET	192.168.2.4	1.1.1.1	0x302d	Standard query (0)	observerfry.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:27.489239931 CET	192.168.2.4	1.1.1.1	0x7198	Standard query (0)	wordyfindy.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:27.630094051 CET	192.168.2.4	1.1.1.1	0x6969	Standard query (0)	slipperyloo.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:27.769992113 CET	192.168.2.4	1.1.1.1	0x590a	Standard query (0)	manyrestro.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:27.908992052 CET	192.168.2.4	1.1.1.1	0x44cf	Standard query (0)	shapestickyr.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.060295105 CET	192.168.2.4	1.1.1.1	0x9525	Standard query (0)	talkynicer.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.255316973 CET	192.168.2.4	1.1.1.1	0x572b	Standard query (0)	curverpluch.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.395186901 CET	192.168.2.4	1.1.1.1	0x17e7	Standard query (0)	tentabatte.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.547687054 CET	192.168.2.4	1.1.1.1	0x19b3	Standard query (0)	bashfulacid.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.691096067 CET	192.168.2.4	1.1.1.1	0x4a89	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 13:01:27.481364965 CET	1.1.1.1	192.168.2.4	0x302d	Name error (3)	observerfry.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:27.627012968 CET	1.1.1.1	192.168.2.4	0x7198	Name error (3)	wordyfindy.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:27.768413067 CET	1.1.1.1	192.168.2.4	0x6969	Name error (3)	slipperyloo.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:27.906945944 CET	1.1.1.1	192.168.2.4	0x590a	Name error (3)	manyrestro.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.046611071 CET	1.1.1.1	192.168.2.4	0x44cf	Name error (3)	shapestickyr.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.198112965 CET	1.1.1.1	192.168.2.4	0x9525	Name error (3)	talkynicer.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.392770052 CET	1.1.1.1	192.168.2.4	0x572b	Name error (3)	curverpluch.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.532332897 CET	1.1.1.1	192.168.2.4	0x17e7	Name error (3)	tentabatte.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.687242985 CET	1.1.1.1	192.168.2.4	0x19b3	Name error (3)	bashfulacid.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:01:28.829480886 CET	1.1.1.1	192.168.2.4	0x4a89	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	23.55.153.106	443	7552	C:\Users\user\Desktop\rUfr2hQGOb.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:01:30 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-26 12:01:31 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Dec 2024 12:01:30 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=29751cbec042ae56fe44e73d; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-26 12:01:31 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-26 12:01:31 UTC	10097	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>
2024-12-26 12:01:31 UTC	1089	IN	Data Raw: 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 Data Ascii: heir respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br>

Target ID:	0
Start time:	07:01:25
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\rUfr2hQGOb.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\rUfr2hQGOb.exe"
Imagebase:	0xe60000
File size:	1'840'128 bytes
MD5 hash:	5D2E9C5EF270A6F7BA2A0F5E74B6CEC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	26.2%
Total number of Nodes:	65
Total number of Limit Nodes:	4

Executed Functions

Function 00E6B100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Ym]o, xrefs: 00E6B2B7
zMzO, xrefs: 00E6B267
(Y6[, xrefs: 00E6B285
k=W?, xrefs: 00E6B23F
9]_, xrefs: 00E6B28F
hI2K, xrefs: 00E6B25D
D!M#, xrefs: 00E6B1F9
pE}G, xrefs: 00E6B253
yQrS, xrefs: 00E6B271
Gq\s, xrefs: 00E6B2C1
b6j4, xrefs: 00E6B57D
XyR{, xrefs: 00E6B2D5
S%U', xrefs: 00E6B203
Gu@w, xrefs: 00E6B2CB
.AtC, xrefs: 00E6B249

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: 8c0724b55a73666291e8e60ff74b89d7d1d9ad939168adcdd10dbf71ca772afd
Instruction ID: 369fd2cf0c714ba942b32d2477d2b81487d2040e3a02921e4dfe7c7f5d88e666
Opcode Fuzzy Hash: 8c0724b55a73666291e8e60ff74b89d7d1d9ad939168adcdd10dbf71ca772afd
Instruction Fuzzy Hash: 0E0246B1100B01DFD724CF26E891B9BBBE1FB49314F148A2CD5AA9BAA0D774B459CF50

Function 00E68600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00E68A4A

Part of subcall function 00E6B7B0: FreeLibrary.KERNEL32(00E68A31), ref: 00E6B7B6
Part of subcall function 00E6B7B0: FreeLibrary.KERNEL32 ref: 00E6B7D7

Strings

}, xrefs: 00E68913
}, xrefs: 00E6890C
b]u), xrefs: 00E68877

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: bbf85666ce3035cf6c20dec0caa5c9e8b84c8d19735e2b124477ccc62c8fc912
Instruction ID: d3f4e420686561dee5218833a224dd9986847bafb4568714386348da6807f79e
Opcode Fuzzy Hash: bbf85666ce3035cf6c20dec0caa5c9e8b84c8d19735e2b124477ccc62c8fc912
Instruction Fuzzy Hash: 68C12873E587144BC708DF69C84125AF7D6ABC8750F0ED62EA898EB351EA74DC048BC1

Function 00E9E110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00EA148A,?,00000018,?,?,00000018,?,?,?), ref: 00E9E13E

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00EA1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=<32, xrefs: 00EA176D

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: 8504ac4c4b778cf67b264f36cd051c972fbe240d0c7663db5dbd1e600626cd9f
Instruction ID: 99fec78b448b69775d47a9f6ad165c9d90b00a91964d2426d3dd3889037eeaad
Opcode Fuzzy Hash: 8504ac4c4b778cf67b264f36cd051c972fbe240d0c7663db5dbd1e600626cd9f
Instruction Fuzzy Hash: 883127386083049FE7189A549C91B7BB396EB8A754F18A56CF6857B2E0D734FC409782

Function 00E69D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00E69D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00E69E78

Strings

CK, xrefs: 00E69E85

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: LibraryLoad
String ID: CK
API String ID: 1029625771-3780632675
Opcode ID: 819d800d6c3607a97554b167fec626c05bcfe5fe33e8b234ad9ff368ebb01ab4
Instruction ID: 43387ec673b70928466c9f17c8cd784ced6745822fd93550e4ccd8519fe5d57a
Opcode Fuzzy Hash: 819d800d6c3607a97554b167fec626c05bcfe5fe33e8b234ad9ff368ebb01ab4
Instruction Fuzzy Hash: DD41F274D003009FEB149F78D992A9A7FB1EB46324F505298D4903F3A6C731540ACBE2

Function 01039949 Relevance: 1.5, APIs: 1, Instructions: 40
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 0103C0A9

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 65150c94f444fd6eb6bc6b924078aa093ba6d6ef814e44534f70c958a56cc456
Instruction ID: ac89d294c7b4a6138688133999ee25ffc4fa5e361339269ac550b4540c495c08
Opcode Fuzzy Hash: 65150c94f444fd6eb6bc6b924078aa093ba6d6ef814e44534f70c958a56cc456
Instruction Fuzzy Hash: 450146B140C608DBE751BE18DD867BEB3E8AF84300F05882ED7D187640E635A8508A8B

Function 00E9E0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 00E9E0E0

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 95e7bb85636b1c374e1eb3fd284c5209ad5ba399055d9325ff246d7c9af99d51
Instruction ID: a57170d9908f9c098f9efe924b4521713bd70c575a2a70b523fe894fe3b380c4
Opcode Fuzzy Hash: 95e7bb85636b1c374e1eb3fd284c5209ad5ba399055d9325ff246d7c9af99d51
Instruction Fuzzy Hash: 5CF0E532814211FFCB146F39BD05A573BA4EFCB720F161834F400BA221DB38E85A8591

Function 00E69EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00E69ED2

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 5678223cc89d4ebd35cd6afc7206375021a82401ae039b3c10eb9989c5d3c4f5
Instruction ID: cb62ecbb14485e704d513726fb4cdffee6a7133a0626440cdb85268da7169441
Opcode Fuzzy Hash: 5678223cc89d4ebd35cd6afc7206375021a82401ae039b3c10eb9989c5d3c4f5
Instruction Fuzzy Hash: 1CE02B736406029FDB00DB31EC47E4D3356DB5B3517098438E105E1076EB72B428DA10

Function 00E9C570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,00E9E0F9), ref: 00E9C590

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 6104dcee233338f89f63bbfa08bf599b3be5f2ff7073be3cd0566af88c79187a
Instruction ID: 6bc315cb08f56efacffbd2aa20f657bdd3af21aa3864cbdcd8565b841e793711
Opcode Fuzzy Hash: 6104dcee233338f89f63bbfa08bf599b3be5f2ff7073be3cd0566af88c79187a
Instruction Fuzzy Hash: A2D0C931415522EFCA102F29BC05BC73B949F89220F074891F504BA075C624EC91CAD0

Function 00E9C55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00E9C561

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 247bf5e7fdd6e6959e29a1caa17bfdf5c5c548babce5f97d6af5883a38acdae0
Instruction ID: b8cd53d17359f8b6f01955b85555132e6bd25e2c910e253d831cf05e9afac4a0
Opcode Fuzzy Hash: 247bf5e7fdd6e6959e29a1caa17bfdf5c5c548babce5f97d6af5883a38acdae0
Instruction Fuzzy Hash: 54A001711841109EDA562B25BC09B857B21AB58621F124295E201690BA966198969A84

Function 00EB93E4 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00EB93EC

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1e5e30f2f9f2812104a4cb56d007a70e5ae402ed48dda17a6080ae93198cd03a
Instruction ID: 073a23cc84520ce42df8ca152e9637af91a973a5da0d35de0cc3c230c782ca63
Opcode Fuzzy Hash: 1e5e30f2f9f2812104a4cb56d007a70e5ae402ed48dda17a6080ae93198cd03a
Instruction Fuzzy Hash: E5F0C2728087288BC7102F6888482EE77E0EF05310F221128DED6ABB50EA365C54CAC7

Non-executed Functions

Function 00E842D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00E843AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00E8443E

Strings

n l, xrefs: 00E8596A
RE, xrefs: 00E84542
r:i8, xrefs: 00E85899
|r, xrefs: 00E853A8
Xs, xrefs: 00E85CD8
%r?p, xrefs: 00E8595F
gd, xrefs: 00E85E60
b`, xrefs: 00E855F9
=?, xrefs: 00E85BF1
tj, xrefs: 00E853BE
DD, xrefs: 00E85CEE
13, xrefs: 00E85BFC
ut, xrefs: 00E85CE3
=:, xrefs: 00E857CE
uw, xrefs: 00E85B57
N~4|, xrefs: 00E8593E
bF, xrefs: 00E8464E
+$e, xrefs: 00E843FA, 00E8442B
<j:h, xrefs: 00E85975
e>n<, xrefs: 00E8588E
y{, xrefs: 00E85B36
+$e, xrefs: 00E8437A, 00E84365

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$RE$Xs$bF$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-3256406843
Opcode ID: 5f92b08a8096bd06cf955c2c15be608834e80fb2357606943df019786148f32e
Instruction ID: ec887b8307e205da36b73549ca96f16e53343fa186e0e15af216d3b340680a52
Opcode Fuzzy Hash: 5f92b08a8096bd06cf955c2c15be608834e80fb2357606943df019786148f32e
Instruction Fuzzy Hash: 8FC20CB560D3848AD334CF14C8527DFBAF2FB92304F00892DD5E96B255D7B1864A8B9B

Function 00E99280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32 ref: 00E998DF
SysFreeString.OLEAUT32(?), ref: 00E998E5

Strings

O^, xrefs: 00E997A6
t"j, xrefs: 00E9966E
gd, xrefs: 00E9968E
Jtuj, xrefs: 00E992E5
:;$%, xrefs: 00E999C0
b{tu, xrefs: 00E992D9, 00E9939B
=hn, xrefs: 00E99676
SB, xrefs: 00E9979E

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: FreeString
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 3341692771-1335595022
Opcode ID: c564c068985201da28d5f3ddd2567ce094d553db3984442a5e05758f8b1284b5
Instruction ID: 2b426bb07b0c6fe5c6df8a4dc2b154b02f3f46e979674af3c2ccba2d5c9cfb62
Opcode Fuzzy Hash: c564c068985201da28d5f3ddd2567ce094d553db3984442a5e05758f8b1284b5
Instruction Fuzzy Hash: 7B222376A083419BD714CF28C881B5BBBE2EFC5314F18992CE5D4AB3A2D775D845CB82

Function 00E760E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

uqrs, xrefs: 00E76AF0
w}MI, xrefs: 00E76128
3F&D, xrefs: 00E76273
t~v:, xrefs: 00E761E7
L4, xrefs: 00E76BA0
ntxE, xrefs: 00E76112
qRb`, xrefs: 00E76133
~mfQ, xrefs: 00E7613E
{zdy, xrefs: 00E7611D
*,-", xrefs: 00E766EF
JyTK, xrefs: 00E76160
pt}w, xrefs: 00E761F2
L4, xrefs: 00E76780

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: 4505f2878a3a5f98fe440657475ca2f85be513739c2abbb64916e5699787608b
Instruction ID: 6228681046f99bfdf6986b5226329b490e7ed09953cf5cac08311b1e3af7f63a
Opcode Fuzzy Hash: 4505f2878a3a5f98fe440657475ca2f85be513739c2abbb64916e5699787608b
Instruction Fuzzy Hash: 254213B26083518FC7258F28D8917ABB7E2FBD6318F19893CD4D9AB256D7349805CB42

Function 00E71227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON

Download Yara Rule

Strings

+, xrefs: 00E717CB
@, xrefs: 00E717D0
F, xrefs: 00E7184E
`, xrefs: 00E713A4
), xrefs: 00E71A4D
L, xrefs: 00E71846
[, xrefs: 00E71555
>, xrefs: 00E716FF

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: )$+$>$@$F$L$[$`
API String ID: 0-4163809010
Opcode ID: fabc664d52170757ce8f6e8745606c119bcf087a49a846f43493c930a9ba8779
Instruction ID: ace61800293b8b8436e6ee22b71d0bec0f839865e6834e5dc38609807a0c1556
Opcode Fuzzy Hash: fabc664d52170757ce8f6e8745606c119bcf087a49a846f43493c930a9ba8779
Instruction Fuzzy Hash: E752C17260C7808BC3249B3CC4953AEBBE1ABD5364F199A6EE4DDE73C1D67489418B43

Function 00E7747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00E775C5

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 483c216bd43a15f88dc547b5b44d48baacdc007da7d65a767461d942bb64813e
Instruction ID: 3f4b41f52c1a670e38b83b3d87b32f54e49ab2d1cdb2c8340c6bcc6ae55672e4
Opcode Fuzzy Hash: 483c216bd43a15f88dc547b5b44d48baacdc007da7d65a767461d942bb64813e
Instruction Fuzzy Hash: F982387150C3518BC724CF28C8917ABB7E1FFDA318F199A6CE8D9A72A5E7349805C742

Function 00E69310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON

Download Yara Rule

Strings

,6.2, xrefs: 00E69446
PTvu, xrefs: 00E696F3
WAg., xrefs: 00E6943E
cbrn, xrefs: 00E693EE
A, xrefs: 00E69698
;"I, xrefs: 00E6944E
FM, xrefs: 00E69370

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
API String ID: 0-3116088196
Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction ID: c44ff4e2fa63deda17dee84324cb3c9148aa93f7cff156129c754811ef34c432
Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction Fuzzy Hash: A7C1647164C3C14BD322CF69A4A036BFFD19FD6244F085AADE4D52B382D275880ACB92

Function 00E881CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00E884BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00E885B4

Strings

_^]\, xrefs: 00E88A15
LF7Y, xrefs: 00E88951

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 25a6c5e1860d37c7ac551cf635698762421da74eba95e8d42595cf389d86150b
Instruction ID: a3474085e42fd1e464d899d6206f649a788b11eca1b5cbf98a9f643692d776d0
Opcode Fuzzy Hash: 25a6c5e1860d37c7ac551cf635698762421da74eba95e8d42595cf389d86150b
Instruction Fuzzy Hash: E122EF71A08341DFD324DF29DC8072ABBE1BF8A314F194A6CE9D9672A1D731A905CB52

Function 00E883D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00E884BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00E885B4

Strings

_^]\, xrefs: 00E88A15
LF7Y, xrefs: 00E88951

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 9862d8fb0dedaad42a8b018491a69ec0f0637c30fcd0f5c45352d3851be456a8
Instruction ID: e057ae9251e283418589edc478d42f86253f0f697ddd897676e2c10a823e7db1
Opcode Fuzzy Hash: 9862d8fb0dedaad42a8b018491a69ec0f0637c30fcd0f5c45352d3851be456a8
Instruction Fuzzy Hash: 9B12F071A0C341DFD324DF29D88072BBBE1BF8A314F194A6CE9D9672A1D731A905CB52

Function 00E824E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

"_,Y, xrefs: 00E82530
pCj], xrefs: 00E82528
;GsA, xrefs: 00E82520
.[TU, xrefs: 00E82538
=K0E, xrefs: 00E82544

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: 0704f73a12307227c7a46b26566407cf991ce440c40c415eb21fee1376dd6177
Instruction ID: d53fe6fdbb2a980713f6d01b4bfbfeaebe415eb2ccafdf163c422e7d55eeb26b
Opcode Fuzzy Hash: 0704f73a12307227c7a46b26566407cf991ce440c40c415eb21fee1376dd6177
Instruction Fuzzy Hash: 9A9113B1A083009BC714EF25C891B67B3F5EF95358F18942CFA8DAB282E375E905C756

