Edit tour

Windows Analysis Report
DjnwNMDQhC.exe

Overview

General Information

Sample name:	DjnwNMDQhC.exe renamed because original name is a hash value
Original sample name:	bb3efe811c844a9a22479cc45aea3e6c.exe
Analysis ID:	1580919
MD5:	bb3efe811c844a9a22479cc45aea3e6c
SHA1:	a4cbc2108e732917ea02fa01b18330997d557630
SHA256:	3f4d4f7ab21ec762ebf104a59fae6229941c638595e01e80bb7070a62fb1b4f5
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

DjnwNMDQhC.exe (PID: 6676 cmdline: "C:\Users\user\Desktop\DjnwNMDQhC.exe" MD5: BB3EFE811C844A9A22479CC45AEA3E6C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["talkynicer.lat", "slipperyloo.lat", "wordyfindy.lat", "shapestickyr.lat", "manyrestro.lat", "curverpluch.lat", "observerfry.lat", "tentabatte.lat", "bashfulacid.lat"], "Build id": "prefersystem32t--"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:28.676784+0100	2028371	3	Unknown Traffic	192.168.2.7	49701	104.102.49.254	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:26.907831+0100	2058480	1	Domain Observed Used for C2 Detected	192.168.2.7	60326	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:26.497892+0100	2058484	1	Domain Observed Used for C2 Detected	192.168.2.7	56421	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:26.075574+0100	2058492	1	Domain Observed Used for C2 Detected	192.168.2.7	56334	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:26.216961+0100	2058500	1	Domain Observed Used for C2 Detected	192.168.2.7	51418	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:25.903486+0100	2058502	1	Domain Observed Used for C2 Detected	192.168.2.7	49166	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:26.357874+0100	2058510	1	Domain Observed Used for C2 Detected	192.168.2.7	55994	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:26.663592+0100	2058512	1	Domain Observed Used for C2 Detected	192.168.2.7	54852	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:25.762943+0100	2058514	1	Domain Observed Used for C2 Detected	192.168.2.7	54853	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:11:29.427377+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.7	49701	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: DjnwNMDQhC.exe

Avira: detected

Found malware configuration

Source: DjnwNMDQhC.exe.6676.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["talkynicer.lat", "slipperyloo.lat", "wordyfindy.lat", "shapestickyr.lat", "manyrestro.lat", "curverpluch.lat", "observerfry.lat", "tentabatte.lat", "bashfulacid.lat"], "Build id": "prefersystem32t--"}

Multi AV Scanner detection for submitted file

Source: DjnwNMDQhC.exe	Virustotal: Detection: 55%			Perma Link
Source: DjnwNMDQhC.exe	ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: DjnwNMDQhC.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bashfulacid.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: tentabatte.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: curverpluch.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: talkynicer.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: shapestickyr.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: manyrestro.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: slipperyloo.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: wordyfindy.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: observerfry.lat
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Source: DjnwNMDQhC.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49701 version: TLS 1.2

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edx, ebx	0_2_006A8600
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_006A8A50
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_006E1720
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_006CC0E6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_006CE0DA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_006CC09E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov eax, dword ptr [006E6130h]	0_2_006B8169
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_006CC09E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006C81CC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_006D6210
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_006E0340
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006BC300
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006C83D8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_006CC465
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_006CC465
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006C8528
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edi, ecx	0_2_006CA5B6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_006E06F0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_006CC850
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006C2830
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_006DC830
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then push esi	0_2_006AC805
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov eax, ebx	0_2_006BC8A0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_006BC8A0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_006BC8A0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_006BC8A0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006C89E9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_006DC990
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_006DCA40
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_006CAAC0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_006AAB40
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edx, ecx	0_2_006B8B1B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_006BEB80
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_006ACC7A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006B4CA0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edx, ecx	0_2_006C6D2E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_006E0D20
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_006DCDF0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_006DCDF0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_006DCDF0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_006DCDF0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_006DEDC1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006C2E6D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then jmp edx	0_2_006C2E6D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_006C2E6D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_006A2EB0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_006B6F52
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov esi, ecx	0_2_006C90D0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_006E1160
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006CD17D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_006CB170
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006CD116
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_006CD34A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_006A73D0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_006A73D0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_006B747D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_006B747D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov eax, ebx	0_2_006C7440
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_006C7440
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_006BB57D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_006C7740
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then jmp eax	0_2_006C9739
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then jmp edx	0_2_006C37D6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_006A9780
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edx, ecx	0_2_006BB8F6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edx, ecx	0_2_006BB8F6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006BD8D8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006BD8D8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006BD8AC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006BD8AC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then jmp edx	0_2_006C39B9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_006C39B9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_006CB980
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then dec edx	0_2_006DFA20
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_006C1A10
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then dec edx	0_2_006DFB10
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then dec edx	0_2_006DFD70
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_006CDDFF
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_006CDE07
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then dec edx	0_2_006DFE00
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edx, ecx	0_2_006C9E80
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_006C5F1B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 4x nop then mov ecx, eax	0_2_006CBF13

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.7:51418 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.7:60326 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.7:56334 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.7:49166 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.7:55994 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.7:56421 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.7:54853 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.7:54852 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49701 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: talkynicer.lat
Source: Malware configuration extractor	URLs: slipperyloo.lat
Source: Malware configuration extractor	URLs: wordyfindy.lat
Source: Malware configuration extractor	URLs: shapestickyr.lat
Source: Malware configuration extractor	URLs: manyrestro.lat
Source: Malware configuration extractor	URLs: curverpluch.lat
Source: Malware configuration extractor	URLs: observerfry.lat
Source: Malware configuration extractor	URLs: tentabatte.lat
Source: Malware configuration extractor	URLs: bashfulacid.lat