Function 00E78169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

2h?n, xrefs: 00E783A0
SP, xrefs: 00E78396
^`/4, xrefs: 00E781E1
7, xrefs: 00E78419
gfff, xrefs: 00E78458

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: 79ff55f93517d24a16dc16c7e50ede2974a1e754b4a883323e5f0f0a8df7acc1
Instruction ID: 3cdbb809611b087bcab8d7dd840c7f28cffa92935f2f98933b82a4e266c58982
Opcode Fuzzy Hash: 79ff55f93517d24a16dc16c7e50ede2974a1e754b4a883323e5f0f0a8df7acc1
Instruction Fuzzy Hash: BCA14872A543108BD314CF28D8557AFB7D2FBD5318F19DA3DE489E7391EA3898068B81

Function 00E81340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON

Download Yara Rule

Strings

sp, xrefs: 00E81528
9deZ, xrefs: 00E81818
eb, xrefs: 00E816F6
{s, xrefs: 00E81520

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: 9deZ$eb$sp${s
API String ID: 0-3993331145
Opcode ID: 42373b80fce0bb1d9a52d166ae5d983f226654c1031c4f52a3e5d0374cee5cb4
Instruction ID: 906af870cf449de70a46d38e8aa419f5455651a91ed91b3444778ec28fd8dcc0
Opcode Fuzzy Hash: 42373b80fce0bb1d9a52d166ae5d983f226654c1031c4f52a3e5d0374cee5cb4
Instruction Fuzzy Hash: 3DD106B12183048BC728EF24C89166BB7F1FFD5354F089A5CE4DA9B3A0E7789905C752

Function 00E891AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00E891DA

Strings

wpq, xrefs: 00E892B7
+Ku, xrefs: 00E892AF

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 7f2f26a055f78fb45cf2e5a9357291226e04e0f60e4404c9367b84f3762239e0
Instruction ID: 12d723dca99335748de20bcf1d8e24e5ce6e55a155e398e339bceca30a98a3ad
Opcode Fuzzy Hash: 7f2f26a055f78fb45cf2e5a9357291226e04e0f60e4404c9367b84f3762239e0
Instruction Fuzzy Hash: 9751CE7261C3118FC324CF69984076FB7E2EBC5310F15892DE4EACB285DB70D50A8B92

Function 00E890D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00E89170

Strings

M/(, xrefs: 00E8913D
M/(, xrefs: 00E8919E

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: 8a6730c9f5e030bde8d0e80d2d1425d66cc8def83d42f201d1ab6110ecc5113d
Instruction ID: 41c63df1f3884cac1c9109effde988d9dae89134e82813d2a130baf9acfdbd79
Opcode Fuzzy Hash: 8a6730c9f5e030bde8d0e80d2d1425d66cc8def83d42f201d1ab6110ecc5113d
Instruction Fuzzy Hash: 56213171A4C3115FE710CE34988579BB7AAEBC6700F01892CA0D5AB1C5D678880B8792

Function 00E8A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

<\hX, xrefs: 00E8A236
_^]\, xrefs: 00E8A49C, 00E8A188
.txt, xrefs: 00E8A371

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 6486b3de5e18b7472f4697176fd33f435285c9fe0dc4930683fcf5de3367f2fc
Instruction ID: 390cdd6185de19f695d7b6ac4457c9d75c57408d0d211a719a6fd4a2c1a26047
Opcode Fuzzy Hash: 6486b3de5e18b7472f4697176fd33f435285c9fe0dc4930683fcf5de3367f2fc
Instruction Fuzzy Hash: 8DC1297160C340DFE704EF25DC4166ABBE2AF8A314F188A6DF0D9672A2D735A945CB13

Function 00E7D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 00E7D4DD
bh, xrefs: 00E7D4D6

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 64c61d8143bc73d7e4e9c0cc791069efc548e1c0e028c719a558e04f13d56f78
Instruction ID: 1a0d9f33660478a48f10064db90f5e4676849139856c517be0f109d6210b55c3
Opcode Fuzzy Hash: 64c61d8143bc73d7e4e9c0cc791069efc548e1c0e028c719a558e04f13d56f78
Instruction Fuzzy Hash: D23236B1A05611CBCB24CF28CC916B7B7B1FF95314F18D259D89AAB394E734A842CB91

Function 00F11121 Relevance: 2.8, Strings: 2, Instructions: 338COMMON

Download Yara Rule

Strings

&m, xrefs: 00F1142C
l{&h, xrefs: 00F11419

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: &m$l{&h
API String ID: 0-329666730
Opcode ID: 09e491a1faea265aa0a881b55e7c817a40a670462aaee2f99e97f432adc74760
Instruction ID: 4b2e39beb6096cac5337eefc910791a8c47e822184e6056ca670a50ac0f4d909
Opcode Fuzzy Hash: 09e491a1faea265aa0a881b55e7c817a40a670462aaee2f99e97f432adc74760
Instruction Fuzzy Hash: FEB127B3E1411847F3585E29DC58776B796DB94320F2B823CCE98977C4E93EAD0A8385

Function 00E64270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 00E64661
), xrefs: 00E642EB

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 2e3d02a4e710e60458cf0f3c2bfefd9f6c824305365afb9906cf0daa32af4286
Instruction ID: 1ba974803e28a5ff3a28289f7aea4ff29900761126d783fb0a8c8a2459cdf790
Opcode Fuzzy Hash: 2e3d02a4e710e60458cf0f3c2bfefd9f6c824305365afb9906cf0daa32af4286
Instruction Fuzzy Hash: B6D1CFB1648344DFD710CF14E841B9FBBE0AB95348F14592DF999AB382D375E908CB82

Function 00E6D4F3 Relevance: 2.8, Strings: 2, Instructions: 295COMMON

Download Yara Rule

Strings

V], xrefs: 00E6D6E4
Fm, xrefs: 00E6D6DD

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: Fm$V]
API String ID: 0-2730126902
Opcode ID: df56eea14ce3aee52f87f68335199a6993abff05006f0904a7e431fa23b612be
Instruction ID: e29092795b46b69c8ba1beba933fc50e6d02fe896a29b7026bc3f8f2ffece731
Opcode Fuzzy Hash: df56eea14ce3aee52f87f68335199a6993abff05006f0904a7e431fa23b612be
Instruction Fuzzy Hash: CD9105B66997408FD325CF2AD880656BFA2EFD631872D869CC0955F716C336E807CB50

Function 00F6B47D Relevance: 2.7, Strings: 2, Instructions: 189COMMON

Download Yara Rule

Strings

d8I;, xrefs: 00F6B5EB
+, xrefs: 00F6B543

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: +$d8I;
API String ID: 0-3865318534
Opcode ID: 4dd1d1feefb1d20b35e9b532f67380c1ee0e1150964168dee74759ffe9842d83
Instruction ID: 7a3095f2d980b6c7a3f837cbe62236b0c1a4ec382e94f35c054f5927f3ca957c
Opcode Fuzzy Hash: 4dd1d1feefb1d20b35e9b532f67380c1ee0e1150964168dee74759ffe9842d83
Instruction Fuzzy Hash: D45185B3F6112147F3984D79CC583A27683DB81324F2F827C8E49AB7C4D97EAC0A5284

Function 00FAC4F4 Relevance: 1.8, Strings: 1, Instructions: 530COMMON

Download Yara Rule

Strings

;f, xrefs: 00FAC981

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: ;f
API String ID: 0-4261599074
Opcode ID: 07cc1855067e67a5a928b94cc50c56bc8395e774495cb3aea56e41120f325ed9
Instruction ID: eb3aa515b9e38d52370b4f126429187e3aeba07d0ebac410ff9b0fd5f830bcc0
Opcode Fuzzy Hash: 07cc1855067e67a5a928b94cc50c56bc8395e774495cb3aea56e41120f325ed9
Instruction Fuzzy Hash: 8502F0F3E142204BF3585D39DC99366B692EB90320F2F823D9E98A77C5E97E9C054385

Function 00F7049E Relevance: 1.8, Strings: 1, Instructions: 527COMMON

Download Yara Rule

Strings

UThV, xrefs: 00F70999

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: UThV
API String ID: 0-2567877518
Opcode ID: 75d2be33a9d7ce4eb1ccf30df0c667002a83ab8a419a192c9358ce29ba3af69e
Instruction ID: da95596b55f232cabfde0cb8b2e5550e21e4cdf8630f3c1ac2a6ff0400d1a225
Opcode Fuzzy Hash: 75d2be33a9d7ce4eb1ccf30df0c667002a83ab8a419a192c9358ce29ba3af69e
Instruction Fuzzy Hash: 4102CFF3F156204BF3544928CD483A6B696DBD4320F2F863C9E88A77C4E97E9C459385

Function 00F17016 Relevance: 1.7, Strings: 1, Instructions: 474COMMON

Download Yara Rule

Strings

~~<W, xrefs: 00F17652

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: ~~<W
API String ID: 0-1916268609
Opcode ID: f04e35de523f976b3e80709faff599b0560b0a301fc1833991ed4cd60689d0dd
Instruction ID: 6ca32bfa32434d2901f8eba83af3c59e246aabd2c281ce02597b01d0e749f13f
Opcode Fuzzy Hash: f04e35de523f976b3e80709faff599b0560b0a301fc1833991ed4cd60689d0dd
Instruction Fuzzy Hash: F0E1E1B3F142254BF3544969DC983A6B692DBD4324F2F4238DE88A77C5D87E9C0A43C4

Function 00EE8194 Relevance: 1.7, Strings: 1, Instructions: 472COMMON

Download Yara Rule

Strings

\T&}, xrefs: 00EE84C5

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: \T&}
API String ID: 0-641755087
Opcode ID: cc15087d0bf7c70881526c6f1561403dfbe05f6eafdde3de9ea1bf5c5a9586a1
Instruction ID: 8a72e194c69925cba10e7b2653a86fedee1e6ebe70836abe29e291369909641b
Opcode Fuzzy Hash: cc15087d0bf7c70881526c6f1561403dfbe05f6eafdde3de9ea1bf5c5a9586a1
Instruction Fuzzy Hash: 52E1CEF3F156244BF7584938DC983767692DB94320F2F823C9A99AB7C4E93E9C094385

Function 00E8D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 00E8D2A4

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 3f97d10be25e640608824a220e6cc252e0c78b6defb7358f48631ec813fdadb1
Instruction ID: d7e451a5481b30a1d4bed6c2672f11cad44d4a1b384cabb385eb6ea697ad8c78
Opcode Fuzzy Hash: 3f97d10be25e640608824a220e6cc252e0c78b6defb7358f48631ec813fdadb1
Instruction Fuzzy Hash: 3241E4702083819BE3159F34CDA0F62BFE0EF57318F28969CE5DA5B3A3D72598468751

Function 00E8D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

><+, xrefs: 00E8D353

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: ><+
API String ID: 0-2918635699
Opcode ID: 49b6d1440135eb5ec155ba2699ef9652e1513b3d3d235fde7bd7060f120c1c8f
Instruction ID: 7ee79f084498d4f94fb73f249bd16b0f34306397a41b4e4b11f3e0954e5f9c33
Opcode Fuzzy Hash: 49b6d1440135eb5ec155ba2699ef9652e1513b3d3d235fde7bd7060f120c1c8f
Instruction Fuzzy Hash: 2EC113756047418FD725CF2AC490762FBE2BF9A314B28959EC4DE9B792C735E802CB50

Function 00E8B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 00E8B458

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction ID: edcf396d095128d37313d7c3df502564944e8c01614f903377bd7c6682269290
Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction Fuzzy Hash: 4AC14AB2A083045FD725AF24C49076BB7D6AF85314F1C992DE49DAB392E734EC44C792

Function 00ECC277 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

Rhz, xrefs: 00ECC7E2

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: Rhz
API String ID: 0-4167275591
Opcode ID: 9e227755dbebbcb99b4f296cc7055184dd5a28dac6e4d55f78f92f68fcb03afa
Instruction ID: df6a4d1eca1dd720b7e6e5cf836838e9be8e226626f69cecd6a7c7bfb78bf727
Opcode Fuzzy Hash: 9e227755dbebbcb99b4f296cc7055184dd5a28dac6e4d55f78f92f68fcb03afa
Instruction Fuzzy Hash: D6D1D2F3E156158BF3445E28CC44366B692EBA0314F2B823CCF99A77C9E93E5C098785

Function 00EFE34E Relevance: 1.6, Strings: 1, Instructions: 362COMMON

Download Yara Rule

Strings

., xrefs: 00EFE45B

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 390ca2d0e0aa1be8192feca8833060bece72649a32492ca1b9e27f7b7d119047
Instruction ID: 4ea56713d218c59a120e64902da8b12319f017b5927b125c27ea6fa8b5bf7e39
Opcode Fuzzy Hash: 390ca2d0e0aa1be8192feca8833060bece72649a32492ca1b9e27f7b7d119047
Instruction Fuzzy Hash: C4C1ACB3F6152547F7584938CD683A22583DBD0320F2F82798F5AAB7C9DC7E5D0A4284

Function 00F4204E Relevance: 1.6, Strings: 1, Instructions: 350COMMON

Download Yara Rule

Strings

%n,~, xrefs: 00F4204E

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: %n,~
API String ID: 0-2053984687
Opcode ID: 1110e77d05cb9e0291aab801cec7977f316946be8aa36d653a991201ec1c335e
Instruction ID: fc5c9147aa8bf6fe75770a007d845d5efea875a12e279385257eba178d5d3ea0
Opcode Fuzzy Hash: 1110e77d05cb9e0291aab801cec7977f316946be8aa36d653a991201ec1c335e
Instruction Fuzzy Hash: 00C1BCB3F2152547F3844939CD583A26683E7D5320F2F82388A6DAB7C9DD7E9D0A5384

Function 00F412A9 Relevance: 1.6, Strings: 1, Instructions: 323COMMON

Download Yara Rule

Strings

&, xrefs: 00F413CE

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: e436d69a3fa9eaae482f93ae56a3a6af52248f098237eb2b19682ee1debc531d
Instruction ID: 6634d3643f0ebea4c6553287875e5d6f540ffe86fe8b022c5be616b3244f627a
Opcode Fuzzy Hash: e436d69a3fa9eaae482f93ae56a3a6af52248f098237eb2b19682ee1debc531d
Instruction Fuzzy Hash: C8B167F7F125214BF3884829CD58362668397A5325F2F82388E5D6BBCADC7E5D0A5384

Function 00F60151 Relevance: 1.6, Strings: 1, Instructions: 313COMMON

Download Yara Rule

Strings

,b|v, xrefs: 00F604D7

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: ,b|v
API String ID: 0-3122606631
Opcode ID: 636c84f8fea9be51c675159dee03333f88794c8e1b6a974b3eb825cc6ad41e6d
Instruction ID: 3cefe3db1d22ed1e7d76ff3ad71c87ef13c7e7e94ba30aaee83a316c9aa0b4eb
Opcode Fuzzy Hash: 636c84f8fea9be51c675159dee03333f88794c8e1b6a974b3eb825cc6ad41e6d
Instruction Fuzzy Hash: EAB19AB3F1162547F3544838DC983A266839BD5324F3F82788E6C6B7C6E87E5D0A5388

Function 00F853BC Relevance: 1.5, Strings: 1, Instructions: 289COMMON

Download Yara Rule

Strings

G(s, xrefs: 00F85538

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: G(s
API String ID: 0-2321016706
Opcode ID: 28decaa42e2e8787b96089da0e5d48f9910d61dec76139f375f73e250d150385
Instruction ID: 8490dbddf85629e900504af0c175645b993a96a9c273f79e208752ea781f896f
Opcode Fuzzy Hash: 28decaa42e2e8787b96089da0e5d48f9910d61dec76139f375f73e250d150385
Instruction Fuzzy Hash: F2A18DB3F5122547F3544978CC983A276839BD4324F2F82788E9C9BBC9D97E9D0A5384

Function 00F764D6 Relevance: 1.5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

Strings

bk M, xrefs: 00F765F3

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: bk M
API String ID: 0-1761664474
Opcode ID: 457ba4d611579cf4e06ec91d8d22b2b6f8fe56269819fe2895502cee86de5f69
Instruction ID: ac5e8bf68397da75a11daff0fbac2bf36fd818f25a6114453fe4dd9a173be66b
Opcode Fuzzy Hash: 457ba4d611579cf4e06ec91d8d22b2b6f8fe56269819fe2895502cee86de5f69
Instruction Fuzzy Hash: EDA1AEB3F5122547F3544868DC983A23683DBD5324F2F82788E5C6BBC5D9BE6D0A5384

Function 00F610E3 Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

+, xrefs: 00F612F7

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: +
API String ID: 0-1006347533
Opcode ID: 0688d8553241244a9b718073463d9ec3f472f1c2f9ba23dfaa48da3c19483723
Instruction ID: f8bf72d76d497cf66e51fc4bd4800be1b4be544a7a9ea6cd574f536ddf3f7652
Opcode Fuzzy Hash: 0688d8553241244a9b718073463d9ec3f472f1c2f9ba23dfaa48da3c19483723
Instruction Fuzzy Hash: 08916AB3F5162547F3984838CC593A265839BE4321F2F82798E4DA7BC5ED7E5D0A1384