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 104.102.49.254:443

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: DjnwNMDQhC.exe, 00000000.00000003.1291136815.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn h equals www.youtube.com (Youtube)
Source: DjnwNMDQhC.exe, 00000000.00000002.1308585462.0000000000C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://. equals www.youtube.com (Youtube)
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=04cd33758f6c0be9b1eb42ac; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:11:29 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: DjnwNMDQhC.exe, 00000000.00000002.1308585462.0000000000C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://. equals www.youtube.com (Youtube)
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=04cd33758f6c0be9b1eb42ac; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:11:29 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ttps://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: observerfry.lat
Source: global traffic	DNS traffic detected: DNS query: wordyfindy.lat
Source: global traffic	DNS traffic detected: DNS query: slipperyloo.lat
Source: global traffic	DNS traffic detected: DNS query: manyrestro.lat
Source: global traffic	DNS traffic detected: DNS query: shapestickyr.lat
Source: global traffic	DNS traffic detected: DNS query: talkynicer.lat
Source: global traffic	DNS traffic detected: DNS query: curverpluch.lat
Source: global traffic	DNS traffic detected: DNS query: tentabatte.lat
Source: global traffic	DNS traffic detected: DNS query: bashfulacid.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291263901.0000000000BB9000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308517313.0000000000BB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: DjnwNMDQhC.exe, 00000000.00000002.1308585462.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308585462.0000000000BBD000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: DjnwNMDQhC.exe, 00000000.00000002.1308585462.0000000000BCB000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000C04000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000C04000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49701 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: DjnwNMDQhC.exe	Static PE information: section name:
Source: DjnwNMDQhC.exe	Static PE information: section name: .idata
Source: DjnwNMDQhC.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006A8600	0_2_006A8600
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006AB100	0_2_006AB100
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00738070	0_2_00738070
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00816082	0_2_00816082
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078807D	0_2_0078807D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00718060	0_2_00718060
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083C099	0_2_0083C099
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078C066	0_2_0078C066
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00742049	0_2_00742049
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081A0C3	0_2_0081A0C3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00774032	0_2_00774032
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081E0E0	0_2_0081E0E0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DE010	0_2_007DE010
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F2006	0_2_007F2006
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00802000	0_2_00802000
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006B60E9	0_2_006B60E9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007700F4	0_2_007700F4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CC0E6	0_2_006CC0E6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082A012	0_2_0082A012
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082001B	0_2_0082001B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CA0CA	0_2_006CA0CA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007080D7	0_2_007080D7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007040B0	0_2_007040B0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B40B8	0_2_007B40B8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070A0B4	0_2_0070A0B4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007720BF	0_2_007720BF
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B00A7	0_2_007B00A7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007840A7	0_2_007840A7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B809C	0_2_007B809C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CC09E	0_2_006CC09E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006B8169	0_2_006B8169
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082C184	0_2_0082C184
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006A6160	0_2_006A6160
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CE173	0_2_007CE173
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00750169	0_2_00750169
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CC09E	0_2_006CC09E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0079414D	0_2_0079414D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C4148	0_2_007C4148
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071A14E	0_2_0071A14E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0075E136	0_2_0075E136
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008281CB	0_2_008281CB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077E13A	0_2_0077E13A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073E122	0_2_0073E122
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E4117	0_2_007E4117
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073A101	0_2_0073A101
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080A1F3	0_2_0080A1F3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AC1FD	0_2_007AC1FD
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DC1FA	0_2_007DC1FA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C81CC	0_2_006C81CC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070E1C1	0_2_0070E1C1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007361C5	0_2_007361C5
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080C136	0_2_0080C136
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00814136	0_2_00814136
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007801C4	0_2_007801C4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007121B4	0_2_007121B4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007FC1B8	0_2_007FC1B8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007BC1B0	0_2_007BC1B0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00802162	0_2_00802162
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D019E	0_2_007D019E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00706197	0_2_00706197
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082E16A	0_2_0082E16A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077819D	0_2_0077819D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CE180	0_2_006CE180
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B6196	0_2_007B6196
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00834172	0_2_00834172
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007FA188	0_2_007FA188
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078E182	0_2_0078E182
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00838288	0_2_00838288
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00808294	0_2_00808294
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00822297	0_2_00822297
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006A4270	0_2_006A4270
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00744269	0_2_00744269
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00796259	0_2_00796259
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A624F	0_2_007A624F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00726237	0_2_00726237
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F6239	0_2_007F6239
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006BE220	0_2_006BE220
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E8226	0_2_007E8226
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081A2DC	0_2_0081A2DC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076C214	0_2_0076C214
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00716214	0_2_00716214
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008262F0	0_2_008262F0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071C202	0_2_0071C202
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00710204	0_2_00710204
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081C200	0_2_0081C200
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076A2FC	0_2_0076A2FC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00840216	0_2_00840216
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007062EB	0_2_007062EB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007982DB	0_2_007982DB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D82DB	0_2_007D82DB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071A2C6	0_2_0071A2C6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C42D0	0_2_006C42D0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F42B4	0_2_007F42B4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0074E2B9	0_2_0074E2B9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077C2A9	0_2_0077C2A9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D22A3	0_2_007D22A3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CA29C	0_2_007CA29C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F029B	0_2_007F029B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0072A282	0_2_0072A282
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071437E	0_2_0071437E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00812390	0_2_00812390
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A836E	0_2_007A836E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E8364	0_2_007E8364
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0086039D	0_2_0086039D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D4361	0_2_007D4361
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00786350	0_2_00786350
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00740347	0_2_00740347
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007BE33B	0_2_007BE33B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008243C6	0_2_008243C6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00776338	0_2_00776338
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008623D2	0_2_008623D2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0079A304	0_2_0079A304
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AA3F9	0_2_007AA3F9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007183F8	0_2_007183F8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080030C	0_2_0080030C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076E3E6	0_2_0076E3E6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C83D8	0_2_006C83D8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DA3B0	0_2_007DA3B0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083634E	0_2_0083634E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C63AD	0_2_007C63AD
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007463A0	0_2_007463A0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00832355	0_2_00832355
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0072C3AD	0_2_0072C3AD
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071E395	0_2_0071E395
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070439A	0_2_0070439A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073E399	0_2_0073E399
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007EE380	0_2_007EE380
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B447B	0_2_007B447B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077A47E	0_2_0077A47E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006E0460	0_2_006E0460
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D2454	0_2_007D2454
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006DA440	0_2_006DA440
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077E458	0_2_0077E458
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00710442	0_2_00710442
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008244B8	0_2_008244B8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E2430	0_2_007E2430
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008304D2	0_2_008304D2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0075A427	0_2_0075A427
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070C42F	0_2_0070C42F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C240A	0_2_007C240A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C24E0	0_2_006C24E0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080440E	0_2_0080440E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00816425	0_2_00816425
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082A426	0_2_0082A426
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C04C6	0_2_006C04C6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A04C7	0_2_007A04C7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083E43C	0_2_0083E43C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DE4BE	0_2_007DE4BE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00730481	0_2_00730481
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00774481	0_2_00774481
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00804581	0_2_00804581
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AE570	0_2_007AE570
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C4560	0_2_006C4560
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00754561	0_2_00754561
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007FC569	0_2_007FC569
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A255D	0_2_007A255D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00738559	0_2_00738559
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076E55A	0_2_0076E55A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007FA54C	0_2_007FA54C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00700546	0_2_00700546
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00724530	0_2_00724530
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080E5C4	0_2_0080E5C4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0075053D	0_2_0075053D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078E536	0_2_0078E536
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CC53C	0_2_006CC53C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E052C	0_2_007E052C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F2520	0_2_007F2520
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C6505	0_2_007C6505
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D0502	0_2_007D0502
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E45F9	0_2_007E45F9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007EA5F5	0_2_007EA5F5
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D65E5	0_2_007D65E5
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006A65F0	0_2_006A65F0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007BC5DA	0_2_007BC5DA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00826530	0_2_00826530
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006DA5D4	0_2_006DA5D4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B65B8	0_2_007B65B8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070E5B4	0_2_0070E5B4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076C5BE	0_2_0076C5BE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007825B3	0_2_007825B3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006DC5A0	0_2_006DC5A0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070A5A2	0_2_0070A5A2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CE5AE	0_2_007CE5AE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007065AE	0_2_007065AE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0075E5AA	0_2_0075E5AA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00734597	0_2_00734597
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083456A	0_2_0083456A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076258E	0_2_0076258E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077258F	0_2_0077258F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0074A672	0_2_0074A672
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081C688	0_2_0081C688
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083A68C	0_2_0083A68C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006D8650	0_2_006D8650
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080A6CA	0_2_0080A6CA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0074C639	0_2_0074C639
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006BE630	0_2_006BE630
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00784625	0_2_00784625
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070861A	0_2_0070861A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00814603	0_2_00814603
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AA6F0	0_2_007AA6F0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007806ED	0_2_007806ED
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007966E0	0_2_007966E0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CA6E1	0_2_007CA6E1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006E06F0	0_2_006E06F0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0074E6EB	0_2_0074E6EB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081E61E	0_2_0081E61E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071A6D3	0_2_0071A6D3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073E6D5	0_2_0073E6D5
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007946D0	0_2_007946D0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F86CA	0_2_007F86CA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007766CE	0_2_007766CE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C46D0	0_2_006C46D0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081863F	0_2_0081863F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081A640	0_2_0081A640
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077C6B1	0_2_0077C6B1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082E64C	0_2_0082E64C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DC6A5	0_2_007DC6A5
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F06A6	0_2_007F06A6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082865B	0_2_0082865B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006AE687	0_2_006AE687
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D068B	0_2_007D068B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0079A683	0_2_0079A683
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AC684	0_2_007AC684
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073C68C	0_2_0073C68C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081A788	0_2_0081A788
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00786775	0_2_00786775
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0079C777	0_2_0079C777
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083E791	0_2_0083E791
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00812797	0_2_00812797
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0072A76C	0_2_0072A76C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00758754	0_2_00758754
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F675C	0_2_007F675C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006B2750	0_2_006B2750
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00766730	0_2_00766730
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C0730	0_2_007C0730
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CC72D	0_2_007CC72D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00768728	0_2_00768728
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CE711	0_2_007CE711
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00744700	0_2_00744700
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077E7E4	0_2_0077E7E4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007647EE	0_2_007647EE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007427A0	0_2_007427A0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A87A2	0_2_007A87A2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DA787	0_2_007DA787
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083877F	0_2_0083877F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DE874	0_2_007DE874
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00748864	0_2_00748864
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00816894	0_2_00816894
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006AC840	0_2_006AC840
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071A849	0_2_0071A849
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076084D	0_2_0076084D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D283C	0_2_007D283C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007EA82D	0_2_007EA82D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008008D6	0_2_008008D6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0079E80B	0_2_0079E80B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F280C	0_2_007F280C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E8800	0_2_007E8800
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007FE8FC	0_2_007FE8FC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007528F0	0_2_007528F0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A68FC	0_2_007A68FC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081080B	0_2_0081080B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E68F3	0_2_007E68F3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083080E	0_2_0083080E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007928EE	0_2_007928EE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078E8E2	0_2_0078E8E2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F48E3	0_2_007F48E3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007708DC	0_2_007708DC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AE8D4	0_2_007AE8D4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007108C1	0_2_007108C1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007788C6	0_2_007788C6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080883B	0_2_0080883B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006BC8A0	0_2_006BC8A0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070C8A9	0_2_0070C8A9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082A85B	0_2_0082A85B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006D88B0	0_2_006D88B0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00704890	0_2_00704890
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00712894	0_2_00712894
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0085E87A	0_2_0085E87A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00818981	0_2_00818981
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080E986	0_2_0080E986
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006BE960	0_2_006BE960
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073697F	0_2_0073697F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0072097C	0_2_0072097C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00774969	0_2_00774969
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007FA955	0_2_007FA955
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071C94A	0_2_0071C94A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C6947	0_2_007C6947
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008029BC	0_2_008029BC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B2939	0_2_007B2939
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AA93C	0_2_007AA93C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0075E93C	0_2_0075E93C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008269D2	0_2_008269D2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00754919	0_2_00754919
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077A90F	0_2_0077A90F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C6910	0_2_006C6910
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B4904	0_2_007B4904
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00830900	0_2_00830900
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CC9EB	0_2_006CC9EB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073C9F9	0_2_0073C9F9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078C9F4	0_2_0078C9F4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006E09E0	0_2_006E09E0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C29E9	0_2_007C29E9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0074C9EA	0_2_0074C9EA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B89C1	0_2_007B89C1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006F89A3	0_2_006F89A3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A0993	0_2_007A0993
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0079AA7F	0_2_0079AA7F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00744A7D	0_2_00744A7D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00756A7E	0_2_00756A7E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00784A75	0_2_00784A75
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00762A65	0_2_00762A65
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007ECA64	0_2_007ECA64
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00796A65	0_2_00796A65
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077EA50	0_2_0077EA50
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006DCA40	0_2_006DCA40
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081CAAF	0_2_0081CAAF
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C4A44	0_2_007C4A44
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00732A31	0_2_00732A31
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D8A3F	0_2_007D8A3F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083AAE1	0_2_0083AAE1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F4A15	0_2_007F4A15
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E0A13	0_2_007E0A13
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00738A06	0_2_00738A06
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007EAA0B	0_2_007EAA0B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00790AF3	0_2_00790AF3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0074EAF8	0_2_0074EAF8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00700AFD	0_2_00700AFD
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0079CAE6	0_2_0079CAE6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A2ADA	0_2_007A2ADA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00750AD8	0_2_00750AD8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00798AB5	0_2_00798AB5
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00820A4E	0_2_00820A4E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C8ABC	0_2_006C8ABC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00804A51	0_2_00804A51
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083EA51	0_2_0083EA51
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00868A55	0_2_00868A55
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00722A93	0_2_00722A93
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00708A94	0_2_00708A94
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00716A9D	0_2_00716A9D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00782A81	0_2_00782A81
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DCA81	0_2_007DCA81
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076AB75	0_2_0076AB75
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007ACB6D	0_2_007ACB6D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006AAB40	0_2_006AAB40
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00808BAA	0_2_00808BAA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0071EB44	0_2_0071EB44
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D6B3A	0_2_007D6B3A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CEB36	0_2_007CEB36
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00730B3E	0_2_00730B3E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00810BCC	0_2_00810BCC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073AB3C	0_2_0073AB3C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DEB1D	0_2_007DEB1D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081EBEA	0_2_0081EBEA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070EB1D	0_2_0070EB1D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006B8B1B	0_2_006B8B1B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A8BCB	0_2_007A8BCB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00806B3A	0_2_00806B3A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0072EBCE	0_2_0072EBCE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00818B44	0_2_00818B44
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006A4BA0	0_2_006A4BA0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CCBAF	0_2_007CCBAF
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00828B5B	0_2_00828B5B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006BEB80	0_2_006BEB80
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E2B90	0_2_007E2B90
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D0B83	0_2_007D0B83
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D2C6F	0_2_007D2C6F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00732C6F	0_2_00732C6F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007FCC5A	0_2_007FCC5A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00752C5D	0_2_00752C5D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007CAC55	0_2_007CAC55
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00768C5A	0_2_00768C5A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00796C56	0_2_00796C56
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C8C45	0_2_007C8C45
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00826CB8	0_2_00826CB8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080CCC1	0_2_0080CCC1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00792C35	0_2_00792C35
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00708C16	0_2_00708C16
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DAC15	0_2_007DAC15
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0075EC05	0_2_0075EC05
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00764C06	0_2_00764C06
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B2C0A	0_2_007B2C0A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081ACF3	0_2_0081ACF3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00724CF1	0_2_00724CF1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DCCF1	0_2_007DCCF1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00834C0C	0_2_00834C0C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00832C1F	0_2_00832C1F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F8CDE	0_2_007F8CDE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00704CD2	0_2_00704CD2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00740CD7	0_2_00740CD7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AECDD	0_2_007AECDD
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007DECD0	0_2_007DECD0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0070CCC7	0_2_0070CCC7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007ACCBC	0_2_007ACCBC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006B4CA0	0_2_006B4CA0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00822C53	0_2_00822C53
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078ECA0	0_2_0078ECA0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0072CC96	0_2_0072CC96
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AAD7B	0_2_007AAD7B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00720D79	0_2_00720D79
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00838D95	0_2_00838D95
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C2D64	0_2_007C2D64
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CCD4C	0_2_006CCD4C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00784D5E	0_2_00784D5E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00712D5B	0_2_00712D5B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B4D4B	0_2_007B4D4B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CCD5E	0_2_006CCD5E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00748D40	0_2_00748D40
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00768D4C	0_2_00768D4C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077AD36	0_2_0077AD36
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C6D2E	0_2_006C6D2E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080ADC7	0_2_0080ADC7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006E0D20	0_2_006E0D20
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00754D27	0_2_00754D27
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080EDD8	0_2_0080EDD8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078AD25	0_2_0078AD25
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00728D13	0_2_00728D13
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006DCDF0	0_2_006DCDF0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00744DE9	0_2_00744DE9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0077CDD0	0_2_0077CDD0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A0DD7	0_2_007A0DD7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007E0DB5	0_2_007E0DB5
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A6DAA	0_2_007A6DAA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00766DA3	0_2_00766DA3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00706D9A	0_2_00706D9A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D8D97	0_2_007D8D97
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00750D9B	0_2_00750D9B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00794D8A	0_2_00794D8A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0082AD75	0_2_0082AD75
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00736D88	0_2_00736D88
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00778D89	0_2_00778D89
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C0E6C	0_2_006C0E6C
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006C2E6D	0_2_006C2E6D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A2E71	0_2_007A2E71
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006CEE63	0_2_006CEE63
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00702E67	0_2_00702E67
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D2E59	0_2_007D2E59
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00762E47	0_2_00762E47
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073CE47	0_2_0073CE47
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00834EB6	0_2_00834EB6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00774E3E	0_2_00774E3E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C4E14	0_2_007C4E14
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00822EEB	0_2_00822EEB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D0E17	0_2_007D0E17
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0081CE05	0_2_0081CE05
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00808E07	0_2_00808E07
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00836E04	0_2_00836E04
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00790EE3	0_2_00790EE3
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076CEEA	0_2_0076CEEA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00820E1E	0_2_00820E1E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00796EC6	0_2_00796EC6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00814E48	0_2_00814E48
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006D8EA0	0_2_006D8EA0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00770EA7	0_2_00770EA7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00700EA2	0_2_00700EA2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00802E55	0_2_00802E55
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00818E59	0_2_00818E59
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B0EA2	0_2_007B0EA2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D6EA4	0_2_007D6EA4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006A2EB0	0_2_006A2EB0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006BAEB0	0_2_006BAEB0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0076EE9B	0_2_0076EE9B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00730E81	0_2_00730E81
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B8E8F	0_2_007B8E8F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0073AE8D	0_2_0073AE8D
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A4F6F	0_2_007A4F6F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00738F47	0_2_00738F47
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006B6F52	0_2_006B6F52
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0083EFBF	0_2_0083EFBF
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00810FE7	0_2_00810FE7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C8F16	0_2_007C8F16
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00826FF7	0_2_00826FF7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007F2FF9	0_2_007F2FF9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007ECFF2	0_2_007ECFF2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0085CF0B	0_2_0085CF0B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00782FE8	0_2_00782FE8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00708FC7	0_2_00708FC7
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00726FCD	0_2_00726FCD
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0072AFA4	0_2_0072AFA4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00780FA1	0_2_00780FA1
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0078CF9B	0_2_0078CF9B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007D4F98	0_2_007D4F98
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00756F98	0_2_00756F98
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00833090	0_2_00833090
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0074105E	0_2_0074105E
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_009190BD	0_2_009190BD
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008290B4	0_2_008290B4
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0079B047	0_2_0079B047
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006AD021	0_2_006AD021
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00777027	0_2_00777027
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008230DB	0_2_008230DB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007A901A	0_2_007A901A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006BD003	0_2_006BD003
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00705003	0_2_00705003
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007C70F9	0_2_007C70F9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AF0EE	0_2_007AF0EE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00805016	0_2_00805016
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007B90E5	0_2_007B90E5
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007250D6	0_2_007250D6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007650D8	0_2_007650D8
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007610C5	0_2_007610C5