Function 00FAE4A8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON

Download Yara Rule

Strings

\, xrefs: 00FAE6E3

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: f9d1d546f5cbbb4a6ffbcf875c9aa8df8cdc1eeea85508a3ed2f104cc17a4b09
Instruction ID: d9b04ff86fa3b76811863a561b8b2339c95d26252f942141edc3a92af5f9aa5e
Opcode Fuzzy Hash: f9d1d546f5cbbb4a6ffbcf875c9aa8df8cdc1eeea85508a3ed2f104cc17a4b09
Instruction Fuzzy Hash: 1B917BB3F516254BF3484D68CC983A26643DBD5314F2F82388F49AB7C9E97E5C4A5384

Function 00EDF317 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

C , xrefs: 00EDF60C

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-3006245230
Opcode ID: e5e97e270aa130d3885384c6d08bb98925cbcd6ab3637b61b40be896f7fb4336
Instruction ID: f296c107e99aaaf2b8735b0bdef71307aed50466c2e558a288d599005f631974
Opcode Fuzzy Hash: e5e97e270aa130d3885384c6d08bb98925cbcd6ab3637b61b40be896f7fb4336
Instruction Fuzzy Hash: 68918BF3F515248BF3944939DC583A22683DBD5310F2F82788A49AB7C5EC7E5D0A9384

Function 00E87440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00E87465

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 84c4fa6c93d1fa30bf7c7d012d2639c7787d33fed3ea600b533b363348469a7d
Instruction ID: 78e084d0f3243ba9d63f00b5a831c6a19ccd7f19b4e7ca3969bd2fae5e53174e
Opcode Fuzzy Hash: 84c4fa6c93d1fa30bf7c7d012d2639c7787d33fed3ea600b533b363348469a7d
Instruction Fuzzy Hash: 117126B1A0C3005BD714AB68DC92B7B76E1EF85318F28A43CE4DEA7292F274DC059752

Function 00FB02D5 Relevance: 1.5, Strings: 1, Instructions: 258COMMON

Download Yara Rule

Strings

a, xrefs: 00FB03BD

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: 670f03e8e7a30d6407ac67b37587ee57a5db5aadd8e216199e7d244f019b9dfb
Instruction ID: 438f58263625b1c88dd51426967501e5f46d84eb859cf5b5f1d475967b2fb44f
Opcode Fuzzy Hash: 670f03e8e7a30d6407ac67b37587ee57a5db5aadd8e216199e7d244f019b9dfb
Instruction Fuzzy Hash: 219178B3F1212587F3940E25CC583A2B2839BD5324F3F82788A586B7C4D97E6D5A9784

Function 00F022D2 Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

h, xrefs: 00F023CE

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: b543eec23cee3d58703c892b80e1b8b697e8d4fbe338815c79bae0e7f382a0be
Instruction ID: 449c8c3a36d5b69ccc89d654fb1b9fc33f63a7ec3e5fec72bfc7928c227a350b
Opcode Fuzzy Hash: b543eec23cee3d58703c892b80e1b8b697e8d4fbe338815c79bae0e7f382a0be
Instruction Fuzzy Hash: D09199F7F5162647F3944874CC983A266839BE1315F2F82388E5C6BBCAD87E5D0A5384

Function 00E6D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00E6D455

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 67c18bb3bb3672be8421a47e26583c76b934e1f69e78957762c31e45ef6e8cca
Instruction ID: b5b052ebb7477a5a4569255df9d141fb4887759e744d49b453ea8e0b7f82e13e
Opcode Fuzzy Hash: 67c18bb3bb3672be8421a47e26583c76b934e1f69e78957762c31e45ef6e8cca
Instruction Fuzzy Hash: 87510470B893008FC724CF16ECD067677E1EB9A75879D982CD5A7A7622C231BC06CB51

Function 00E8C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 00E8C173

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: aed4614a81cdc1f67e70673038d8cdb4896fc6a7e7591ebf5c78c123d9ca1a17
Instruction ID: 59debc3403b9eec880d1e370613dd41a352520f0199fa97758cc208a0f43e89c
Opcode Fuzzy Hash: aed4614a81cdc1f67e70673038d8cdb4896fc6a7e7591ebf5c78c123d9ca1a17
Instruction Fuzzy Hash: E7513A21605B804BD729CB3A88513B7BBE3AFDB314B5C969DC4DBD7686CA3CE4068710

Function 00ECF23F Relevance: 1.5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

Strings

Vdc", xrefs: 00ECF34E

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: Vdc"
API String ID: 0-458003742
Opcode ID: 20abea0b0e1e49cc8c93f4df171fe3479f31310bfc091394dd5f854022927097
Instruction ID: fe8df933996577b79b5e78ecccc87462da4db4e561cc757660bc81ce0541e3ce
Opcode Fuzzy Hash: 20abea0b0e1e49cc8c93f4df171fe3479f31310bfc091394dd5f854022927097
Instruction Fuzzy Hash: AD818DF3E512248BF3904D28CD883627692DB95320F2F82788E5C6B7C9D93F6D099384

Function 00E8C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 00E8C173

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 287d78c2cecef288029b735e34888efea792f6509fdb04d4ffa35457dce7a216
Instruction ID: 81813b4f770e2fa2ab22b013a7f35e915f05330c5cc6284b45be40b6770e113e
Opcode Fuzzy Hash: 287d78c2cecef288029b735e34888efea792f6509fdb04d4ffa35457dce7a216
Instruction Fuzzy Hash: EC512C21615B804AD72ACB3A88503B37BE3AF9B314F5C969DC4DBD76D6CA3CD4068720

Function 00F84228 Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

$, xrefs: 00F84329

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 5555d0e0700d98f730d9ed1ae0128d5360c21b61bc721213148b1d1c7a7977ee
Instruction ID: 3b3eb4adf59feebf3106e7fc7b7fb6f7a393404235fedeff4d7c7be40fde4590
Opcode Fuzzy Hash: 5555d0e0700d98f730d9ed1ae0128d5360c21b61bc721213148b1d1c7a7977ee
Instruction Fuzzy Hash: B1717CF3F1152547F3944925CC583A26293DBA5314F2F82388F4DAB7C5D93E9D4A5384

Function 00E6F3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,, xrefs: 00E6F3E0

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 7ee2ce3186f9bad7a250770e76f02ea288319992fe8fff133704f348c5000672
Instruction ID: 8a7eb5b0077d82bbf743b4ae47a3dbf3bb15cb2fa18b57a52d20c3110810aa3b
Opcode Fuzzy Hash: 7ee2ce3186f9bad7a250770e76f02ea288319992fe8fff133704f348c5000672
Instruction Fuzzy Hash: A461193264C7908BC7109A3898513DFBBD1ABDA364F295B7ED9E5E73C2E6348901C742

Function 00EC7300 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

I, xrefs: 00EC744B

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 9dee78fcf57687ccf1c513129037bb04f00940f449769d8bd6ea3efc39df3449
Instruction ID: d4f941d269928df0d4a0a7201b2e6d576668868da776cf3ab88f262d43e6ff88
Opcode Fuzzy Hash: 9dee78fcf57687ccf1c513129037bb04f00940f449769d8bd6ea3efc39df3449
Instruction Fuzzy Hash: D6513AB3F1012547F7A84D38CC583627692AB95314F2F427C8E4DAB7C4D93E6D099788

Function 00EA1160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 00EA123B

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 7393b47e5393b96cfc8c617b19d84b7f7cd4fecaf99d6c2b84eef3dbfcbfa58b
Instruction ID: dda3771d67ff97db64c0a94d1747e8afcd01d150190fcc4694aa2cc622f1933c
Opcode Fuzzy Hash: 7393b47e5393b96cfc8c617b19d84b7f7cd4fecaf99d6c2b84eef3dbfcbfa58b
Instruction Fuzzy Hash: 0D4123B16093009BD7148F10CC55B7BBBE1FFDA358F09991CE5856B2A0E375A804C782

Function 00E8C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 00E8D9F4

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: e94484e0804c09280a0cb94cd04793b317a48919bee89cdc1dbb0fe5a8915ece
Instruction ID: 8433a62760dac1cf5c72892f051663da9ed2a2fb8870b23f8b37adf52ff355ed
Opcode Fuzzy Hash: e94484e0804c09280a0cb94cd04793b317a48919bee89cdc1dbb0fe5a8915ece
Instruction Fuzzy Hash: B44106711086928FD7268F39C850766BBF1FF97314B18A6D8C0EA9B296D734E845CB50

Function 00EB8140 Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

V, xrefs: 00EB91E5

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: fc5191014707aed202b944e3129373d5a421d6125a8e0d26d07444c660e154a8
Instruction ID: fa7f2986e73038d44d4c9596173e2af6096f619e56f3a93bea0201b77e5de7f9
Opcode Fuzzy Hash: fc5191014707aed202b944e3129373d5a421d6125a8e0d26d07444c660e154a8
Instruction Fuzzy Hash: CC51C2B150D30ADFD7149F2895481FFBBE8EF41310F21552EEA86E3A01E2764C50EB6A

Function 00EA0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 00EA03AD

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: c646db03490ca28362d81dd54584c62c8202604664d85210f3c9cf2d2ccb8851
Instruction ID: 13611fd8fe942a531a39b29ded6746742b0d0dfe437bb5060fec0fa3e21e2b7d
Opcode Fuzzy Hash: c646db03490ca28362d81dd54584c62c8202604664d85210f3c9cf2d2ccb8851
Instruction Fuzzy Hash: D631D1715083048FC714DF58D8D166FBBE4FBCA314F18992CE69997290D735A848CB52

Function 00E8E180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597a6ee36b6aedb10287e82e068309843c95722c1bf37784f6274da55855aff8
Instruction ID: 4d7726f286874a6ca2033ae30181cbab8065d64523f0e645dfb2a8bd601d96d3
Opcode Fuzzy Hash: 597a6ee36b6aedb10287e82e068309843c95722c1bf37784f6274da55855aff8
Instruction Fuzzy Hash: 276292F1511B019FC3A1CF2A8982793BBE9AB8E710F54591EE1ADE7311DB7079018F92

Function 00E673D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction ID: ab16a21b47810997b9125fb9fe7beca2382687e6ec2e625f4a95d9bc34e39236
Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction Fuzzy Hash: 4822E431A4C3118BD725DF18E8806ABB3E2FFC435DF19992DD9C6A7285D734A851CB82

Function 0101E39E Relevance: .6, Instructions: 588COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c69a1ca3a53496ece8f78b90b6b1bebe2e2ee7cff5018481fc85228576f52387
Instruction ID: 09786e7646bbe58731a181f7a64979e0a7bc0180166a98fd4ac37d94149dfc02
Opcode Fuzzy Hash: c69a1ca3a53496ece8f78b90b6b1bebe2e2ee7cff5018481fc85228576f52387
Instruction Fuzzy Hash: 4702F5B360C6009FE304AE2DEC8167AB7EAEFD4720F1A853DE6C5C3744EA3558158696

Function 00F1042A Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4daea60807e251782ffb0ce9ffd4fd2f30731c66ad627b4b558d428de8496f9
Instruction ID: e364b1a7c4c36388fd408f10c00f5eae9d7550423751fca51d500ec5c2b80734
Opcode Fuzzy Hash: b4daea60807e251782ffb0ce9ffd4fd2f30731c66ad627b4b558d428de8496f9
Instruction Fuzzy Hash: B102B0F3E146204BF3444E39DC89366B692EB94324F2B863C9E8CA77C4D97E5D0A4385

Function 00F93092 Relevance: .5, Instructions: 528COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a03c7bf3be0a96160e528d77313eaf67b9a466e812070d5f850939d850891daf
Instruction ID: e6cca14b1c97e7e6396eb40d6cbc3b700c1e38d6cce0e55f9459b5a3ea06380c
Opcode Fuzzy Hash: a03c7bf3be0a96160e528d77313eaf67b9a466e812070d5f850939d850891daf
Instruction Fuzzy Hash: AF02EEF3F502154BF3444D39DC88366B682EBD4324F2B823D9B89977C5E87E9D0A8284

Function 00F263FD Relevance: .5, Instructions: 490COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6becf55ca958e534e528147a5d17eaea02c5f6ab3137fd23d1a5bf431441fa2f
Instruction ID: 9adadb018869c50f8cb31db3e0051e0a0882f1229511012555f2bc204f7e00b3
Opcode Fuzzy Hash: 6becf55ca958e534e528147a5d17eaea02c5f6ab3137fd23d1a5bf431441fa2f
Instruction Fuzzy Hash: 91F1C0F3E106218BF3444939DC98366B696DB94320F2F46389E9CEB7C5E93E9D054384

Function 00F79343 Relevance: .5, Instructions: 490COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36e799655334ebb972a48810663a5474b3c4aeee8343794e564d6b260f951ea3
Instruction ID: f764e0c914895bff0367e13373360f157f5a0bf62169c022e1ab1a169bd47ee1
Opcode Fuzzy Hash: 36e799655334ebb972a48810663a5474b3c4aeee8343794e564d6b260f951ea3
Instruction Fuzzy Hash: 50F110F3E142148BF3545E29DC88366BBD6EB94320F2B463CDA98977C0D97E9C058785

Function 00EF43AB Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec6f8b89e15ba76378f51544eac8e111ffe21a066e12ec557de0f88c14b2313
Instruction ID: 5d5e4334e8ca6f58bed0483d38d235de3821da0b75ad7a1495b211949df8712f
Opcode Fuzzy Hash: cec6f8b89e15ba76378f51544eac8e111ffe21a066e12ec557de0f88c14b2313
Instruction Fuzzy Hash: 22F1BDF3E046204BF3445E29DC98366B6D2EB94324F2B823C9F99AB7C5D97E5C064385

Function 00F89147 Relevance: .5, Instructions: 465COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b5396532473a385a992c0fa885fb26cc70e6d99a858349e66c97bc6f6f0f843
Instruction ID: 0db084a3bd2a1024f9a1d195feebb4aeb558c1af74c7bab53e45d35eb60ca9c2
Opcode Fuzzy Hash: 7b5396532473a385a992c0fa885fb26cc70e6d99a858349e66c97bc6f6f0f843
Instruction Fuzzy Hash: 27E1F1F3F042144BF3484E39DD98366B687EBD4724F2E863D8A89977C4DD7E58098284

Function 00F9C400 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b256e406e8e3d4be51ed145c4149c28a045794e7c112715b38ac5b0619c5c5a
Instruction ID: bcd41781993fd9828a384603bc7eb45265174f1da7238c2432001d0a57db3a11
Opcode Fuzzy Hash: 3b256e406e8e3d4be51ed145c4149c28a045794e7c112715b38ac5b0619c5c5a
Instruction Fuzzy Hash: F5D1BEF3F156254BF3508939DC983667693DBD4324F2F86389A88AB7C5E87E9C094384

Function 00ED202F Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01b03c08dc804eb3ebc64a2bf854588b6fea2faf5af0f30689b6fdc3f3a7b8d
Instruction ID: 914e2888098925d2eb82c772392f73eda3c32795f815861f45d718ddb1307583
Opcode Fuzzy Hash: a01b03c08dc804eb3ebc64a2bf854588b6fea2faf5af0f30689b6fdc3f3a7b8d
Instruction Fuzzy Hash: 6DE19DB3F507160AFB5C0878DDE93B51986D7B5324E2E423E8BA75B3C2DCAE49468344

Function 00EC60CD Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e9c2bcbd0109bb7af010f3485cf130e7c54747b2e01dc91400de5d1ce1a2597
Instruction ID: 5a5f342ed1cf95d58f465b42fd39c0098122fc1387123cdee956ee942a8d8beb
Opcode Fuzzy Hash: 8e9c2bcbd0109bb7af010f3485cf130e7c54747b2e01dc91400de5d1ce1a2597
Instruction Fuzzy Hash: 86D1F2B3F042148BF3445E28DC99366B792EB94310F2B863CDE989B7C5D97E9C098785

Function 00F78337 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d18c83d166c818a971734013f8e9c9588a0fc63b81ec93376f32af3b6e8d974e
Instruction ID: 4db407412d66f91e4d5db8bee5ce5ab16323f267cd68bb441cff5360782db648
Opcode Fuzzy Hash: d18c83d166c818a971734013f8e9c9588a0fc63b81ec93376f32af3b6e8d974e
Instruction Fuzzy Hash: 4BC19EB3F506204BF3584939DD983A26983D7D9320F1F83388F59ABBC9D87E5D0A5284

Function 00F5C438 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 521b46885bb28b13bd6eef2d2498cb318a461c76ed33cd4e9e2724d503bb444a
Instruction ID: 1adcad80744b35324320b89d7b17282e2ff28b07868b7e476e05493ba18ae7e7
Opcode Fuzzy Hash: 521b46885bb28b13bd6eef2d2498cb318a461c76ed33cd4e9e2724d503bb444a
Instruction Fuzzy Hash: 8EC179F3F5162547F3584878CDA83A265839794324F2F82788F5DABBC5ECBE5C0A5284

Function 00ED7060 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 538559169c4a543bfa2e64b9d257f0107e365bafe72ea087e83bb61b91c0660c
Instruction ID: aa8e29161ef0fde03820b1e4ede0fe2a8ed1c6cf541b9620f4cd779377e3b005
Opcode Fuzzy Hash: 538559169c4a543bfa2e64b9d257f0107e365bafe72ea087e83bb61b91c0660c
Instruction Fuzzy Hash: C4C18BB3F1122647F3544979CD983A26683DB95314F2F82388F4CABBC9D8BE5D4A5384