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: String function: 006A7F60 appears 40 times
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: String function: 006B4C90 appears 77 times

Source: DjnwNMDQhC.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: DjnwNMDQhC.exe	Static PE information: Section: ZLIB complexity 0.9996042687908496
Source: DjnwNMDQhC.exe	Static PE information: Section: pavigcuh ZLIB complexity 0.9943794248201978

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Code function: 0_2_006D2070 CoCreateInstance,

0_2_006D2070

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: DjnwNMDQhC.exe	Virustotal: Detection: 55%
Source: DjnwNMDQhC.exe	ReversingLabs: Detection: 68%

Source: DjnwNMDQhC.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

File read: C:\Users\user\Desktop\DjnwNMDQhC.exe

Jump to behavior

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Section loaded: dpapi.dll	Jump to behavior

Source: DjnwNMDQhC.exe

Static file information: File size 1880576 > 1048576

Source: DjnwNMDQhC.exe

Static PE information: Raw size of pavigcuh is bigger than: 0x100000 < 0x1a1200

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Unpacked PE file: 0.2.DjnwNMDQhC.exe.6a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pavigcuh:EW;lzgwbmgt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;pavigcuh:EW;lzgwbmgt:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: DjnwNMDQhC.exe

Static PE information: real checksum: 0x1d03fb should be: 0x1d0d8e

Source: DjnwNMDQhC.exe	Static PE information: section name:
Source: DjnwNMDQhC.exe	Static PE information: section name: .idata
Source: DjnwNMDQhC.exe	Static PE information: section name:
Source: DjnwNMDQhC.exe	Static PE information: section name: pavigcuh
Source: DjnwNMDQhC.exe	Static PE information: section name: lzgwbmgt
Source: DjnwNMDQhC.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006FA1D7 push edi; mov dword ptr [esp], edx	0_2_006FA36A
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006F9C45 push edi; mov dword ptr [esp], 0E21CBD7h	0_2_006FA3AF
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008C408F push ebp; mov dword ptr [esp], ebx	0_2_008C4110
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008DA08B push edx; mov dword ptr [esp], ebx	0_2_008DA0E9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AC070 push 1C85A643h; mov dword ptr [esp], eax	0_2_007AC094
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_007AC070 push ecx; mov dword ptr [esp], edx	0_2_007AC0F2
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006FC071 push esi; mov dword ptr [esp], eax	0_2_006FE88F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_009340A8 push ebx; mov dword ptr [esp], eax	0_2_009340CC
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_009340A8 push 69ADE0B9h; mov dword ptr [esp], ebp	0_2_00934167
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_009340A8 push 5C5EE109h; mov dword ptr [esp], ecx	0_2_009341AF
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_009440EA push ecx; mov dword ptr [esp], 6D2E128Eh	0_2_009440FB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0094803F push edi; mov dword ptr [esp], ecx	0_2_00948197
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006FC0C4 push 3DF62542h; mov dword ptr [esp], ebx	0_2_006FC973
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006FC0C4 push ebp; mov dword ptr [esp], 2DBA8581h	0_2_006FC97F
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008D4040 push ecx; mov dword ptr [esp], ebx	0_2_008D3FC9
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008D4040 push edi; mov dword ptr [esp], 6EC004B1h	0_2_008D3FD0
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0093C07B push 094C8281h; mov dword ptr [esp], ebx	0_2_0093C0BF
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006F8163 push 20D3F2F8h; mov dword ptr [esp], eax	0_2_006F8340
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008BE1A7 push 22A8242Ah; mov dword ptr [esp], eax	0_2_008BE1F6
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006FC142 push eax; mov dword ptr [esp], 39EFA7E5h	0_2_006FEA7B
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006FC133 push 14DF91FBh; mov dword ptr [esp], ebx	0_2_006FE409
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_008DA1EA push 1F645101h; mov dword ptr [esp], eax	0_2_008DA277
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00B3E1C3 push ecx; mov dword ptr [esp], 307720F7h	0_2_00B3E1DA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00B3E1C3 push 55CD863Ch; mov dword ptr [esp], edi	0_2_00B3E1FB
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00B3E1C3 push edx; mov dword ptr [esp], 7268F215h	0_2_00B3E205
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_00B3E1C3 push 6EFAAF8Ah; mov dword ptr [esp], edx	0_2_00B3E281
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006FC1E5 push 26EA791Eh; mov dword ptr [esp], esp	0_2_006FC1EA
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_006FC1DC push 1AD038CCh; mov dword ptr [esp], ebp	0_2_00700171
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080C136 push 440FC71Fh; mov dword ptr [esp], ecx	0_2_0080C436
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080C136 push edi; mov dword ptr [esp], 7F6FE98Fh	0_2_0080C484
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Code function: 0_2_0080C136 push 27519500h; mov dword ptr [esp], ebx	0_2_0080C4E8

Source: DjnwNMDQhC.exe	Static PE information: section name: entropy: 7.9870647730054465
Source: DjnwNMDQhC.exe	Static PE information: section name: pavigcuh entropy: 7.951969639543988