Function 00F7D4A6 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 721dba0032c65055f2ca5d5fd0a85f838dc0c612821f24753ab3a42d18221278
Instruction ID: d20a44fdbe70eef755244b60c8051bc6d0bd670da23fc9031ca890003907196d
Opcode Fuzzy Hash: 721dba0032c65055f2ca5d5fd0a85f838dc0c612821f24753ab3a42d18221278
Instruction Fuzzy Hash: 78C15AB3E5022547F3944878CD9C3A26A929B94324F2F82388F5DABBC5D97E5D0A53C4

Function 00F004FA Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9704dd6a5b084d5010f8041d80ccd24973094127f3d296dca40e2017d94d6278
Instruction ID: cefb910753e8169e9b9e00db8ee3060c389a2652f39375fa60493a010a116bb8
Opcode Fuzzy Hash: 9704dd6a5b084d5010f8041d80ccd24973094127f3d296dca40e2017d94d6278
Instruction Fuzzy Hash: 13C17AB3F616254BF3944878CD983A266839BD4324F2F82788E5CAB7C5D87E5D0A53C4

Function 00EDB1CA Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 694ff29518afda7ddebaf7c1c8072cfb9d3c0a8e686be051e5347ecb75451ed3
Instruction ID: 7e625d82ca3732355337b2bbe4a57fd0fae26c82273c33dbf5d612938cb1c350
Opcode Fuzzy Hash: 694ff29518afda7ddebaf7c1c8072cfb9d3c0a8e686be051e5347ecb75451ed3
Instruction Fuzzy Hash: 70C193B3F5062547F3584D38CDA83A26682DB95320F2F827C8E59AB7C9EC7E5C095384

Function 00F4E0C8 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c7136a709030742f6c6b93554f546a215854ced4bdc1a9d74a2a5aa4f4786b
Instruction ID: 6e86ef1f7a7493f44491e8ac19eea2200bc33b4b6a0b632db5086b488f37ea9b
Opcode Fuzzy Hash: 13c7136a709030742f6c6b93554f546a215854ced4bdc1a9d74a2a5aa4f4786b
Instruction Fuzzy Hash: E6C1A9B3F5122547F3944929DC993A26683EBD4324F2F81388E4DAB7C5DC7EAC0A5384

Function 00F8A034 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a69a970b5259b9cacc9a8f6b4a3ff68f313862d176c6f54f386f04d719246b5
Instruction ID: 137b0851df721bbfe99f59d134ee034653c068c606a62124789c99d820b9944e
Opcode Fuzzy Hash: 2a69a970b5259b9cacc9a8f6b4a3ff68f313862d176c6f54f386f04d719246b5
Instruction Fuzzy Hash: C5C148F7E6153547F39449A8DC583A2658297A1324F2F82788F0C7BBC5D87E5D0A52C8

Function 00E7E220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 149b7382a78f9c31086434a91d2aa149daa4086532594428e9fd809bedeeb9d4
Instruction ID: 641bb64df6953cf1516c7c937fc3d41005319a94ca87e3051aea81107dcb942c
Opcode Fuzzy Hash: 149b7382a78f9c31086434a91d2aa149daa4086532594428e9fd809bedeeb9d4
Instruction Fuzzy Hash: 3BB1D7B5504301AFD7249F24CC41B5ABBE1AB98318F189A7DF498B73B1E7329D14CB52

Function 00F6C4A4 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a8ad02920da5662dd0cc20d298e8e9a1ee3306d78795086744a57e67777009
Instruction ID: 18936192cf4bf6fdbaaed1de1330d3feb2db6f82c4483cfdad1d5671ed41536d
Opcode Fuzzy Hash: a5a8ad02920da5662dd0cc20d298e8e9a1ee3306d78795086744a57e67777009
Instruction Fuzzy Hash: A0B1ACB3F5122547F3584929CCA83A2A683DBD4320F2F82388E5D6B7C5D97E5C0A53C4

Function 00ED62F0 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c25011640ffe440cd3d31e0234c313a7b47f2f941d6b671a18ec51eb1b2801d
Instruction ID: 7dea5023a6cd136097bd9e25fa0c4afbd494875f92ed4fe078de72dc92320ec0
Opcode Fuzzy Hash: 9c25011640ffe440cd3d31e0234c313a7b47f2f941d6b671a18ec51eb1b2801d
Instruction Fuzzy Hash: 9AB19EF7F5162547F3540838CDA83A266839795324F2F82788F6DAB7C6D87E9C0A5384

Function 00F0E227 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0dcd496a52207652153a281f964f011d2cb05b5c25b210ff951890c47036abc
Instruction ID: 7a45942a36e7859839d8adc89ce1601e33762941fa64fb2cb76ab6459f7263ec
Opcode Fuzzy Hash: e0dcd496a52207652153a281f964f011d2cb05b5c25b210ff951890c47036abc
Instruction Fuzzy Hash: 1BB168F3E1152547F3984929CC593A27683EBA4324F2F81388F4DAB7C5E97E9D0A5384

Function 00EF9131 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20e3b4bbeb34054ba9dc716c44601cda792bff0220c02387d0665af307ed72f8
Instruction ID: 04986a019b81454f2ad8a8069c37ef04579d9c3d8a22898d7f74459977bd09dd
Opcode Fuzzy Hash: 20e3b4bbeb34054ba9dc716c44601cda792bff0220c02387d0665af307ed72f8
Instruction Fuzzy Hash: 3EB167B3F116354BF3544968CC583A266839BE5324F2F82788E4C6B7C5E8BE5D4A53C4

Function 00F94369 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ff21ab6bc63f46c72fcd603bfe1def9e4fe01a24d239247f085e7b22b1b0ed6
Instruction ID: 980db77f9bd853be1233adada81addc188a6cc58f35704ace9a4560eed9101fe
Opcode Fuzzy Hash: 0ff21ab6bc63f46c72fcd603bfe1def9e4fe01a24d239247f085e7b22b1b0ed6
Instruction Fuzzy Hash: C3B19EF3F5162547F3484829CD983626283D7E5324F2F82798F096BBC9D87E9D0A5384

Function 00F0406A Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82816568c85275404986c2dd6909f45ffaa9180ba0021bb82a851edfe98ae501
Instruction ID: dea3b12fb104fedac9ef387dd6d777b1ff6692e8bdedc6f4efcc4d4824bb9945
Opcode Fuzzy Hash: 82816568c85275404986c2dd6909f45ffaa9180ba0021bb82a851edfe98ae501
Instruction Fuzzy Hash: 2BB189F3F111258BF3444938CD683A266939BD5324F2F82788F5C6BBC9D97E5C0A9284

Function 00ECA25B Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89936205dcfd8cc9775f6d15d71578fd20228fb13e123b9d855136b9bada29a1
Instruction ID: 792b019d2849fc4a7ea71e48ab7c2941a1ae69ec2d15d1a10548b0ddf9b2a109
Opcode Fuzzy Hash: 89936205dcfd8cc9775f6d15d71578fd20228fb13e123b9d855136b9bada29a1
Instruction Fuzzy Hash: 0CB18DF7F516244BF3548868DC983A26583D7E4325F2F82788F5CAB7C6E87E5D0A4284

Function 00F55164 Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af7c194fb623c267c869d2712b116f082a80abffb48d282e904c67ca529ae597
Instruction ID: bae37a684a8dae0a00dc2b194307e248ff05b2296e744b4435abb5bcb3421d5d
Opcode Fuzzy Hash: af7c194fb623c267c869d2712b116f082a80abffb48d282e904c67ca529ae597
Instruction Fuzzy Hash: 71B168B3F111244BF3984939CC68362A683DB95315F2F82788F4DAB7C9E87E5D094384

Function 00FA813A Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64f4d0c776e6c3b9725b5250520974248282ed4d377a578c2cb46ce7d130ef81
Instruction ID: 878824314dfb55b1870ea12f5f7c6e09a5347aa395c1ce3de71b9ae7dc8481d1
Opcode Fuzzy Hash: 64f4d0c776e6c3b9725b5250520974248282ed4d377a578c2cb46ce7d130ef81
Instruction Fuzzy Hash: B4B18AF3F5162547F3580928CD983A1A682DBA5320F2F827C8F4DAB7C5E97E9C095384

Function 00EDA3EB Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a26897ab5214ed0c588a3a31b2f9489e73958b5d59dcd5b680da63907fbdc08
Instruction ID: baf74b311bf7b281a2b4f4d59a9cb5374b0c400243f98b341fce8e3f9b23f3ce
Opcode Fuzzy Hash: 7a26897ab5214ed0c588a3a31b2f9489e73958b5d59dcd5b680da63907fbdc08
Instruction Fuzzy Hash: 7EB177F7E5163547F39408B8CD98362658297A5324F2F82788F6C7B7C5E8AE5D0942C4

Function 00EC85EB Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e633ab50808b601b480f1cde16b8750df9e5f7ccbd18e6e6e82bc1e4eca97f45
Instruction ID: 02815e27072f0246989929c66a28e059e8f2a5219f246e9e346b3ef733c8b217
Opcode Fuzzy Hash: e633ab50808b601b480f1cde16b8750df9e5f7ccbd18e6e6e82bc1e4eca97f45
Instruction Fuzzy Hash: 18B18CB3F511244BF3544D29DD483A266939BD5320F2F82788E5C6BBC9EC7E6D0A5384

Function 00F6D0DF Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7af58d588d554c7331a3477449872b2cc495078cbaa7b546e78c1be51543aa5
Instruction ID: d29ba9280c027336571b1aba9d9dc384b37c857c55decf715e56587c52285a83
Opcode Fuzzy Hash: a7af58d588d554c7331a3477449872b2cc495078cbaa7b546e78c1be51543aa5
Instruction Fuzzy Hash: C3B18BB3F5062447F7584878CCA93A665829794324F2F827C8F6DAB7C5D8BE9D0943C4

Function 00EDC3AE Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 564e980c72bae3ce1969a9a408f7ddefea2ba1629d8578c4cd580e50b7a24914
Instruction ID: 19c5ecdeb9375f8d5433988ee6ad9118882cc95497e471715498d18084b5404b
Opcode Fuzzy Hash: 564e980c72bae3ce1969a9a408f7ddefea2ba1629d8578c4cd580e50b7a24914
Instruction Fuzzy Hash: E5B144F7E1162547F3944879CD88362A6839BE4324F2F82388F5C6B7C5E87E5D0A42C8

Function 00EE54AC Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03f4c7f0d4d354b509c5ea0c894de3503d1d2198c5e6d612a7955d33fdb9db4e
Instruction ID: 715bb57f78ce6d44bbaed0934a7486df9be0da3c21420d8ecf627647d8134070
Opcode Fuzzy Hash: 03f4c7f0d4d354b509c5ea0c894de3503d1d2198c5e6d612a7955d33fdb9db4e
Instruction Fuzzy Hash: 02B189F3F6162547F3940868DD983A2668397D5324F2F82788F1CBB7C5D87E9D0A5284

Function 00F8049C Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fbe72bd49dc21f463da8cca0f71236ef5694af744e3a34a63457bc9fb19894e
Instruction ID: f550a0f410c79ffdda1e3c35e8c18a2382f34bfda225fe9d4e5bfe01293cdde6
Opcode Fuzzy Hash: 3fbe72bd49dc21f463da8cca0f71236ef5694af744e3a34a63457bc9fb19894e
Instruction Fuzzy Hash: 44B147F3F515244BF3984829CD583A2668397E4320F2F82788B9D6B7C5DD7E5D0A5388

Function 00FB1014 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 209a7c65e1c21d000f9f16326a0f44d65aa81f69ee02508cf406e4f8176f7f9f
Instruction ID: eee3a815e5a22ced8a0d6af6400d6340db3e3751e607ccb29af8d09ee82713a8
Opcode Fuzzy Hash: 209a7c65e1c21d000f9f16326a0f44d65aa81f69ee02508cf406e4f8176f7f9f
Instruction Fuzzy Hash: 10B18CB3F2162547F3984938CDA83A26582DB94324F2F827C8F5DAB7C5D87E5D0A5384

Function 00F500E9 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1525c53fa1a52dff03f9c1d883d803d2ff08a66fe881f0a1f065a35a6aeb58bc
Instruction ID: 61e21d0215eab8c272d2f4d19a879548604a0bdff233891bef54882d527f2ddd
Opcode Fuzzy Hash: 1525c53fa1a52dff03f9c1d883d803d2ff08a66fe881f0a1f065a35a6aeb58bc
Instruction Fuzzy Hash: 52B18BB3F516214BF3948969DD983626683DBD4310F2F82388F4C6B7C9D97E9D0A9384

Function 00F40325 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 205b2f365cc62659337e74724983ea573b59e290ab6f125fb383b662c75704ff
Instruction ID: 332704ad93610045517b3fc745a2d72c0513b8ba80f1f8fa3814efb298d8cf07
Opcode Fuzzy Hash: 205b2f365cc62659337e74724983ea573b59e290ab6f125fb383b662c75704ff
Instruction Fuzzy Hash: 6AB166F3F5022547F3584838DD693A2668397A5324F2F82388E5DAB7C5EC7E9D0A5384

Function 00F320D6 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43230e9b41d54c8738d2a0ed352f37b416734e0a53160a04600dd3f7f2a0420b
Instruction ID: 02ce3c0c28277fcbc0b2785f4542283336b5c832882031aa325f0f787e60a16b
Opcode Fuzzy Hash: 43230e9b41d54c8738d2a0ed352f37b416734e0a53160a04600dd3f7f2a0420b
Instruction Fuzzy Hash: 11B197B3F111254BF3984929CD583A27683DBD5310F2F817C8B49ABBC9D97E6C0A5384

Function 00F5601D Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bb4e67b884659f809017ebe317fce3663d381c4cc219332a24e07875ae13e2c
Instruction ID: 3fb299ad1005f47b1b0f84564e8f0241297d4cea54b83546f9115674810c717c
Opcode Fuzzy Hash: 6bb4e67b884659f809017ebe317fce3663d381c4cc219332a24e07875ae13e2c
Instruction Fuzzy Hash: 69A16AF3F116254BF3544879CD9836666839BD5324F2F82788F1CABBC9E87E5D0A4284

Function 00F9D259 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e142bf4f08a65cd234c537980ea41a6c8b11ecbf7cdbabe1ed1c0357b861b91
Instruction ID: 47f69f043aa94a2495d4de65124983507fb9ca0cfb2eb9d93962c287cfc335c0
Opcode Fuzzy Hash: 3e142bf4f08a65cd234c537980ea41a6c8b11ecbf7cdbabe1ed1c0357b861b91
Instruction Fuzzy Hash: E9B17BB7F215258BF3544D28CC583A27653DB95324F2F82788E4CAB7C5E93E9D0A9384

Function 00F59473 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27dc8dcf325ae7ebfeaa96eb81fd460837df5e7222b8fa520e550d1533c2f913
Instruction ID: 825d94c956237c742114035f27791e54009fd3431e3d507276eeae22e6bf6f22
Opcode Fuzzy Hash: 27dc8dcf325ae7ebfeaa96eb81fd460837df5e7222b8fa520e550d1533c2f913
Instruction Fuzzy Hash: 92B17BF7F5162547F3544938CC883A22583DB95324F2F82388F58ABBC9D87E9D0A5384

Function 00F360D4 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3228c1589f8e1d2f9b8d3d98aff70784a8fc939d176cf3030d34caad0a38b5d0
Instruction ID: c81cbaaf91c331f6787e9f52a5cb49c256a582efe04d275e924a525f03f0bd57
Opcode Fuzzy Hash: 3228c1589f8e1d2f9b8d3d98aff70784a8fc939d176cf3030d34caad0a38b5d0
Instruction Fuzzy Hash: 24B179F3F5162547F3484979CC983A265839795320F2F82788E2CAB7C6DCBE5D4A5384

Function 00F521D2 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 134eaa9eeb38e7d24e3b47b3789db36d11e2bb13aa5dff7d28a94dc96f36736a
Instruction ID: e8ccc75e805e1e12e86e78ed1d0457d7ce6bca8356400b389a8bd5a3e52e1c4c
Opcode Fuzzy Hash: 134eaa9eeb38e7d24e3b47b3789db36d11e2bb13aa5dff7d28a94dc96f36736a
Instruction Fuzzy Hash: AEB19BB3F2152547F3944D24CC983A27653EB95314F2F82788E4C6B7C9E97E6D0AA384

Function 00F971D1 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f907240f5ef192a04d31bd3d559ad32ebf9d3045e26c4ff7f2412210eda302ff
Instruction ID: e207ed17fdd1f604ee92c35d969cd00a8260c85b488ee6ec887f762d3919bbbd
Opcode Fuzzy Hash: f907240f5ef192a04d31bd3d559ad32ebf9d3045e26c4ff7f2412210eda302ff
Instruction Fuzzy Hash: A4B18AB3F1112547F3944928CC593A27683EB95324F2F82388E5CABBC5ED7E9D0A5384