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 86D992 second address: 86D998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 86DDC3 second address: 86DDE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF659189801h 0x00000009 jmp 00007FF659189801h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 86E21D second address: 86E22E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6593643EBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 86E22E second address: 86E258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FF659189811h 0x0000000b jmp 00007FF659189809h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8708D0 second address: 870949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FF6593643E8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 adc esi, 79F9BFD1h 0x0000002b push 4E9656E6h 0x00000030 pushad 0x00000031 jns 00007FF6593643ECh 0x00000037 jnp 00007FF6593643E8h 0x0000003d popad 0x0000003e xor dword ptr [esp], 4E965666h 0x00000045 movzx edi, cx 0x00000048 push 00000003h 0x0000004a and edi, 0813AB00h 0x00000050 push 00000000h 0x00000052 add ecx, dword ptr [ebp+122D35F7h] 0x00000058 push 00000003h 0x0000005a push FF99C5ADh 0x0000005f jbe 00007FF6593643F2h 0x00000065 jbe 00007FF6593643ECh 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 870949 second address: 87099C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 xor dword ptr [esp], 3F99C5ADh 0x0000000b mov dx, di 0x0000000e lea ebx, dword ptr [ebp+1244B799h] 0x00000014 mov cx, bx 0x00000017 xchg eax, ebx 0x00000018 jnp 00007FF659189824h 0x0000001e pushad 0x0000001f jmp 00007FF659189808h 0x00000024 jmp 00007FF659189804h 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push ebx 0x0000002e pushad 0x0000002f popad 0x00000030 pop ebx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 870B4E second address: 870BFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 716CC89Dh 0x00000010 sub dword ptr [ebp+122D2F3Dh], edi 0x00000016 mov dword ptr [ebp+122D2BF8h], eax 0x0000001c push 00000003h 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007FF6593643E8h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 push 00000000h 0x0000003a cld 0x0000003b push 00000003h 0x0000003d jl 00007FF6593643ECh 0x00000043 mov esi, dword ptr [ebp+122D355Fh] 0x00000049 push B0AC9A00h 0x0000004e pushad 0x0000004f jc 00007FF6593643E8h 0x00000055 push ecx 0x00000056 pop ecx 0x00000057 pushad 0x00000058 jnl 00007FF6593643E6h 0x0000005e jmp 00007FF6593643F6h 0x00000063 popad 0x00000064 popad 0x00000065 xor dword ptr [esp], 70AC9A00h 0x0000006c lea ebx, dword ptr [ebp+1244B7ADh] 0x00000072 xchg eax, ebx 0x00000073 push eax 0x00000074 push edx 0x00000075 jnc 00007FF6593643FDh 0x0000007b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 870BFA second address: 870C19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189800h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FF6591897F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 882C07 second address: 882C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 882C0C second address: 882C12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 882C12 second address: 882C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 85C8DC second address: 85C928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF659189809h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF659189808h 0x00000012 jmp 00007FF659189803h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 85C928 second address: 85C92C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 85C92C second address: 85C932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 85C932 second address: 85C973 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FF6593643F2h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF6593643F2h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 85C973 second address: 85C979 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 88F725 second address: 88F72B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 88F9C8 second address: 88F9DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 je 00007FF6591897F6h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 88F9DE second address: 88F9E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 88F9E4 second address: 88F9E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 88F9E8 second address: 88F9EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 88F9EC second address: 88F9F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF6591897F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 88FC69 second address: 88FC6E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89058E second address: 890593 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 890593 second address: 89059B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8906CE second address: 8906D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8906D2 second address: 8906EF instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007FF6593643EEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8906EF second address: 8906F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8906F4 second address: 890701 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jp 00007FF6593643E6h 0x00000009 pop esi 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 890701 second address: 890727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF6591897F6h 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FF659189803h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 890727 second address: 89072F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89072F second address: 890734 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 890734 second address: 89073A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89073A second address: 890740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8908A7 second address: 8908AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8908AB second address: 8908B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 884381 second address: 884387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 884387 second address: 88438E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 890F18 second address: 890F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 895C4E second address: 895C60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FF6591897F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 895C60 second address: 895C66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 895C66 second address: 895C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 895C6C second address: 895C70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 894CA7 second address: 894CBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jnp 00007FF6591897F8h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89D0B9 second address: 89D0BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89D0BF second address: 89D0C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89D0C3 second address: 89D0DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643F6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89D0DD second address: 89D0E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89D0E3 second address: 89D0F3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF6593643F2h 0x00000008 jnp 00007FF6593643E6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89D0F3 second address: 89D106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FF6591897FBh 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89D106 second address: 89D115 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89D115 second address: 89D119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8635E1 second address: 8635F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6593643EEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8635F5 second address: 8635FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89C9A4 second address: 89C9C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643EBh 0x00000007 jmp 00007FF6593643F3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89C9C6 second address: 89C9D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pushad 0x00000007 jl 00007FF6591897F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89CE0F second address: 89CE1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 jbe 00007FF659364402h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89E9DF second address: 89E9F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF659189801h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89EB10 second address: 89EB14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89EC0D second address: 89EC13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89EC13 second address: 89EC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89F0F5 second address: 89F113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF659189809h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89F113 second address: 89F118 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89F118 second address: 89F154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebx 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007FF6591897F8h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 sbb di, 0814h 0x00000027 nop 0x00000028 push eax 0x00000029 push edx 0x0000002a push edx 0x0000002b jl 00007FF6591897F6h 0x00000031 pop edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89F2EE second address: 89F2F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 89FBD6 second address: 89FBE0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A0E01 second address: 8A0E07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A0E07 second address: 8A0E0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A2368 second address: 8A237F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6593643F3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A237F second address: 8A238C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A2A8B second address: 8A2AA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A49B5 second address: 8A49D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189803h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF6591897FAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A8B7A second address: 8A8B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A2AA6 second address: 8A2AB0 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF6591897FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A8B7E second address: 8A8BDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d pushad 0x0000000e mov edi, dword ptr [ebp+122D1B7Eh] 0x00000014 xor ebx, 359DDA57h 0x0000001a popad 0x0000001b sub ebx, dword ptr [ebp+122D352Fh] 0x00000021 push 00000000h 0x00000023 movsx ebx, cx 0x00000026 push 00000000h 0x00000028 mov dword ptr [ebp+122D1B95h], edx 0x0000002e xchg eax, esi 0x0000002f jmp 00007FF6593643F3h 0x00000034 push eax 0x00000035 push esi 0x00000036 pushad 0x00000037 jmp 00007FF6593643EFh 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AC2B5 second address: 8AC2BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AC2BB second address: 8AC2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007FF6593643F0h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007FF6593643E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AC2DB second address: 8AC334 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007FF6591897F8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 00000016h 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 xor dword ptr [ebp+122D342Bh], eax 0x00000028 push 00000000h 0x0000002a mov di, B800h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007FF6591897F8h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 00000016h 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push edx 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 pop edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AC334 second address: 8AC339 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AB486 second address: 8AB48A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AC339 second address: 8AC346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AB48A second address: 8AB490 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AD3EB second address: 8AD3F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AC447 second address: 8AC46B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189809h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AD3F3 second address: 8AD405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FF6593643E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AC46B second address: 8AC46F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AD405 second address: 8AD409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AC46F second address: 8AC475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AE392 second address: 8AE398 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AE398 second address: 8AE3AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 js 00007FF659189808h 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007FF6591897F6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AE3AF second address: 8AE3B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AE49A second address: 8AE4B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189806h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8AF2AD second address: 8AF2B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B015A second address: 8B0160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B0160 second address: 8B0164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B0164 second address: 8B017F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FF6591897FDh 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B017F second address: 8B01F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FF6593643E8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov bh, F7h 0x00000024 add dword ptr [ebp+122D28C8h], eax 0x0000002a push 00000000h 0x0000002c sbb bh, FFFFFFF8h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007FF6593643E8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000019h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b sbb bx, F300h 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 push edi 0x00000054 jmp 00007FF6593643F3h 0x00000059 pop edi 0x0000005a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B1363 second address: 8B136C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B136C second address: 8B1370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B0352 second address: 8B0364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007FF6591897FEh 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B1370 second address: 8B1374 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B1374 second address: 8B13EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 xor dword ptr [ebp+122D342Bh], esi 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FF6591897F8h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a sbb bx, 3B41h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007FF6591897F8h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 0000001Ah 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b call 00007FF659189805h 0x00000050 mov edi, ecx 0x00000052 pop edi 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B13EE second address: 8B1404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 js 00007FF6593643E6h 0x0000000e pop ecx 0x0000000f popad 0x00000010 push eax 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B1404 second address: 8B1408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B2336 second address: 8B236D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 jmp 00007FF6593643F2h 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f jc 00007FF6593643ECh 0x00000015 jl 00007FF6593643E6h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF6593643EDh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B236D second address: 8B23BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189801h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d mov dword ptr [ebp+122D2A2Dh], ecx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007FF6591897F8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f mov edi, dword ptr [ebp+122D27DEh] 0x00000035 mov edi, esi 0x00000037 xchg eax, esi 0x00000038 je 00007FF6591897FEh 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B23BD second address: 8B23DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pushad 0x00000007 push edx 0x00000008 jmp 00007FF6593643F4h 0x0000000d pop edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B3229 second address: 8B322D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B42BE second address: 8B42C8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B512D second address: 8B5133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B5133 second address: 8B5137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B714A second address: 8B7150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B776A second address: 8B776E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B776E second address: 8B7774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B2522 second address: 8B2533 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FF6593643E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B3419 second address: 8B3424 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FF6591897F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B2533 second address: 8B25C5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007FF6593643ECh 0x00000010 popad 0x00000011 nop 0x00000012 mov ebx, edi 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007FF6593643E8h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000016h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c js 00007FF6593643E9h 0x00000042 mov di, ax 0x00000045 mov eax, dword ptr [ebp+122D1369h] 0x0000004b mov edi, ecx 0x0000004d mov dword ptr [ebp+1244ACDFh], ecx 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push edx 0x00000058 call 00007FF6593643E8h 0x0000005d pop edx 0x0000005e mov dword ptr [esp+04h], edx 0x00000062 add dword ptr [esp+04h], 00000015h 0x0000006a inc edx 0x0000006b push edx 0x0000006c ret 0x0000006d pop edx 0x0000006e ret 0x0000006f or dword ptr [ebp+12472B28h], esi 0x00000075 nop 0x00000076 push ecx 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007FF6593643ECh 0x0000007e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B3424 second address: 8B3443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jnc 00007FF6591897F6h 0x00000010 jmp 00007FF6591897FAh 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B25C5 second address: 8B25C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B3443 second address: 8B3447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8B98B2 second address: 8B98B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8BA74A second address: 8BA7CD instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF6591897F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jbe 00007FF65918980Fh 0x00000011 jmp 00007FF659189809h 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007FF6591897F8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 mov bx, 6C36h 0x00000035 add dword ptr [ebp+122DB3E5h], eax 0x0000003b push 00000000h 0x0000003d mov ebx, dword ptr [ebp+122D34CBh] 0x00000043 movzx ebx, ax 0x00000046 push 00000000h 0x00000048 movsx ebx, dx 0x0000004b xchg eax, esi 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f jmp 00007FF6591897FFh 0x00000054 jnl 00007FF6591897F6h 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8BA7CD second address: 8BA7E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C3CE8 second address: 8C3CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C3CEE second address: 8C3CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C3CF5 second address: 8C3D37 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF6591897F8h 0x00000008 jnl 00007FF659189802h 0x0000000e jg 00007FF6591897F6h 0x00000014 jl 00007FF6591897F6h 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jns 00007FF65918980Ch 0x00000024 jmp 00007FF659189806h 0x00000029 push edi 0x0000002a pushad 0x0000002b popad 0x0000002c push edi 0x0000002d pop edi 0x0000002e pop edi 0x0000002f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C4165 second address: 8C4171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C4171 second address: 8C4177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C4177 second address: 8C417B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C417B second address: 8C4185 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF6591897F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C5CBC second address: 8C5CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FF6593643F3h 0x00000014 jmp 00007FF6593643F6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8C5CF6 second address: 8C5D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF659189802h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CA678 second address: 8CA6C5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a jl 00007FF6593643E8h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edi 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jp 00007FF659364403h 0x0000001d je 00007FF6593643FDh 0x00000023 jmp 00007FF6593643F7h 0x00000028 mov eax, dword ptr [eax] 0x0000002a pushad 0x0000002b jnp 00007FF6593643ECh 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 pop eax 0x00000035 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 866B12 second address: 866B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CF731 second address: 8CF743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push edx 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CF743 second address: 8CF747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CFB67 second address: 8CFB77 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF6593643E6h 0x00000008 jns 00007FF6593643E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CFB77 second address: 8CFB85 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF6591897F8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CFB85 second address: 8CFB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6593643F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CFB9A second address: 8CFBCA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF659189806h 0x00000011 push edx 0x00000012 jmp 00007FF6591897FCh 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CFD88 second address: 8CFD93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CFD93 second address: 8CFDBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF659189808h 0x00000009 jnp 00007FF6591897F6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8CFDBA second address: 8CFDC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF6593643E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8D004F second address: 8D0071 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FF6591897F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF659189804h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8D0071 second address: 8D0075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8D01DE second address: 8D01F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF6591897F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FF6591897F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8D0366 second address: 8D037D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF6593643F1h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8D659D second address: 8D65A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8D65A1 second address: 8D65B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6593643F0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DAFEE second address: 8DAFF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DAFF2 second address: 8DB042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF6593643E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnc 00007FF6593643E6h 0x00000015 pop edx 0x00000016 jmp 00007FF6593643F6h 0x0000001b popad 0x0000001c jl 00007FF659364408h 0x00000022 pushad 0x00000023 jmp 00007FF6593643F6h 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b push ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A5C35 second address: 884381 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FF6591897F8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 jmp 00007FF6591897FBh 0x0000002d mov ecx, dword ptr [ebp+122D364Fh] 0x00000033 lea eax, dword ptr [ebp+12480A04h] 0x00000039 movsx edx, si 0x0000003c jno 00007FF6591897FCh 0x00000042 nop 0x00000043 push edi 0x00000044 jmp 00007FF659189807h 0x00000049 pop edi 0x0000004a push eax 0x0000004b jno 00007FF659189802h 0x00000051 nop 0x00000052 mov ecx, esi 0x00000054 call dword ptr [ebp+122D2F46h] 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A5D5E second address: 8A5D78 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007FF6593643ECh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A5ED8 second address: 8A5EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6160 second address: 8A6169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6224 second address: 8A622A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A622A second address: 6F88F9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF6593643E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f or dword ptr [ebp+122D3431h], edx 0x00000015 push dword ptr [ebp+122D1025h] 0x0000001b pushad 0x0000001c mov dword ptr [ebp+122D2A81h], eax 0x00000022 mov edi, 22C8D752h 0x00000027 popad 0x00000028 call dword ptr [ebp+122D18B5h] 0x0000002e pushad 0x0000002f mov dword ptr [ebp+122D295Dh], edx 0x00000035 pushad 0x00000036 movzx edx, si 0x00000039 mov dword ptr [ebp+122D295Dh], edi 0x0000003f popad 0x00000040 xor eax, eax 0x00000042 jmp 00007FF6593643F1h 0x00000047 cmc 0x00000048 mov edx, dword ptr [esp+28h] 0x0000004c cmc 0x0000004d mov dword ptr [ebp+122D36BBh], eax 0x00000053 jne 00007FF6593643F2h 0x00000059 js 00007FF6593643ECh 0x0000005f mov dword ptr [ebp+122D295Dh], esi 0x00000065 mov esi, 0000003Ch 0x0000006a add dword ptr [ebp+122D295Dh], edx 0x00000070 add esi, dword ptr [esp+24h] 0x00000074 jmp 00007FF6593643F3h 0x00000079 lodsw 0x0000007b mov dword ptr [ebp+122D295Dh], edx 0x00000081 add eax, dword ptr [esp+24h] 0x00000085 stc 0x00000086 mov ebx, dword ptr [esp+24h] 0x0000008a cld 0x0000008b push eax 0x0000008c pushad 0x0000008d push eax 0x0000008e push edx 0x0000008f pushad 0x00000090 popad 0x00000091 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A62E7 second address: 8A62ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A62ED second address: 8A62F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A62F1 second address: 8A62F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A62F5 second address: 8A6341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007FF6593643E8h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 add ecx, dword ptr [ebp+122D1A43h] 0x00000029 push 93BBE286h 0x0000002e pushad 0x0000002f jmp 00007FF6593643F2h 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6493 second address: 8A6498 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6596 second address: 8A659A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A659A second address: 8A65A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A65A9 second address: 8A65C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A65C3 second address: 8A65D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6591897FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A65D3 second address: 8A65E6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007FF6593643E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6BE9 second address: 8A6BEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6BEF second address: 8A6BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6BF3 second address: 8A6C00 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6E8F second address: 8A6EDD instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF6593643F9h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push ebx 0x0000000f jmp 00007FF6593643EEh 0x00000014 pop ebx 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF6593643F8h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A6EDD second address: 8A6EE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA115 second address: 8DA11F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF6593643E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA11F second address: 8DA123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA29D second address: 8DA2B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643F1h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA417 second address: 8DA426 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF6591897F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA6DC second address: 8DA6E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA6E0 second address: 8DA704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FF659189801h 0x00000010 jng 00007FF6591897F6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA704 second address: 8DA75C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jo 00007FF6593643E6h 0x0000000c jno 00007FF6593643E6h 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 js 00007FF6593643E6h 0x0000001d jmp 00007FF6593643F1h 0x00000022 jmp 00007FF6593643ECh 0x00000027 popad 0x00000028 pushad 0x00000029 push edx 0x0000002a pop edx 0x0000002b jmp 00007FF6593643F9h 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA75C second address: 8DA762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA762 second address: 8DA766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DA766 second address: 8DA79B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FF6591897F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FF659189807h 0x00000012 jmp 00007FF6591897FFh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DAB88 second address: 8DAB95 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DAB95 second address: 8DAB9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8DAB9B second address: 8DABD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jne 00007FF65936441Dh 0x0000000c jmp 00007FF6593643F1h 0x00000011 pushad 0x00000012 jmp 00007FF6593643F8h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E1344 second address: 8E134A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E134A second address: 8E135B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FF6593643ECh 0x0000000b jng 00007FF6593643E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E1784 second address: 8E1789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E18AB second address: 8E18C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF6593643E6h 0x0000000a popad 0x0000000b jmp 00007FF6593643EDh 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E18C9 second address: 8E18CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E18CD second address: 8E18D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E18D1 second address: 8E18D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E1E07 second address: 8E1E11 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E6F01 second address: 8E6F07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E6F07 second address: 8E6F0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E6F0B second address: 8E6F0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E6F0F second address: 8E6F51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007FF6593643FEh 0x0000000e jmp 00007FF6593643F6h 0x00000013 push esi 0x00000014 pop esi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push ebx 0x00000018 pushad 0x00000019 jmp 00007FF6593643EDh 0x0000001e push edx 0x0000001f pop edx 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E6F51 second address: 8E6F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E70B0 second address: 8E70D2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007FF6593643E6h 0x00000009 jnp 00007FF6593643E6h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF6593643EEh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E71FD second address: 8E7204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E7204 second address: 8E723F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b jmp 00007FF6593643ECh 0x00000010 jmp 00007FF6593643F6h 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E723F second address: 8E7243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E76ED second address: 8E76F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E76F3 second address: 8E76F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E76F9 second address: 8E76FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E76FE second address: 8E774F instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF65918980Ch 0x00000008 jbe 00007FF659189807h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 jmp 00007FF659189806h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E7D32 second address: 8E7D55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6593643F3h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FF6593643E6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E7D55 second address: 8E7D5F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF6591897F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E7D5F second address: 8E7D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8E7D65 second address: 8E7D76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FF6591897F6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8ECDD7 second address: 8ECDE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF6593643E6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8EC707 second address: 8EC72A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF659189808h 0x00000008 jno 00007FF6591897F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8EC72A second address: 8EC734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8EC9E9 second address: 8EC9EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8EC9EF second address: 8ECA0C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jp 00007FF6593643E6h 0x00000011 jmp 00007FF6593643EAh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8ECA0C second address: 8ECA16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8ECA16 second address: 