Function 00F9A211 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a07b8a80c519f346aee432165cdf91e36f553a526d168e7adc491e5fcb84356
Instruction ID: f2713dbbba2964dffc7e18269b3905f10d65eb560872d1c935df620201751ac6
Opcode Fuzzy Hash: 9a07b8a80c519f346aee432165cdf91e36f553a526d168e7adc491e5fcb84356
Instruction Fuzzy Hash: 54B16AB3F1162547F3444D29CD983A27683EB95314F2F82788E486B7C9E97EAD0A5384

Function 00F7748F Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abb3e00716460574cced84f0fa1a09b1aaa091c0de0159a53921cd96455f68a
Instruction ID: ff525df1b5aba116ce39ac9a94b4b0e21e942606a6ab81a609e62f0ce0e6645c
Opcode Fuzzy Hash: 6abb3e00716460574cced84f0fa1a09b1aaa091c0de0159a53921cd96455f68a
Instruction Fuzzy Hash: 72B169F7F6162547F3840928CC983A26643DB95314F2F82788F5CAB7C5D8BE9D4A5384

Function 00ED436A Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb17b00605ac63f5fb3b62746f16352ca81c1d93c23cd7df07483405a65e5337
Instruction ID: 08e980e5adff9915a305822abc8db55896182c2e2c53396d60f3429f1f883585
Opcode Fuzzy Hash: eb17b00605ac63f5fb3b62746f16352ca81c1d93c23cd7df07483405a65e5337
Instruction Fuzzy Hash: CCB14BB3F102244BF3644D39CC993627693EB95324F2F82788E59AB7C9D97E5D0A4384

Function 00F505F7 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad1426301300584a36e44726ce2df314f89cb2227a794fa7e2fa92068924110
Instruction ID: e628417bf1df38443fdd82b58a6897b366603b1c940a6ed094ba990d7144267b
Opcode Fuzzy Hash: 3ad1426301300584a36e44726ce2df314f89cb2227a794fa7e2fa92068924110
Instruction Fuzzy Hash: D9A18BB3F512254BF3544D29DC983A27683DBD4324F2F81788E48AB7C9D97EAD0A5384

Function 00E66160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: 0425cf03e686fa747cb257e9272652fa045bf3b4946edaa416a09e981203b343
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: 84C17EB2A587418FC330CF28DC86BABB7E1BF85358F08492DD1D9D6242E778A155CB45

Function 00F860A3 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd9f7d01a6818ca1f12c5d46759092b6b6b743448bfa9c6360bd275d36e87f3
Instruction ID: c8fc73481773161696e5a000c5f0d5e25e44285f6d937f5cfaccf3fc69e4b029
Opcode Fuzzy Hash: 9fd9f7d01a6818ca1f12c5d46759092b6b6b743448bfa9c6360bd275d36e87f3
Instruction Fuzzy Hash: B6A169F3F1112547F3544D68CC983A27682DBA5320F2F42788E5CAB7C5E97EAD095384

Function 00F3B38D Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 762e16675b7786331895fa5f436dcfbc81548ec04cc56193b725d716d64795ed
Instruction ID: 7b6fc39f10b63a155d360ada48e30c03f709318063d4248489cb6cff5054b0ff
Opcode Fuzzy Hash: 762e16675b7786331895fa5f436dcfbc81548ec04cc56193b725d716d64795ed
Instruction Fuzzy Hash: E3A18AB3F5152547F3884839CD5936266839BE4324F2F82798F5CAB7C5EC7E5C0A5284

Function 00F054E1 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea036dd21963fed213e4e06f7ee64151ef0c13d94ce8f39d6e2e50922f7a30dc
Instruction ID: c6a86fea2970ac2d13fb76bdf8314b2887c9a96966b2bce6799111b65220b0f4
Opcode Fuzzy Hash: ea036dd21963fed213e4e06f7ee64151ef0c13d94ce8f39d6e2e50922f7a30dc
Instruction Fuzzy Hash: 51A16AB3F512254BF3944879DD883A265839BD0325F2F82388F5CA7BC9EC7E5D0A4284

Function 00EEA0A0 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cf0bd818187d61f2291f6e84f5d8c995055f91332d14a98b5b53b38c470732c
Instruction ID: 196446fc8695262f40668d98a7c3324081213d413272ed437ca29981202b3ae0
Opcode Fuzzy Hash: 7cf0bd818187d61f2291f6e84f5d8c995055f91332d14a98b5b53b38c470732c
Instruction Fuzzy Hash: E1A17DF7F1162547F3484929CC683626683DBE5324F2F82788B1DAB7C5E87E9C0A5384

Function 00F151E6 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5054106aa3457e609770e4ceb62b852c2283d31e251dd0b4052a4018f5802c01
Instruction ID: 295ed92ba583909503a7c14b5494a416eb2ef6325fe7179d7986b984e1c0dbfa
Opcode Fuzzy Hash: 5054106aa3457e609770e4ceb62b852c2283d31e251dd0b4052a4018f5802c01
Instruction Fuzzy Hash: 46A18CF3F406208BF3584968DC983616683DBE5324F2F82788E5D9B7D6D87E6C0A4384

Function 00EC13D7 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7a29f5cfbddec781c7c4d1f7b5e6a8d839a16c35a581584da1e3dea98c26760
Instruction ID: 2df1b329f987d1498d67368d3e27f223c42910fee79850065b302944e97949d9
Opcode Fuzzy Hash: a7a29f5cfbddec781c7c4d1f7b5e6a8d839a16c35a581584da1e3dea98c26760
Instruction Fuzzy Hash: 75A187B3F5122547F3544928CD983A266839BE5320F3F82788E5C6BBC9DD7E6D0A5384

Function 00F350EF Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f6325fa2f5d3643b051e5444b29a3856aeb7ccc9713a216b1525795dd686776
Instruction ID: bc5ab71b844fa88acc6244dba7b0d59b30d608519a04fe47ab3edd98a081c043
Opcode Fuzzy Hash: 9f6325fa2f5d3643b051e5444b29a3856aeb7ccc9713a216b1525795dd686776
Instruction Fuzzy Hash: 37A1A8B3F5162007F3984979CD9C3A266839B91320F2F82788E5CABBC5D8BE5D0953C4

Function 00F43159 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5afcfb0dacb44201e040c802bbcdea19dec4c7717cd89adfb90113a681beb8
Instruction ID: a9a5d1bf3a8a0667ab7422a3c212a909fdb7f8e00b0b77d3911fcc12511cd1a2
Opcode Fuzzy Hash: 6f5afcfb0dacb44201e040c802bbcdea19dec4c7717cd89adfb90113a681beb8
Instruction Fuzzy Hash: 48A17CB3F516254BF3444D29DC983A27653EBD5311F2F82788E18AB7C5D93EAC0A6384

Function 00F0507E Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e1123ee0179da1f19b5ab6bf622778e179279a85836f805d44bbc4f750106eb
Instruction ID: dbc99c46e0602a091e7e24d58e272931a94c773a5d1ab70dbf30be1d3d6cec07
Opcode Fuzzy Hash: 3e1123ee0179da1f19b5ab6bf622778e179279a85836f805d44bbc4f750106eb
Instruction Fuzzy Hash: 6CA1AFB3F512254BF3884D78CD983A27692DB94310F2F82388F59AB7C5E97E6D095384

Function 00F25129 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4591042942016a121a25cc156dd90464d03d62e7c9585a58587d9492aaff8daa
Instruction ID: ee3f506c9fe4d6d24c9a7d556a7c54a09425f3718bfb9cd382b5e763ce3a38d5
Opcode Fuzzy Hash: 4591042942016a121a25cc156dd90464d03d62e7c9585a58587d9492aaff8daa
Instruction Fuzzy Hash: 5AA1ABF3F502244BF3440978CDA83A676929B95324F2F82788F5DABBC5D87E5D0A4384

Function 00F8C166 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd9e11aaf539d05af40961bb2a84a4806b6c3bcdd246edfc522db9c68c7e17a
Instruction ID: 9aeb76915c119782df21a1dc4ca0d5a2975c1765e1caf90bf86dd077fa3b93c6
Opcode Fuzzy Hash: 9fd9e11aaf539d05af40961bb2a84a4806b6c3bcdd246edfc522db9c68c7e17a
Instruction Fuzzy Hash: 40A17BF3F516254BF39448B8DD9835269829795321F2F82788F5CAB7C6DCBE8C0912C4

Function 00F485F7 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c82ed7e44d174ac8fd7219c5ace308fa825c2ca1b8c7c4a86c22fb4a9b94a1d9
Instruction ID: 4b73168f48bbfd2ea1d89d8eef6611034713127b6f5f46302e68a574a8cd17fc
Opcode Fuzzy Hash: c82ed7e44d174ac8fd7219c5ace308fa825c2ca1b8c7c4a86c22fb4a9b94a1d9
Instruction Fuzzy Hash: 96A1ABF7F116254BF3444928CC983A276839BA5314F2F82388E5DAB7C5ECBE5C0A5384

Function 00F180D0 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0cbc50f8c3bdecec930ec41be292424d600adb8091272cac67304813f9a2245
Instruction ID: 3c2c732368734fba0ca0649fb0a0dd98acc6358f1f02b5b5fa0524753c7cf39b
Opcode Fuzzy Hash: a0cbc50f8c3bdecec930ec41be292424d600adb8091272cac67304813f9a2245
Instruction Fuzzy Hash: D6A16BB3F101244BF3984D79CD693627692DB95320F2B82388E5DAB7C8DD7EAD095384

Function 00F1E247 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4668d424775e4672f721c1935d792c6d404c60c4e17a4f9af37931a3806fa1
Instruction ID: ccfcf48f3aaee57ea032a6cd1fe692886f21fdc4ee0725499d2f606a0e28e745
Opcode Fuzzy Hash: 2c4668d424775e4672f721c1935d792c6d404c60c4e17a4f9af37931a3806fa1
Instruction Fuzzy Hash: 59A1ACF3F5022547F3540D28CC993A27682DB95324F2F82798F59AB7C5E97EAC095384

Function 00ED0294 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c7ef9a665b687aafe93fbd7fc9e84b7febca582e45215afd6070321686fb8f2
Instruction ID: c4023d75fc1223a6e171dbc7c9da423b567a81d1dcf32fb793844ed129a2c81d
Opcode Fuzzy Hash: 8c7ef9a665b687aafe93fbd7fc9e84b7febca582e45215afd6070321686fb8f2
Instruction Fuzzy Hash: EFA1AEB3E1112547F3944D38CD583A2B6839B94324F2F82798E5C6BBC9ED7E5D0A9384

Function 00F373E4 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8f802eeb5b5621b31fc8867451fd80ca4a8e78a6e5fb0aa08b261ec13deaa73
Instruction ID: ed6f22aa99f2e9bba933b93e78e1385354e0c1ae36231d0a0544f901e4ac3dd8
Opcode Fuzzy Hash: c8f802eeb5b5621b31fc8867451fd80ca4a8e78a6e5fb0aa08b261ec13deaa73
Instruction Fuzzy Hash: 4AA1ACB3F1122547F3440928DCA83A27283DBE5324F2F41788E599B7D6E97EAD0A5384

Function 00F8346B Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 774d40d82cc26cc64287828f96d265fda6822fa87d34f6ab51c566c8f69221ba
Instruction ID: e86141beeb5543818cc1509cb341f10be8d198dea1db4cfbdf97e63daeb8d0d2
Opcode Fuzzy Hash: 774d40d82cc26cc64287828f96d265fda6822fa87d34f6ab51c566c8f69221ba
Instruction Fuzzy Hash: 21A179F3F1112547F3544839CD683A266839BE5324F2F82388F5DAB7C5E97E9D0A5284

Function 00F5D2B8 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baae87efeeceff3d4960b8e93609009e7be08483d859092dedce4e3925189b13
Instruction ID: 3265d8684b3cc7999ff109eac0195186989b241bf463b60497c504f6113d10f7
Opcode Fuzzy Hash: baae87efeeceff3d4960b8e93609009e7be08483d859092dedce4e3925189b13
Instruction Fuzzy Hash: 71919AF3F5062547F7984878CC983A26682D794324F2F82388F4DAB7C5E87E5D0A5388

Function 00ED90FB Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ba73072b44ac636a53a22ce5c3d0a672966558e5be52cb8315637b8a23cecad
Instruction ID: 80858984ee389a3b635b2f19660e54b84bb0e66a76635eb15c4e12234447452f
Opcode Fuzzy Hash: 8ba73072b44ac636a53a22ce5c3d0a672966558e5be52cb8315637b8a23cecad
Instruction Fuzzy Hash: A8A17FB3F1121547F3844D29CC983627653EBD5724F2F81388B486B7C9E97EAD0A5388

Function 00F33399 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935ffe4a5d054b385ba156546c6667436012b75945b4e44d3f4eee7432bdd56b
Instruction ID: dca878aa064d375abc6b370b6428d4063091258e360f377971d25446c9022d63
Opcode Fuzzy Hash: 935ffe4a5d054b385ba156546c6667436012b75945b4e44d3f4eee7432bdd56b
Instruction Fuzzy Hash: C0917EF3F512254BF3944969DC983626682DB95320F3F82388F4CAB7C1E9BE5D0A5384

Function 00F7A1CC Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554a0e8c823bf2e24dfce1139bc84bdb9c0f7cd9ca6144aa0fa16f4dd9c51cae
Instruction ID: f9a77d7df58c40f42d5805863f9327e23339f7ef8717bdb38c5bc8fc8f658331
Opcode Fuzzy Hash: 554a0e8c823bf2e24dfce1139bc84bdb9c0f7cd9ca6144aa0fa16f4dd9c51cae
Instruction Fuzzy Hash: E0A18BF3F5122547F3944968CD9836276839B94320F2F82388F5DAB7C5D97EAD0A5388

Function 00FA3131 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4936c6bcb3774a0765c0c7a5bf324f0d82fa3fadeb4f037573d3d0ddbf1b001a
Instruction ID: 20d8b0b9739d3b63928dd73b7a7914573a7fd9a41a436549eece08b6a2e6487f
Opcode Fuzzy Hash: 4936c6bcb3774a0765c0c7a5bf324f0d82fa3fadeb4f037573d3d0ddbf1b001a
Instruction Fuzzy Hash: 87916BB3F5022647F3544D78CD983A26683DB95324F2F82388E58AB7C9DD7E9D0A5384

Function 00FA2276 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 839496ac4705f6d5783d074712e05b81e4ad6ba7b85de62006562d98404e9235
Instruction ID: bc341febbbd30848899284967ce4326e45df29bdf46b1f1580bb54da228282a3
Opcode Fuzzy Hash: 839496ac4705f6d5783d074712e05b81e4ad6ba7b85de62006562d98404e9235
Instruction Fuzzy Hash: 6DA178B3E111254BF3944D29CC983A27683EB95324F2F82788E4C6B7C5D97F6D0A9384

Function 00F6E20A Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ff01188e789d8bfae119b9c8b9c67b13ec8829278e564ec5cd6e38e549c61cc
Instruction ID: 7f96530588158c14050cbb2baec18083ee9cf5c2ac28b13ac0205566ce39dc61
Opcode Fuzzy Hash: 3ff01188e789d8bfae119b9c8b9c67b13ec8829278e564ec5cd6e38e549c61cc
Instruction Fuzzy Hash: 199149F3F112254BF3984969CC683A665839BE5320F2F82388F596B7C5EC7E5D0A5384

Function 00F92330 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d86d978894b6196464c3b5ad88de46d3beab87ebe226882dae03c2bd0c69b338
Instruction ID: 29c54bc0eae0477862706e8a243823af0aa24f6cecfdb7b213774fcd010fb71e
Opcode Fuzzy Hash: d86d978894b6196464c3b5ad88de46d3beab87ebe226882dae03c2bd0c69b338
Instruction Fuzzy Hash: 83918FF3F5052447F3A44D29CC9836272929B95310F2F82788E4CABBC5D93F5D4A9384

Function 00F1906E Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d2d63576b2e672e83b206fe04bc764e1ddd7f0353e9422cef17660b7c6aefc1
Instruction ID: c1f049df0ac918424322be0a6282179ad389529646b189b6c3ccc869443182ac
Opcode Fuzzy Hash: 5d2d63576b2e672e83b206fe04bc764e1ddd7f0353e9422cef17660b7c6aefc1
Instruction Fuzzy Hash: F8919DB3E205254BF3544D28CC983A27693DB95320F2F42788E9C6B7C5E97E6C0A93C4

Function 00F95157 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d362c557ddaa2546971be26df2459ce4a92d1ccf6e3e76ea403dff4e009b78c4
Instruction ID: 1c6edf34b72e38e8db5ad80a8b3de5b4dce72868483db23ceb35faeb33cde3f1
Opcode Fuzzy Hash: d362c557ddaa2546971be26df2459ce4a92d1ccf6e3e76ea403dff4e009b78c4
Instruction Fuzzy Hash: E891ACB3F5122547F3844978CC583626682DBA5320F2F82788E5CAB7C9ED7E9C0A5384

Function 00ED815B Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd1043bb1972fc815532bc62f28e10890e80d4865af31e1a75fef5cbdb24ec9
Instruction ID: a494b0cff0f47f0c5f274aba9ff5e8d7d6e739b89d3f61af863c956eda9037c5
Opcode Fuzzy Hash: 8cd1043bb1972fc815532bc62f28e10890e80d4865af31e1a75fef5cbdb24ec9
Instruction Fuzzy Hash: 1B91ABF3F5022587F3544D68DD983A67682EB94324F2F82388F98AB7C4D97E5D0A5384