8ECA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8EF32B second address: 8EF32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8EF32F second address: 8EF333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8EF05C second address: 8EF062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8EF062 second address: 8EF066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8F4282 second address: 8F4286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8F43CD second address: 8F43E6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF6593643F2h 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8F4650 second address: 8F4675 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF6591897F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FF659189804h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8F4675 second address: 8F4679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8FA80F second address: 8FA828 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189801h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8A69E4 second address: 8A6A3C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF6593643F2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, dword ptr [ebp+12480A43h] 0x00000011 mov edi, dword ptr [ebp+122D361Fh] 0x00000017 add eax, ebx 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FF6593643E8h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 mov cx, di 0x00000036 nop 0x00000037 js 00007FF6593643F0h 0x0000003d pushad 0x0000003e push esi 0x0000003f pop esi 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8FA4EC second address: 8FA511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF6591897F6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d jmp 00007FF6591897FCh 0x00000012 pop edi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007FF6591897F6h 0x0000001c push esi 0x0000001d pop esi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8FA511 second address: 8FA515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8FA515 second address: 8FA539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007FF6591897F6h 0x0000000d jmp 00007FF659189805h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8FA539 second address: 8FA546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FF6593643ECh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 8FF220 second address: 8FF235 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 js 00007FF6591897F6h 0x00000009 jns 00007FF6591897F6h 0x0000000f pop edi 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 907380 second address: 907391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6593643EDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 907391 second address: 907395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 90618E second address: 906194 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 906194 second address: 9061BE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FF659189806h 0x00000008 jnc 00007FF6591897F6h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FF6591897F6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9061BE second address: 9061C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9061C2 second address: 9061C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 906721 second address: 906735 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FF6593643EAh 0x00000010 pushad 0x00000011 popad 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 906A63 second address: 906A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 906A69 second address: 906A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jnc 00007FF6593643E6h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 91052B second address: 910541 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop esi 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 910541 second address: 910546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 910546 second address: 91057B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF659189801h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FF659189805h 0x0000000f jg 00007FF6591897F6h 0x00000015 popad 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9107CF second address: 9107F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 push ebx 0x00000007 jmp 00007FF6593643F7h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9107F1 second address: 9107F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 910951 second address: 910961 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643ECh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 918C48 second address: 918C5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189801h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 919223 second address: 919229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 919229 second address: 91922D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 91922D second address: 919268 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a jmp 00007FF6593643F9h 0x0000000f pop edi 0x00000010 jmp 00007FF6593643F7h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 919268 second address: 919272 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF6591897F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 919272 second address: 919276 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9193AC second address: 9193B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 91994A second address: 91994E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 91994E second address: 919968 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF6591897F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007FF6591897F6h 0x00000014 jno 00007FF6591897F6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 91A203 second address: 91A20D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF6593643E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9187AA second address: 9187EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189804h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FF659189805h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FF6591897FCh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9187EB second address: 9187FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF6593643EBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9201E4 second address: 9201F9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jo 00007FF6591897F6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop ebx 0x00000010 pop esi 0x00000011 push eax 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9233C4 second address: 9233C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 92355F second address: 92356A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 92356A second address: 92356E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 929891 second address: 929897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 929897 second address: 92989B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 936958 second address: 93695E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9473F8 second address: 9473FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9473FE second address: 947404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 947404 second address: 94740A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94740A second address: 947434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FF6591897FEh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF659189805h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94994A second address: 94994E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94994E second address: 949979 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007FF6591897F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FF659189802h 0x00000011 pushad 0x00000012 jc 00007FF6591897F6h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9514B1 second address: 9514BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF6593643E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9514BB second address: 9514BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9514BF second address: 9514CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FF6593643E6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9514CF second address: 9514D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9514D3 second address: 9514ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6593643F4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FBDB second address: 94FBE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FBE3 second address: 94FC0D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF6593643E8h 0x00000008 jbe 00007FF6593643F5h 0x0000000e jmp 00007FF6593643EFh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 je 00007FF65936441Dh 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FD95 second address: 94FD9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FD9B second address: 94FDA5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FDA5 second address: 94FDC3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF659189805h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FDC3 second address: 94FDC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FDC7 second address: 94FDD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FDD0 second address: 94FDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 94FDD6 second address: 94FDEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF6591897F6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 jne 00007FF6591897FCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9501E3 second address: 9501E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9501E7 second address: 9501F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9501F0 second address: 9501F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9501F6 second address: 9501FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9501FB second address: 950210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF6593643EFh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9504F7 second address: 95051B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF659189805h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FF6591897FDh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF6591897FBh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9506A7 second address: 9506AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9506AD second address: 9506D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6591897FCh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007FF6591897F6h 0x00000012 jmp 00007FF6591897FCh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9506D2 second address: 9506E2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FF6593643EAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9506E2 second address: 950702 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FF6591897FCh 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF6591897FEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 951133 second address: 951143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FF6593643EAh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 951143 second address: 9511A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189802h 0x00000007 jng 00007FF6591897FAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jng 00007FF6591897F6h 0x00000018 jmp 00007FF659189805h 0x0000001d jmp 00007FF6591897FEh 0x00000022 popad 0x00000023 jnp 00007FF659189802h 0x00000029 jc 00007FF6591897F6h 0x0000002f jo 00007FF6591897F6h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9511A2 second address: 9511A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9511A8 second address: 9511AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9511AC second address: 9511CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6593643F6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 9511CC second address: 9511D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 954D94 second address: 954D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 954D9B second address: 954DB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF659189807h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 954F52 second address: 954F5C instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF6593643E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 95D9CD second address: 95D9D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 971388 second address: 97138F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 97138F second address: 9713AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189809h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 973379 second address: 97339E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007FF6593643EAh 0x0000000e push ecx 0x0000000f jmp 00007FF6593643EBh 0x00000014 pop ecx 0x00000015 popad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 97339E second address: 9733A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 976901 second address: 976907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 976907 second address: 97690D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98AD66 second address: 98AD70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF6593643E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98AD70 second address: 98AD90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF659189800h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FF6591897F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98AD90 second address: 98AD94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98AD94 second address: 98ADA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FF6591897F8h 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 989CDD second address: 989CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 jnl 00007FF6593643F2h 0x0000000d jnl 00007FF6593643E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 989CF2 second address: 989CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF6591897FEh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 989FC5 second address: 989FC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98A0D9 second address: 98A0DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98A0DD second address: 98A0F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF6593643EDh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98A0F2 second address: 98A12B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF659189802h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF6591897FEh 0x00000012 jmp 00007FF659189801h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98A12B second address: 98A13F instructions: 0x00000000 rdtsc 0x00000002 je 00007FF6593643E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007FF6593643E6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98A13F second address: 98A143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98A990 second address: 98A9B9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF6593643F6h 0x00000008 jmp 00007FF6593643EEh 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esi 0x00000012 jmp 00007FF6593643EAh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98EF00 second address: 98EF0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF6591897F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98F586 second address: 98F58C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98F58C second address: 98F5AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FF6591897FCh 0x00000013 js 00007FF6591897F6h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98F5AD second address: 98F5B7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF6593643ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98F5B7 second address: 98F5D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF659189801h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 98F5D4 second address: 98F5FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jno 00007FF6593643ECh 0x00000013 pushad 0x00000014 jmp 00007FF6593643EBh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 990FE1 second address: 991008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop ebx 0x00000008 push edi 0x00000009 ja 00007FF65918980Bh 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 990BC6 second address: 990BD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FF6593643ECh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 990BD8 second address: 990BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	RDTSC instruction interceptor: First address: 990BDF second address: 990BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007FF6593643EFh 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Special instruction interceptor: First address: 6F896B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Special instruction interceptor: First address: 895BCF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Special instruction interceptor: First address: 8A5E1C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Special instruction interceptor: First address: 6F88AD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Special instruction interceptor: First address: 6F887D instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Code function: 0_2_006F87B6 rdtsc

0_2_006F87B6

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe TID: 6340

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: DjnwNMDQhC.exe, DjnwNMDQhC.exe, 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000C04000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308585462.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291263901.0000000000BA7000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308517313.0000000000BA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: DjnwNMDQhC.exe, 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	File opened: NTICE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	File opened: SICE
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\DjnwNMDQhC.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Code function: 0_2_006F87B6 rdtsc

0_2_006F87B6

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Code function: 0_2_006DE110 LdrInitializeThunk,

0_2_006DE110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: DjnwNMDQhC.exe	String found in binary or memory: bashfulacid.lat
Source: DjnwNMDQhC.exe	String found in binary or memory: tentabatte.lat
Source: DjnwNMDQhC.exe	String found in binary or memory: curverpluch.lat
Source: DjnwNMDQhC.exe	String found in binary or memory: talkynicer.lat
Source: DjnwNMDQhC.exe	String found in binary or memory: shapestickyr.lat
Source: DjnwNMDQhC.exe	String found in binary or memory: manyrestro.lat
Source: DjnwNMDQhC.exe	String found in binary or memory: slipperyloo.lat
Source: DjnwNMDQhC.exe	String found in binary or memory: wordyfindy.lat
Source: DjnwNMDQhC.exe	String found in binary or memory: observerfry.lat

Source: DjnwNMDQhC.exe, DjnwNMDQhC.exe, 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: HProgram Manager

Source: C:\Users\user\Desktop\DjnwNMDQhC.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
DjnwNMDQhC.exe	56%	Virustotal		Browse
DjnwNMDQhC.exe	68%	ReversingLabs	Win32.Trojan.Symmi
DjnwNMDQhC.exe	100%	Avira	TR/Crypt.XPACK.Gen
DjnwNMDQhC.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	false	high
wordyfindy.lat	unknown	unknown	false	high
slipperyloo.lat	unknown	unknown	false	high
curverpluch.lat	unknown	unknown	false	high
tentabatte.lat	unknown	unknown	false	high
manyrestro.lat	unknown	unknown	false	high
bashfulacid.lat	unknown	unknown	false	high
shapestickyr.lat	unknown	unknown	false	high
observerfry.lat	unknown	unknown	false	high
talkynicer.lat	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
slipperyloo.lat	false	high
curverpluch.lat	false	high
tentabatte.lat	false	high
manyrestro.lat	false	high
bashfulacid.lat	false	high
observerfry.lat	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
wordyfindy.lat	false	high
shapestickyr.lat	false	high
talkynicer.lat	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://steamcommunity.com/my/wishlist/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://player.vimeo.com	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/?subsection=broadcasts	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/en/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/market/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/news/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/subscriber_agreement/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.gstatic.cn/recaptcha/	DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/subscriber_agreement/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net/recaptcha/;	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.valvesoftware.com/legal.htm	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/discussions/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/stats/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://medal.tv	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://broadcast.st.dl.eccdnx.com	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/steam_refunds/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://s.ytimg.com;	DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/workshop/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://login.steampowered.com/	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb	DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000C04000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/legal/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/	DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steam.tv/	DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?	DjnwNMDQhC.exe, 00000000.00000003.1291263901.0000000000BB9000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308517313.0000000000BB9000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/privacy_agreement/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com:443/profiles/76561199724331900	DjnwNMDQhC.exe, 00000000.00000002.1308585462.0000000000BCB000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BCB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/points/shop/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net	DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://sketchfab.com	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://lv.queniujq.cn	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com/	DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	false	high
http://127.0.0.1:27060	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/privacy_agreement/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com/recaptcha/	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://checkout.steampowered.com/	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/	DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.steampowered.com/	DjnwNMDQhC.exe, 00000000.00000002.1308781380.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/points/shop	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/account/cookiepreferences/	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/mobile	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/	DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;	DjnwNMDQhC.exe, 00000000.00000003.1290840167.0000000000C04000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291190684.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291218973.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/about/	DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l	DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1290771025.0000000000C46000.00000004.00000020.00020000.00000000.sdmp, DjnwNMDQhC.exe, 00000000.00000003.1291238533.0000000000C50000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580919
Start date and time:	2024-12-26 13:10:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DjnwNMDQhC.exe renamed because original name is a hash value
Original Sample Name:	bb3efe811c844a9a22479cc45aea3e6c.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:11:25	API Interceptor	1x Sleep call for process: DjnwNMDQhC.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	r4xiHKy8aM.exe	Get hash	malicious	Socks5Systemz	Browse	/ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	0c8cY5GOMh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	tFDKSN3TdH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ghumRvJGY9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	HJVzgKyC0y.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	0c8cY5GOMh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	tFDKSN3TdH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ghumRvJGY9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse	104.121.10.34
	Google Authenticator You're trying to sign in from a new location.msg	Get hash	malicious	Unknown	Browse	2.19.198.51
	xd.arm7.elf	Get hash	malicious	Mirai	Browse	23.41.55.10
	xd.x86.elf	Get hash	malicious	Mirai	Browse	23.64.163.184
	xd.sh4.elf	Get hash	malicious	Mirai	Browse	23.194.143.78
	telnet.ppc.elf	Get hash	malicious	Unknown	Browse	104.116.58.253

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	YKri2nEBWE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	0c8cY5GOMh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	tFDKSN3TdH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ghumRvJGY9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	HJVzgKyC0y.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.945602984414