Function 00F8E377 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d88d320621f9e6de3b619c215afb873f9f7ff97be7a5474164b829dfd5769df
Instruction ID: 31f654084218514166e6139fd58866cbe269654ef74c43a3aad78cf1f9684793
Opcode Fuzzy Hash: 7d88d320621f9e6de3b619c215afb873f9f7ff97be7a5474164b829dfd5769df
Instruction Fuzzy Hash: AA9188F7F5162147F3540C78CD983A166829BA1324F2F82788E6CAB7C5EC7E9C0A5384

Function 00F75419 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fa0b6cfbb87e0331e9ed889d26b3d937e0b80aa09500495b788325dad462d00
Instruction ID: bb7c40594145bc88c23fe0a15d77f80f42f998bae505c54542c59b69e680117c
Opcode Fuzzy Hash: 3fa0b6cfbb87e0331e9ed889d26b3d937e0b80aa09500495b788325dad462d00
Instruction Fuzzy Hash: B1917CB3F112244BF3544929DC98362B693ABD4324F2F81788F5CAB7C5D97E9D0A9384

Function 00FA74D1 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9f21ac27d9c5bb12b08de0f38d88a84660dc0a9c26a5c84a20271c0df2666ec
Instruction ID: 0759c3d6ae71049e86cae7dcb401fc6d5a394b420763b826cdd79f9c0979990e
Opcode Fuzzy Hash: b9f21ac27d9c5bb12b08de0f38d88a84660dc0a9c26a5c84a20271c0df2666ec
Instruction Fuzzy Hash: EA919DB3F111258BF3544939DC5836276839BD5324F3F82388A5CAB7C5E97E9D0A9384

Function 00F2C1AD Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c4667f758a390c0631dd1eaf04cd305bd6baadbb29090fb867fb29c8c650c55
Instruction ID: 64a2283ee89791c01bc6645f36007cfcd1bb821df95fdeef63dd81e19adf8ced
Opcode Fuzzy Hash: 5c4667f758a390c0631dd1eaf04cd305bd6baadbb29090fb867fb29c8c650c55
Instruction Fuzzy Hash: CB918BB3F116254BF3944928CC983627683DBA5314F2F82788F8C6B7C9D97E5D0A5384

Function 00F74254 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 896901484354b998cd8913b2e22f3223d27037b584084b0d9fde5702702a167b
Instruction ID: 87315ff15c1a08c7a246092c85c40e1293db3768b242ae96e22f2147ec15fdb8
Opcode Fuzzy Hash: 896901484354b998cd8913b2e22f3223d27037b584084b0d9fde5702702a167b
Instruction Fuzzy Hash: D2919AB7F1112547F3588928CCA83A27653EB95310F2F82788E1D6B7C5ED7E6D0A9384

Function 00F0B15A Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170acf638c6de811a5107739e9c6390f1d015228a4c250fea6ef8a9eb1a1e44f
Instruction ID: 6b9d17be4d6ea88156e819f09fe22f6b83b7dbb2f0f82910441814c053f19464
Opcode Fuzzy Hash: 170acf638c6de811a5107739e9c6390f1d015228a4c250fea6ef8a9eb1a1e44f
Instruction Fuzzy Hash: C491ADB3F5062447F3488969CC983A26683DBD4314F2F81788E9DAB7C5D9BE9C0A5384

Function 00FAA21C Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64f597dba4fe7dbe36bb9526c74e6c96e6f1a5cecd485e585eb095f9a8073c1e
Instruction ID: d662067e3c83e4c20086aa697897e7b831397be2acef8adfb6738123c9f65b5c
Opcode Fuzzy Hash: 64f597dba4fe7dbe36bb9526c74e6c96e6f1a5cecd485e585eb095f9a8073c1e
Instruction Fuzzy Hash: 36915AF3F1122547F3944D29CC993626683E7A5324F2F82388E5CAB7C5E97E9D0A5384

Function 00F4739C Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac7b3b47469c5280dba4f6cd6a0599277592aefb63f7544c30e149657d45fb37
Instruction ID: b958fe10358234b10b64e5036628154b61ea008f5c80172e2c8bceeb186fbfff
Opcode Fuzzy Hash: ac7b3b47469c5280dba4f6cd6a0599277592aefb63f7544c30e149657d45fb37
Instruction Fuzzy Hash: 8A9189B3E512214BF3544D69CC98392B693AB95320F2F42788E5C6B7C1D97E6D0A93C4

Function 00F4F2CA Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85ed82dfcdf475a67a85aeb8c007711fb5a4d3bebc318e37924509487303699c
Instruction ID: 80fc030102e899252b9bb9b6332f08f7e473b0a0df54fce55a5e54ee94ca816e
Opcode Fuzzy Hash: 85ed82dfcdf475a67a85aeb8c007711fb5a4d3bebc318e37924509487303699c
Instruction Fuzzy Hash: DC917DB3F1162447F3544D29DD983927682DB94320F2F82788E9C6B7C9E97E6D0A93C4

Function 00F68232 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0598a1dbd56e3ed15a994b55e70e38e360d624ad31b018765771b8e4417225a
Instruction ID: 614cfc7daff688a3d4694855490bdff0674f4d657d32a8c7c31883f32e2e127f
Opcode Fuzzy Hash: e0598a1dbd56e3ed15a994b55e70e38e360d624ad31b018765771b8e4417225a
Instruction Fuzzy Hash: A69189F3F506244BF3984979CCA83A22682DBD4324F2F82788F5D6B7D5D87E5D0A5284

Function 00F1423C Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ac04074f8ae99ebb80f9d042fe095cf212af31fd408555d7c3eee914855677
Instruction ID: 8122ff268a04b8fb79a0f2d76d45e074cf43d2b28a6364e3c56e6c526311914f
Opcode Fuzzy Hash: 12ac04074f8ae99ebb80f9d042fe095cf212af31fd408555d7c3eee914855677
Instruction Fuzzy Hash: 52916AF3E5062047F3984938DD983622692DB95324F2F82788F5CAB7C5E97F6D0A5384

Function 00F7C148 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c14c2e86c4854cb0a8acbf64ef440b8b6dff185649067309abb710a8bc77bdb
Instruction ID: 8a554e9c608de934dfadf768eb2c5c3b2bc5c0f237eda5397edab19d1138e9ea
Opcode Fuzzy Hash: 9c14c2e86c4854cb0a8acbf64ef440b8b6dff185649067309abb710a8bc77bdb
Instruction Fuzzy Hash: FF916AB3F615254BF3984839CD593626583ABD5320F2F82388E5DAB7C9DC7E9C0A5384

Function 00F9E2F8 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c56032c18c9b80802b8d6d1a7903d339b6dfa16316ffa2021e9d952594ad2be
Instruction ID: 2c3949eebd9ada6229324998ff5f8afeaa48f283c9369c0887a153e4445e7e5f
Opcode Fuzzy Hash: 0c56032c18c9b80802b8d6d1a7903d339b6dfa16316ffa2021e9d952594ad2be
Instruction Fuzzy Hash: EA9159B3F5122547F3584838CD983A6268397D5324F2F82388E5DABBC9ED7E5D0A5380

Function 00F65240 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1487c07e5ee3ed172e7122b2905808da3bcb9af8b929fdbaf59084712ba96a5e
Instruction ID: 3122308495d73ddeb9955032004b1f27856d4a2ec2fa5295f2a6eefe154a4d8d
Opcode Fuzzy Hash: 1487c07e5ee3ed172e7122b2905808da3bcb9af8b929fdbaf59084712ba96a5e
Instruction Fuzzy Hash: FC919CB3F506254BF3944D28DC983627682DBA5310F2F423C8E8CAB3C5D87EAD095384

Function 00ED333D Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc60e493ff160ceb57334f72d6bea58fdd5dc3b5b37b6e504d4fab63326fa3e2
Instruction ID: 1ccc6149d7a7ec56254fbe3b91cc1c8813aedc60d11bcab5cb37210776883149
Opcode Fuzzy Hash: fc60e493ff160ceb57334f72d6bea58fdd5dc3b5b37b6e504d4fab63326fa3e2
Instruction Fuzzy Hash: 209199B3F112254BF3444929CC583A27683DBD5324F2F82788B5CAB7C5D97E9C0A9388

Function 00E804C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: 6c4bf583739bedf3787711c1ec2903990869cb9d6378714dbe14a5f577e4b1f8
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 4EB16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715

Function 00EE24DB Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc154190c50884491fb013576c86eaaf8e0e2fbeacfaa23769dd7a50c0496ced
Instruction ID: 99c96d6163506f4f2818dc437629a7f362cc036bee1dbf697ffa1ba51b8b775a
Opcode Fuzzy Hash: fc154190c50884491fb013576c86eaaf8e0e2fbeacfaa23769dd7a50c0496ced
Instruction Fuzzy Hash: 26919EB3F1022547F3984D29CC98362B683DB95315F2F82788F48AB7C5E97E6D099384

Function 00F8A5F4 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597da892328cde0920cfdca7ad864d7af4cb30b6cf33323742a9e6cec769e8c6
Instruction ID: 8a0cc2bf64b8b5600ca3ac9ab38ebffd04192b5580e42095bc555f67b53f9ce7
Opcode Fuzzy Hash: 597da892328cde0920cfdca7ad864d7af4cb30b6cf33323742a9e6cec769e8c6
Instruction Fuzzy Hash: 0B9170B3F111158BF3544E28CC983A27753DBD5310F2F41788A489B7C5EA7EAC5AA784

Function 00F823A1 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077f2a757acad6ee77b5d70f184128a8c401d80d2ed04950d51ece8183e7427f
Instruction ID: c2674dcc4387b5cd0507e5f271b024a1e5ae875561cf7f1fd8ef7141df05873c
Opcode Fuzzy Hash: 077f2a757acad6ee77b5d70f184128a8c401d80d2ed04950d51ece8183e7427f
Instruction Fuzzy Hash: 9091BAB3F512254BF3944978CDA83A17642DB91324F2F42788E0D6BBC5D97F6D0AA384

Function 00F9F31D Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d18ca23c99ea1bd75f1dbf31df34fcf0dde87f8375cac782e1803fb6124ae27e
Instruction ID: b9ce444049fdc48d4150faf137b7c05f7cd06c4892f67f5ba8a5750ff2696994
Opcode Fuzzy Hash: d18ca23c99ea1bd75f1dbf31df34fcf0dde87f8375cac782e1803fb6124ae27e
Instruction Fuzzy Hash: 2D9189B3F1122447F3584D29CDA83A266839BA5324F2F827C8F9D6B3C5D97E5D0A5384

Function 00EF24BC Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 086c4bc1f7625617514f0225ca580bafc27c33dbcbe42c97ee88bfcbc8e62524
Instruction ID: ed6cee045ab43086c7daeb0b9d705fd2b78aa6d42f9184c8393126121918ed45
Opcode Fuzzy Hash: 086c4bc1f7625617514f0225ca580bafc27c33dbcbe42c97ee88bfcbc8e62524
Instruction Fuzzy Hash: 59919EB7F6062547F39448B9CD983A22583D795314F2F82388F5CABBC5D87E9D095388

Function 00EF20B4 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb1b1eb3fbd509e87b74f4edf0a38e3ec7a37fb413f0d0bca48686fff3f3f96
Instruction ID: 6cd31f8c206c5fb19f2a82ee836044602ccd1f6bd3c5873ba0519be8a63eb5fe
Opcode Fuzzy Hash: 9eb1b1eb3fbd509e87b74f4edf0a38e3ec7a37fb413f0d0bca48686fff3f3f96
Instruction Fuzzy Hash: A191BCF3F506244BF3540938DD983A26682DB95324F2F82788F1CAB7C5E97E6C0A5384

Function 00F2E086 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e3219a905e071747f26066c94bd42af4b4bfd2281cbed0fcad1b9862959d5cf
Instruction ID: 13c5d11b309db296073d2b308bd186dde05a0a8e51c34d3c97ff8b94618668ae
Opcode Fuzzy Hash: 6e3219a905e071747f26066c94bd42af4b4bfd2281cbed0fcad1b9862959d5cf
Instruction Fuzzy Hash: 089148F3F1252547F3584928CC683A276839B95325F2F827C8E4D6B7C4E97E6D0A5388

Function 00F2B4F4 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f161cc6dc5ba9c152442060f977237e208ba857e3768d4f4466928f75870941
Instruction ID: 197cec2bb186daeb976a218c9a765d815b5aa008d60209ffd86e1234a2deb9e0
Opcode Fuzzy Hash: 6f161cc6dc5ba9c152442060f977237e208ba857e3768d4f4466928f75870941
Instruction Fuzzy Hash: 77918BF3F5122987F3944978CC983A16582DBD5324F2F82788F5C6B7C9E87E5D0A9284

Function 00EDD307 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f61cd63f16752374013b38f90200de4352e3de9af53766750d3ee9f07912b81
Instruction ID: 8cd52e63e2393a97b846a43bba470cfbbe718848917bd259fca5a75850731333
Opcode Fuzzy Hash: 4f61cd63f16752374013b38f90200de4352e3de9af53766750d3ee9f07912b81
Instruction Fuzzy Hash: 0591B0B3F111344BF3544D29DC68362B283DBA1324F2F82798E4CAB7D5D97E6C0A9284

Function 00F8B23A Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98d1178389dae01dd6f8fa2c395e37ad727066f2cac7fca516e37583d90cacfe
Instruction ID: a4133fa9ab8f02aa460c8fd5323645c9b05967528f79c6dc0a0fba379ec0df7a
Opcode Fuzzy Hash: 98d1178389dae01dd6f8fa2c395e37ad727066f2cac7fca516e37583d90cacfe
Instruction Fuzzy Hash: 15919DB3E1022647F3944939CC983627682DB95324F3F42388E5DAB7C5DD7E9D495384

Function 00EFC0AC Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6c5a8d7e35e591e40459353e35136362d8d742bf442471f5cd800a72a5c24ee
Instruction ID: ec12b47728ef12512c371501e76d1aa2531d8788033b8141cfbf483cafbbe60a
Opcode Fuzzy Hash: a6c5a8d7e35e591e40459353e35136362d8d742bf442471f5cd800a72a5c24ee
Instruction Fuzzy Hash: 9591ACF7F115254BF3844D28CD983A16642AB95324F2F42788F4C6BBC5D97EAD0A93C4

Function 00F3D142 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 111c07ad203e887dbac2d09d82bb2072599784fbcf1cd73a85dd4f52c51c9f1c
Instruction ID: 166933e7eaab9c0103ba47caeea494886f485e1a2f21f901bb691b9181a49c32
Opcode Fuzzy Hash: 111c07ad203e887dbac2d09d82bb2072599784fbcf1cd73a85dd4f52c51c9f1c
Instruction Fuzzy Hash: F5815BB3F1122547F3504929CC583A276939BD5724F2F81788E8C6B7C5E97FAD0A9384

Function 00FB514D Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332d4e4a4ec110305c1cf9e77d33dad90dbba7123a77517fc7c1852a07fbecaf
Instruction ID: 1c9d3eebb84387b6d8b839efb1124e58762269aeedce532d504ffb0fd5d17db1
Opcode Fuzzy Hash: 332d4e4a4ec110305c1cf9e77d33dad90dbba7123a77517fc7c1852a07fbecaf
Instruction Fuzzy Hash: 3091DDB3F116254BF3944D28CC583A276839B95310F2F81788E4DAB7C5D97EAD099384

Function 00F4D358 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a5f1cb5a3b85e25d551089759b4d24a264c6cf5f2ac9766f1b3fcef56c305ce
Instruction ID: c34f96593fee3896245cc51ca51be83b76b0d3704921f941433e291503e71bf5
Opcode Fuzzy Hash: 5a5f1cb5a3b85e25d551089759b4d24a264c6cf5f2ac9766f1b3fcef56c305ce
Instruction Fuzzy Hash: BA818DB3F102244BF7584D39CDA83B17683DB94325F2B413D8A8A9B3C5D9BE5C4A9744

Function 00FB3496 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed0c5863a32e46b3fbaeadd1ec1a280b1a671173cd51f9b5f3194c1fbe6291d
Instruction ID: 8c77b1ad089f29c88a23ea12c936972cc536f39556345dd276325fecef1ef56a
Opcode Fuzzy Hash: bed0c5863a32e46b3fbaeadd1ec1a280b1a671173cd51f9b5f3194c1fbe6291d
Instruction Fuzzy Hash: 8F9166B3E1112547F3584D29CC283A2A2939BD5320F2F827C8E5EAB7D4ED7E5D0A5384

Function 00EC3280 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82316bcf5dd6fc859a0e554cf0517149d1af72b1c12099311fae9df9309badd1
Instruction ID: 2fa134c28210b1adb98c930cc9e1191644b542d15fee68d8704c62a5856ea427
Opcode Fuzzy Hash: 82316bcf5dd6fc859a0e554cf0517149d1af72b1c12099311fae9df9309badd1
Instruction Fuzzy Hash: 8581EEB3F5163547F3544928CD883A17692DB95324F2F82788E5CAB7C1E97EAD0A93C0

Function 00EA0460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 80a4aae110acef0fc7f0522a334a781f710c1314578500f9f6101d250015afd4
Instruction ID: a63a8b0dcd137c39f5ae5fb6700ca89026864d41b2e60560ae884839c398474e
Opcode Fuzzy Hash: 80a4aae110acef0fc7f0522a334a781f710c1314578500f9f6101d250015afd4
Instruction Fuzzy Hash: A6610835A083019BD7159F18C89067FB7A2EFCE714F19D52CE985AB291EB30EC51D782

Function 00EFF1A5 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16335b2b7f48b5ded8d40e39555e61fc1950fd5e0a94a799056b58e6f6e7660c
Instruction ID: 4d1146a4fafcb180a52e8d20c2cabc67160ef2144322cec77c01bbad20b1790c
Opcode Fuzzy Hash: 16335b2b7f48b5ded8d40e39555e61fc1950fd5e0a94a799056b58e6f6e7660c
Instruction Fuzzy Hash: CA9198B3F1162547F3944E29CC983A276829B95320F2F82788E5C6B7C1DD7F6D0A9384

Function 00F96284 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b0e3a914217773a09ba7c3ddeb7e43fadd1df02ca711142acdcc22169ad1070
Instruction ID: f9c2afe53754c70a80ea005fbadbec8e7a89e19a7961247f54a533b6210b2c91
Opcode Fuzzy Hash: 6b0e3a914217773a09ba7c3ddeb7e43fadd1df02ca711142acdcc22169ad1070
Instruction Fuzzy Hash: EF818BB3F011118BF3584929CCA83A67693EBD5720F2F82398B599B7C5DD7E5C0A5380

Function 00F9813A Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd507124a36947b6f4162700e07e7ae83ae34f9d09692a6bf69b70af073856dc
Instruction ID: 713815f555dfeda39998ecdf99f5ec33579f7da5edf244502ca6bb0527748752
Opcode Fuzzy Hash: dd507124a36947b6f4162700e07e7ae83ae34f9d09692a6bf69b70af073856dc
Instruction Fuzzy Hash: F18189F3F5162147F3544839CD9836265839BE1324F2F82788E5DAB7C9E87E5D0A4384

Function 00F094C5 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08afa0f5b31925df5acc8b87a1d65b0bb2a6ad1250bbcfc60f462c6ad89f007
Instruction ID: 619f4f7d4d11cda956dc1a6f5c2a2765b4acc190ea90b101587c1d6a1e1b1112
Opcode Fuzzy Hash: d08afa0f5b31925df5acc8b87a1d65b0bb2a6ad1250bbcfc60f462c6ad89f007
Instruction Fuzzy Hash: 868188F7E115254BF3900E28CC583A266939B95324F2F82788F5C6B7C5D93E6D09A384

Function 00ECD1FE Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 677d03c12a0b44a88963c94e68979e0e1958c8008d398b6290aa8f969079f1e1
Instruction ID: 165a3269fcd0e1124b946f9104fa9c3d3a6a8126a158a9344c30d0eaaf3304a0
Opcode Fuzzy Hash: 677d03c12a0b44a88963c94e68979e0e1958c8008d398b6290aa8f969079f1e1
Instruction Fuzzy Hash: E981CFB3F112248BF3444E28DC983A27653EBA5310F2F81788E4C5B7C9D97E6D0A9384

Function 00ECE161 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e34440333f60f86c6205aa4b51c016d91a88c093ea54e31617385cc53b0c4c5e
Instruction ID: 4bf24a34a6ec10e2e8bbb057d0bf22e0a0a35dadca558fcb634ccba6297d9b3a
Opcode Fuzzy Hash: e34440333f60f86c6205aa4b51c016d91a88c093ea54e31617385cc53b0c4c5e
Instruction Fuzzy Hash: 76815AB3E102258BF3504E28CD583A276929B95320F2F42788E5C7B7D4E97F6D5A93C4

Function 00FB4100 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84eac6c41c26b9aa4a18491a0e243588a19e813cce5892325225a5a1985c159a
Instruction ID: 10fdcd3c1172d0ab64fbc55b7f0be1df4158394753f594722f73dc33e71e252f
Opcode Fuzzy Hash: 84eac6c41c26b9aa4a18491a0e243588a19e813cce5892325225a5a1985c159a
Instruction Fuzzy Hash: 55817CB3F1112547F3544928CD983A17683AB95324F2F82788E5CAB7C9D97EAD0A5384

Function 00F3C0B8 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f66295b52a2fdf9ab79c2215bd1a39ae3ecff45c1f054a2fc5fa5ca910e025
Instruction ID: 337d90f7129b819c481ff650b1ef841cac63888a7a9c1b72470e98efac9327d2
Opcode Fuzzy Hash: 22f66295b52a2fdf9ab79c2215bd1a39ae3ecff45c1f054a2fc5fa5ca910e025
Instruction Fuzzy Hash: D8816BB3E5122547F3944D69CC583A2B6839BD5310F2F82788E1C6BBC9D97E6D0A53C4

Function 00F340A2 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22cb9988b18eb2b2af0f5ca411ba8c288747fe770ac5cd83e4ea5e975b3b589c
Instruction ID: e7e8ee66253913c0c8f6c143aa9f4a079ef595686c7d2cf4cf7208f82b2f217e
Opcode Fuzzy Hash: 22cb9988b18eb2b2af0f5ca411ba8c288747fe770ac5cd83e4ea5e975b3b589c
Instruction Fuzzy Hash: 63817EB3E1112587F3544E28DC983A1B292AB95324F3F42788E8C6B7C5D93F6D16A384

Function 00ECB264 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 714a17e55779c61973cbfa569a728cac775e2bf654352df22cd6d27de8a4a180
Instruction ID: 0c3add1da8eaa0b8669a4d90c9f2f933e5f3e7ee75ff802c2687ac4d013cf68d
Opcode Fuzzy Hash: 714a17e55779c61973cbfa569a728cac775e2bf654352df22cd6d27de8a4a180
Instruction Fuzzy Hash: 74818CB3F612154BF3544928CD983A27283DBD5324F2F82788F186B7C9D97E6D0A9384

Function 00F7F3C4 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4712feeb26805e200cbaefee15f6fed8145dbdce033afdb96fbe5d06e939c2f
Instruction ID: 0eb52d9987e451ce24359e76c9df944e8fb39d00750f6462781ae7d426214022
Opcode Fuzzy Hash: d4712feeb26805e200cbaefee15f6fed8145dbdce033afdb96fbe5d06e939c2f
Instruction Fuzzy Hash: AB8163B3F5122547F3544D28DD983A27683DBA5324F2F82788E0C6B7C5E97E6D0A5384

Function 00FA64E1 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3248143d103fc02709d163c0f064671c2afe5cf955d13c0ae90ce15d9a66640c
Instruction ID: 46a8a9313f54ba9f3f15532562720aedad1f015953d3f445a20bc040363a0a09
Opcode Fuzzy Hash: 3248143d103fc02709d163c0f064671c2afe5cf955d13c0ae90ce15d9a66640c
Instruction Fuzzy Hash: B08149B3F1112447F3984929CC583627693DBD5310F2F82788E5D6BBD9D93E6D0A5388

Function 00EE31E0 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9deb82e2ea1dd6c93e74b7912e91385541e4898267aeded64ba8de60e6d50485
Instruction ID: cdd5ab85a178185f5be7cb9bbff24e2489e2cfec1f369c7718337c31d2c39e21
Opcode Fuzzy Hash: 9deb82e2ea1dd6c93e74b7912e91385541e4898267aeded64ba8de60e6d50485
Instruction Fuzzy Hash: 6A81ACB3F112254BF3944929CC983A27292DBD5321F2F42788E1C6B7C4ED7E6D0A9384

Function 00EFA1C6 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 913bf12e4c9798c6b0b1af7b58872c173cdc1031f552b202823b815e1ce04fea
Instruction ID: afbc7f21c86c2cdea2412368a27f5f96c3ba2652829897660bf81f008b2f1991
Opcode Fuzzy Hash: 913bf12e4c9798c6b0b1af7b58872c173cdc1031f552b202823b815e1ce04fea
Instruction Fuzzy Hash: 158157B3F5162547F3944D29CC583627283EBD5315F2F81788E48AB7C9E93EAD0A9384

Function 00F51151 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73f7ed45ecaee34f91c0fcf8aa6447dc7bb6ad0e10b7b487b2a452c337781f7a
Instruction ID: ee9611e7aff5eddcccad7245835fc9b401656d64a88c99c8df01c0ea5a35b964
Opcode Fuzzy Hash: 73f7ed45ecaee34f91c0fcf8aa6447dc7bb6ad0e10b7b487b2a452c337781f7a
Instruction Fuzzy Hash: 9E816BB3F0022487F7544D29CD583627692EB95324F2F82788F4D6BBC8D93E6D0A9384

Function 00F39411 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3814c78ac6987a305e6fc77384fb139fceddfc45456a0392c2430126c2e6cd7f
Instruction ID: 744c97a098655144679f60427917d507fb79c2b45ae39c8bf9eab5de09cbedff
Opcode Fuzzy Hash: 3814c78ac6987a305e6fc77384fb139fceddfc45456a0392c2430126c2e6cd7f
Instruction Fuzzy Hash: 82818DB3F111258BF3544E28CC583A27693EB95314F2F4278CB586B7D4E97E6D0AA384

Function 00F1009E Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76f22bc7f74e4655fae8dea6312f4381b59f608570f668f1e000d3d0be08142
Instruction ID: 6368d3c5bb03731f86657056de4bc58c98fcd0a87ac0993476bc0e33137cc9cf
Opcode Fuzzy Hash: c76f22bc7f74e4655fae8dea6312f4381b59f608570f668f1e000d3d0be08142
Instruction Fuzzy Hash: 437178B3F1152147F3604929CC583A266939BD5320F2F82B88E9CABBC5D97F5D4A93C4

Function 00EDC02C Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12fd84c811a14c666f77e512774c4ae743080ae4959bb9c65970b0462db2ef6b
Instruction ID: ae1c417e3a0ec6843a5b5dcd63abfaed686a7b9be16df853dd4525bce6410d3a
Opcode Fuzzy Hash: 12fd84c811a14c666f77e512774c4ae743080ae4959bb9c65970b0462db2ef6b
Instruction Fuzzy Hash: 4371A0F3F5162547F3944D28CC583A27683DB95310F2F41788F48AB7C5E97EAD0A5288

Function 00F222B1 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb15e7edadb497627e49aa9bd35570d22de6739f73a2f4e8b5f9a7ede49dc45
Instruction ID: 3fad5de1f7adb59a8e7f60398b0aed9b7cc59daa335d4848effe0ad66389c553
Opcode Fuzzy Hash: 7cb15e7edadb497627e49aa9bd35570d22de6739f73a2f4e8b5f9a7ede49dc45
Instruction Fuzzy Hash: B77180B3F1112587F3444968CC583A27693DBD5325F2F82788E08AB7D9D97FAC0A5384

Function 00F83105 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9e095cf32e78f442ac7d9dbd76f7e7c1eba3ffbd2102de1319812cb7133a511
Instruction ID: a6d38daeb4d5b99ae7bdb1ad31f07b33ab14919ed67644112a030ee3b0fb918c
Opcode Fuzzy Hash: f9e095cf32e78f442ac7d9dbd76f7e7c1eba3ffbd2102de1319812cb7133a511
Instruction Fuzzy Hash: 55714AB3F1122447F3544A68DC98362B393EBD5325F2F81788E486B7C5EA7E6C499384

Function 00EE430A Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0af2838ff7f8b1601c477d319ea2e71a5ac357281bd0c0062fa9370b05c7b91
Instruction ID: bf624e24490dd02a285fc845bb834d32aca72d11ba50954ea62b2cd2da943ccd
Opcode Fuzzy Hash: e0af2838ff7f8b1601c477d319ea2e71a5ac357281bd0c0062fa9370b05c7b91
Instruction Fuzzy Hash: 127169F3F512254BF3544969DD983A2668397D5320F2F82788E5C6B3C6EC7EAC0A5384

Function 00F2036C Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62d1bf239cfd5decc9f64531d980ff9e2328dcc628c3ac8c2834e4e98da6bbe2
Instruction ID: 830de9bafd7087b0035af29dae8d0e89cb2a8c63ecbecac1b686cb9632b402ac
Opcode Fuzzy Hash: 62d1bf239cfd5decc9f64531d980ff9e2328dcc628c3ac8c2834e4e98da6bbe2
Instruction Fuzzy Hash: F5718BB3F5062547F3584E28DC983627693EB94314F2F42388F49AB7C5D97EAD0A5388

Function 00F2F054 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b2503b66912af72733845314269e778474bc33536b91a08fb241b5ae7956a8d
Instruction ID: 2500d3c3374b41cf3cb49102af659b08ccf9576f8e7f54a6998f3f4f7670ab2c
Opcode Fuzzy Hash: 6b2503b66912af72733845314269e778474bc33536b91a08fb241b5ae7956a8d
Instruction Fuzzy Hash: E5718BB3F1152547F3A44929CC48362B6939BD5324F2F82788E4CAB7C5ED7E6D0A5384

Function 00EEC4EF Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6357f157f33131b1435d8080fc1e8a25c9706e37047110b7e640ef8e68af4a3c
Instruction ID: cfb50ba583cd53f08bed638ddabdc43c35b1ef37197f7088b67f17b7804546ec
Opcode Fuzzy Hash: 6357f157f33131b1435d8080fc1e8a25c9706e37047110b7e640ef8e68af4a3c
Instruction Fuzzy Hash: 89718AB3F106244BF3944D29CC983A27293EB95314F2F81788F4DAB7D6D97E6D0A5284

Function 00F9B1C0 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c63755283a5c916e4e997f5cd7a4c66a61fe1686be0c46669f3d6b39149c18fe
Instruction ID: d36f0156b412c33aa069b52d589e4e2cf909b319e2a329855883b6687b81793d
Opcode Fuzzy Hash: c63755283a5c916e4e997f5cd7a4c66a61fe1686be0c46669f3d6b39149c18fe
Instruction Fuzzy Hash: D3715AF3F2162547F3944925DC983A2628397D5324F3F82788B5C6B3C5E97E9C0A5384

Function 00EF01D0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06f69cb6a5d8d4f8c43869cf2a3cf6a01575ef8504a09a535f747b497c684f1c
Instruction ID: 45974171218ca723c9dccc2c44da7d8a2ecf737b5ada90e0ca4e763492652a08
Opcode Fuzzy Hash: 06f69cb6a5d8d4f8c43869cf2a3cf6a01575ef8504a09a535f747b497c684f1c
Instruction Fuzzy Hash: 6B719BF7F5162447F3844924DC983A272939BD4325F2F82788E5C6B7C5E93EAD0A9384

Function 00F2D341 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a50918d30f0d382420f0516a5bcf5ecba48457836af4493edffb56bd7d7cc7d7
Instruction ID: 7e9c3c4a3d070e20c21a7fdc3f83dadbce3d9d2ccc464a09ed862f547238d23e
Opcode Fuzzy Hash: a50918d30f0d382420f0516a5bcf5ecba48457836af4493edffb56bd7d7cc7d7
Instruction Fuzzy Hash: B071C3B3F5022487F3444D28DC983A27692DB95320F2F82788E595F3C5DD7EAD099384

Function 00F400A8 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7250252eb0e32824de2b9869acd769d4cfd2470522410bee113c8c94662659
Instruction ID: 868b034a76371dda0a58a3714cbc11725502f6cb8f22cd15bbabcefd8b635038
Opcode Fuzzy Hash: 4d7250252eb0e32824de2b9869acd769d4cfd2470522410bee113c8c94662659
Instruction Fuzzy Hash: 0C5146F3B586045FF3489939EC9576BB6DAE7D4320F3AC13DAA48C3788ED7988064191

Function 00FA61BB Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b03f7551ee0fd20ad5862234490e783c5762cb2da6b8b4100465d894c821708a
Instruction ID: 7712e87c8614ef4e4fc6618c956c8182da1c3c285faca14dcf0336ed37045c5a
Opcode Fuzzy Hash: b03f7551ee0fd20ad5862234490e783c5762cb2da6b8b4100465d894c821708a
Instruction Fuzzy Hash: FE6168B3F5122547F3544D28DC983A27683DBD1314F2F82388B496BBC9D97EAD0A9384

Function 00EFC4C6 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6904b2c114a691e96e8b1c26d50b4d42a1678a7a0477f7deade048931bdfa23
Instruction ID: f86e97e4da6207dbf8ff9e0c746c9191c015ab568a4cc7d0cf45eeca42c6cf2a
Opcode Fuzzy Hash: f6904b2c114a691e96e8b1c26d50b4d42a1678a7a0477f7deade048931bdfa23
Instruction Fuzzy Hash: 4A618CF3F5012447F3584D28DC58362A683DB95324F2F82788F5D6B7C5D97E9D0A5284

Function 00F71234 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 331e696cab1566f0720eec34c01b23711a39077155c9014727021ddddc40646a
Instruction ID: c87be2940e4ee1ef56d4876e8cd5d67d1ea74398be8091ec7cadf1206f55f1bb
Opcode Fuzzy Hash: 331e696cab1566f0720eec34c01b23711a39077155c9014727021ddddc40646a
Instruction Fuzzy Hash: 0F5189B7F2162507F3980868CD983A66583D7D1324F2F82798E4DAB7CAD87E5D0A5384

Function 00FB3181 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f233ecc3a4be0832109eb26a16b67eab444b69142806432f7de4faa33da20172
Instruction ID: 54c8dba9f89d9ec25b6ccbdb7252ec5a0e4e6eaed5d2394224d23dde22d3a4a7
Opcode Fuzzy Hash: f233ecc3a4be0832109eb26a16b67eab444b69142806432f7de4faa33da20172
Instruction Fuzzy Hash: FE617CB7E0112687F3544E28CC283627692DB91324F2F427C8E4D6B7D5EA7F5D0A9788

Function 00EEE219 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f2697c31d8744015594fcc016f35ebc73ad9ddea6ce3d1e5be8c9f6062aa81e
Instruction ID: ff497769cfb6b2912e6436c3f834c6fdb345bcce28b492afaa599647c4df51e6
Opcode Fuzzy Hash: 9f2697c31d8744015594fcc016f35ebc73ad9ddea6ce3d1e5be8c9f6062aa81e
Instruction Fuzzy Hash: E7519AF3F615254BF3544D68CC583A2A642EB91324F2F82788F0CAB7C9D97E9D0952C4

Function 00F2D12B Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c02c872f873ba8cd5e350ff550df946a8c4b82c21f0daf7ab667127be44efa9b
Instruction ID: 9f794e857bd95ee143654db13be4f2012ec9acd5365bd7448dd00e0f40d310a9
Opcode Fuzzy Hash: c02c872f873ba8cd5e350ff550df946a8c4b82c21f0daf7ab667127be44efa9b
Instruction Fuzzy Hash: A15129F3B181105FE718AD2DDC65B7AB7DADBD4320F2B463DE996C7380E93458018292

Function 00F9F03E Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df65fe1f8283a6eb11ad8e91a157b1f12e4f5d44954eb4338e88a7f270485664
Instruction ID: 708a2f7f8da6d3690be758a4e8d03025eaebc5f9de711963d44b9bfc58f3d151
Opcode Fuzzy Hash: df65fe1f8283a6eb11ad8e91a157b1f12e4f5d44954eb4338e88a7f270485664
Instruction Fuzzy Hash: 4351A1F7E112258BF3444E28DD883623352EB95311F2F42788F486B7C5DA7E6C499784

Function 00F6B19F Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95b451c5f1dc0bce484a4dcb293bc5e2a1a0daa1d3fb5699bec897ee79f7bd5
Instruction ID: 2dfb06ec4855d2c9408a9aa976991a34fe45ef895538a91a493f74b33bd5cb53
Opcode Fuzzy Hash: a95b451c5f1dc0bce484a4dcb293bc5e2a1a0daa1d3fb5699bec897ee79f7bd5
Instruction Fuzzy Hash: 445189B3F016254BF3944879CD583626682DB95324F2F82388F1DAB7D9ED7E9C0A5384

Function 00F27367 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a42dca98674d1c2a6b940e800ecdc68790a06925244f179e1a135c8d94defdd9
Instruction ID: 471f910aa9d33df989233f8aa90b56cdbba35c68efb328914a03f9cf4286aaea
Opcode Fuzzy Hash: a42dca98674d1c2a6b940e800ecdc68790a06925244f179e1a135c8d94defdd9
Instruction Fuzzy Hash: 6B516CF3E1122587F3644979CD583A26682DB91320F2F82788F5C7B7C4D97E5D0A5384

Function 00FA430A Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a406ab1c7ead3b968c8fd922de3b7163b977e7916fb33de4b5dade04f162a50
Instruction ID: 065fcaffc886847e1a1a27a5e3ca40fdb41c66747f0b091cd413a127c710d1c2
Opcode Fuzzy Hash: 3a406ab1c7ead3b968c8fd922de3b7163b977e7916fb33de4b5dade04f162a50
Instruction Fuzzy Hash: F6516EB3F106218BF3544E28DC983627292EB95314F2F4178CE496B3C5EA7F6C059784

Function 00F871A9 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5df38a417dab839ab7b1c37cca289c73e092ab8e1560543f61863b818bbc1f4a
Instruction ID: ab2b70e5f4a5cd1c7db215ae9a17a7f1cb22084840a39069028192a9ec5f5352
Opcode Fuzzy Hash: 5df38a417dab839ab7b1c37cca289c73e092ab8e1560543f61863b818bbc1f4a
Instruction Fuzzy Hash: C0513AB3F1052587F3644E28CC583A27693DB95324F2F42788E886B7C5EA7F5D459388

Function 00E8F377 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc4beb26c3100e5c03baef469e7fa9b512411d62467d54547e010162d40dbdc9
Instruction ID: 18a8d9694e53757273d8ece35e11967a8dcb383864fb970fff89f25eedf8cd09
Opcode Fuzzy Hash: bc4beb26c3100e5c03baef469e7fa9b512411d62467d54547e010162d40dbdc9
Instruction Fuzzy Hash: 9461FA72744B418FC728CE38C8953E6BBD2AB85314F19863CD4BFCB395EA79A8058700

Function 00F0C30F Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9df58bba34605779f7d4bd9e6d110742ea5fc5d19e020f4fe68355eb03f332a
Instruction ID: 2e6f2c80c3d0625be7ddf9210439bb43b7293613bebef21ce38ad6526a328573
Opcode Fuzzy Hash: e9df58bba34605779f7d4bd9e6d110742ea5fc5d19e020f4fe68355eb03f332a
Instruction Fuzzy Hash: C35168B7F012244BF3944E29DC983A27693DB95314F2F81788E4C6B7C6E97E6C0A5384

Function 00EC8359 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2a5050299f4dfd484139bf3e67604bc6fb07501407a8cd6a7625d05a7263b58
Instruction ID: d987d9cc70df9c714a01835f266be72df4b78c24d4fd657e6e1d7678cbe0352b
Opcode Fuzzy Hash: e2a5050299f4dfd484139bf3e67604bc6fb07501407a8cd6a7625d05a7263b58
Instruction Fuzzy Hash: BA518CB3E5152487F3504D28CD983927683EB90324F2F42788E9C6B7C6E97FAD4A5384

Function 00E9F18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c2f9c8655ec7ad8fbecb0c21af719b55ba4cad42fa65aa04a9eb0258bc379fa
Instruction ID: 1ce54634b95490eda06962f22ea991a6e3541cf2ef4c7ba4cb264e2596aad0f4
Opcode Fuzzy Hash: 5c2f9c8655ec7ad8fbecb0c21af719b55ba4cad42fa65aa04a9eb0258bc379fa
Instruction Fuzzy Hash: BF412B327087514FDB18CF39889127BFBD29BDA304F1D993ED4C6D7256D524E9068B81

Function 00EFB41E Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4aa4bcecab2edf33edfce11ef1eabbb043b110d49b5ae57fbeb4b6b9aec05fb
Instruction ID: a5ab2d188460349f8c578b3935eef7409ce4dfb5deefa1ace8690343c91b9c27
Opcode Fuzzy Hash: b4aa4bcecab2edf33edfce11ef1eabbb043b110d49b5ae57fbeb4b6b9aec05fb
Instruction Fuzzy Hash: EE51AFB3F0012587F7144E29CC683B2B282DB95714F2E827C8F89AB7C5D97E6C099384

Function 00F76239 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 318879e48f7073af27a0df9a233d20eb664deafab9758db5bf42585af9aa451d
Instruction ID: 7c850f05b8559213d12db0339a11656c586ca58636910ee687071438faae581c
Opcode Fuzzy Hash: 318879e48f7073af27a0df9a233d20eb664deafab9758db5bf42585af9aa451d
Instruction Fuzzy Hash: 6D5190F7F512254BF3544D28CC983A57292DBA5314F2F02398E8DAB7C2E97E9D069384

Function 00EF3394 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9ac98913ed93d79924690ba730fd23825746a0bb4e7516bceb6f4a85d37dc9f
Instruction ID: 00708c9902f9ef6196783b74e45970f30e4b8527d556b9ec0a5d6a9810369fc4
Opcode Fuzzy Hash: a9ac98913ed93d79924690ba730fd23825746a0bb4e7516bceb6f4a85d37dc9f
Instruction Fuzzy Hash: AE516073E111248BF3504E59DC883A2B393EB95315F2F41788D48AB7C4EA3FAD199784

Function 00E92070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd5ac2bc543a303b1991a31f7fc8f86edf449708a56c5b030f0060d4774afa0
Instruction ID: ff8a209b6caf8ccf3a0ca077090d49ded4af7ffa95972421fe4f87d668b08cfe
Opcode Fuzzy Hash: 8dd5ac2bc543a303b1991a31f7fc8f86edf449708a56c5b030f0060d4774afa0
Instruction Fuzzy Hash: 4C810BB450A3808FC374DF15DA9A69BBBE1BBCE318F10691DD4886B350CBB06549CF96

Function 00F832A3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a77e7fdd66940f0e41c96c2c8c41fa02e1ba7f2e8b9d30e826ad11cf44b608
Instruction ID: f2f928f6b025a3798f886de16e5d38f22a582cbd79cfc712dfeed20efe2aaef0
Opcode Fuzzy Hash: a5a77e7fdd66940f0e41c96c2c8c41fa02e1ba7f2e8b9d30e826ad11cf44b608
Instruction Fuzzy Hash: 83416DB3F552254BF3544A68DC48362B3929BD6324F2F82788E4C6B7C5E97E6C0993C4

Function 00F9D093 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ad79d88bdc78c52fc8c5d241b2ca0ee980c01a49ff915539432214669acdb3
Instruction ID: daa11604ff2f2f6593efca24af1a02ce2edec6e2503bec64ed7225b1b11629cf
Opcode Fuzzy Hash: 88ad79d88bdc78c52fc8c5d241b2ca0ee980c01a49ff915539432214669acdb3
Instruction Fuzzy Hash: E13129F3F5152047F7988825DC583A265839BE5325F2FC2788B5CABBC9DC7E5C0A5288

Function 00EDE01F Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af17c9889e480c9b85d06de9a68880a1816078e3ae8a9d760adbf7a60e46ab6
Instruction ID: 5d8b6a9bed53fa4752c1e7bbb769f94eb1b92022fad1ecc6d21b28d766e5a7cc
Opcode Fuzzy Hash: 4af17c9889e480c9b85d06de9a68880a1816078e3ae8a9d760adbf7a60e46ab6
Instruction Fuzzy Hash: 913138F7F516254BF3800968DD983A2A643DBA5314F2F8178CF482B7C9D97E9C0A5388

Function 00E9A440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction ID: bef78a7878cc51f8e699e88b15206aef18b95fc90c19fd93693adfd3bbd823f1
Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction Fuzzy Hash: B8310872B086144BCB199D394C5026EB6939FC5334F2DD73DEA769B3C5DA748C409282

Function 00F81060 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94dd0dca50c2e948f9c0fd468e0052a8739473c05c05eaf837e7983d98fa4027
Instruction ID: fba46c38e9ba05544c8cd24c82bcef0c50e1faed3a1da662c7fc1f6e9f9bcae6
Opcode Fuzzy Hash: 94dd0dca50c2e948f9c0fd468e0052a8739473c05c05eaf837e7983d98fa4027
Instruction Fuzzy Hash: 143128B3F5262147F3984839DD9836215839BD1324F2F45788B4DAB7C5DC7E980A1384

Function 00F0C18E Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec049a246ac24e445cbed3f41b7ce4eaec2e664fc39da06cfcdf6f2f0f66bad
Instruction ID: 28690b109b2316db420e607b9cf296378c9cd030e5308bd981dc6fe778bf7d4c
Opcode Fuzzy Hash: cec049a246ac24e445cbed3f41b7ce4eaec2e664fc39da06cfcdf6f2f0f66bad
Instruction Fuzzy Hash: B5314DB3F116214BF3844939CD9836266839BD5328F2F82788F5D5B7C6DC7E9C0A4284

Function 00F9117F Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfdcde73379f5fe1092fae9291d8336f48eefa34c57a20f6aa0688120bad6c81
Instruction ID: 318a20e1b22d1264d82230e1ae1f8ce5176bee83d45c2d726909df903d03eb63
Opcode Fuzzy Hash: dfdcde73379f5fe1092fae9291d8336f48eefa34c57a20f6aa0688120bad6c81
Instruction Fuzzy Hash: BD317AB3F5262547F3440878CDA8392554397E5320F2F82398B69AB7C5ECBE9C4A0284

Function 00FAF2E8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fd91833b0a1d54800331a33f9fe0650a1dd7ffd5253aac1c52fa02d22c7a7c9
Instruction ID: 5e101a5e78ab348020708ecf32c4d85a9e86f5a140298b4f227fb6cdcf12b288
Opcode Fuzzy Hash: 7fd91833b0a1d54800331a33f9fe0650a1dd7ffd5253aac1c52fa02d22c7a7c9
Instruction Fuzzy Hash: 313157B3F5152507F394487ACD99362A5839BD5320F2F82798F5CABBC9DC7E1C0A1288

Function 00F9B04E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd0003c77e8a4d68634f90b0148cd0a40c859853430e8edee513754cf0670ba7
Instruction ID: 096ea6d8fb6b56194e139bf643bd9e3c56b3699c47935d53666fb77175e2117b
Opcode Fuzzy Hash: bd0003c77e8a4d68634f90b0148cd0a40c859853430e8edee513754cf0670ba7
Instruction Fuzzy Hash: D831F0F3F91A204BF3544839DDA93A6158397D5328F2F82388B6D6B7C5EC7E4C0A5284

Function 00FB13C7 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f387aea4f56507c56ce0ec450c25bf646b9c4be95ac256ac080689354a2f5ae1
Instruction ID: e03bd21a7ccf017557070a00516b40c90cc1a4a1130feeb738eb601fcc687a44
Opcode Fuzzy Hash: f387aea4f56507c56ce0ec450c25bf646b9c4be95ac256ac080689354a2f5ae1
Instruction Fuzzy Hash: 593154F7F5152507F3984829DDA93765583EBD8318F2F813D8B4EAB3C5E8BE480A1294

Function 00F840CA Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b396dc6cea05fa300d86ac324e1ac89b7a230140ab6c78ec6b0bf03c54878800
Instruction ID: d09d8f2cf7f9cd50d1c177d26ff973f54aa3c0b0efdd34830f0f9e38a5fc2c7d
Opcode Fuzzy Hash: b396dc6cea05fa300d86ac324e1ac89b7a230140ab6c78ec6b0bf03c54878800
Instruction Fuzzy Hash: 8F21E8F3F115240BF3984839CD58362618397D9721F2F82798E5CAB7D5ECBE4C0A5284

Function 00F650F3 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 615461347d0df84b96fb57b9f0674d5781f1f3fd93a2ae5033af68fa84680693
Instruction ID: 1d93bbaf1f762acc5dbbca6a808e9fdbf63dd295e68360a2348da1b9a29c00f9
Opcode Fuzzy Hash: 615461347d0df84b96fb57b9f0674d5781f1f3fd93a2ae5033af68fa84680693
Instruction Fuzzy Hash: 302144E7F617214BF3908879DC8D3526182D799314F2F82748F58ABBC6D87E9C068288

Function 00F312B7 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f915d89a897cdc4380570eea8f3a89aa1446744a70027cf4c24f8d00bc5b36a7
Instruction ID: 78a62a1a4461de2d8ebdeee352a060a57e75991c31469a26f53fc8a4f77d0bc9
Opcode Fuzzy Hash: f915d89a897cdc4380570eea8f3a89aa1446744a70027cf4c24f8d00bc5b36a7
Instruction Fuzzy Hash: 4E211FB3F545210BF35448B9CC983A2A183A7D9320F2F81798F0CA7BC0DCBE5C4A5284

Function 00E96210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 8cfe88c711be6104c5eef8ef37a88f7a4936be97efc655e31569a0e43320c047
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: EA11EC336051D40ED7158F3C8540565BFD30AD3778B19539AF4B8A71E6D6228D8A9354

Function 00E7C300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: 015dc81164af1430af061d31e6561466e40ae96f9680d44999b419836d6fe31c
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: DFF04F60104B918AD7328F398524373BFF09F23328F646A8CC5E75BAD2D376E14A8794

Function 00E8E0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: b14d0e9b9989d2cfdc042f7fe8cd8b63442454f63c9e3bca77386d0b97aa4c4e
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: 60F06C105087D246D723573D44506B3AFD09B63124B142BD5C4E9A73C7C3159456C355

Function 00E8D116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1814766758.0000000000E61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000000.00000002.1814751177.0000000000E60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814766758.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814817392.0000000000EB3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000000EB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001035000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001111000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.000000000113A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1814832054.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815099009.0000000001151000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815227380.00000000012E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1815244450.00000000012E9000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_rUfr2hQGOb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd52aa0c8450732cb08f029783bca85284fa22e75a5f5fcb2bdb51a8dfe2fbd
Instruction ID: ba23f4aebc11ed7c26b01fe730b718232641472e7ad42817497b35ecb7bc6aac
Opcode Fuzzy Hash: abd52aa0c8450732cb08f029783bca85284fa22e75a5f5fcb2bdb51a8dfe2fbd
Instruction Fuzzy Hash: ED01F9706442429BD304CF39CDA0666FBE1FB87364B08D79CC459977A6C634D842C795

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report rUfr2hQGOb.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
rUfr2hQGOb.exe

Function 00E6B100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Function 00E68600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 00E9E110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00EA1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Function 00E69D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Function 01039949 Relevance: 1.5, APIs: 1, Instructions: 40
libraryCOMMON

Function 00E9E0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Function 00E69EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Function 00E9C570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Function 00E9C55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON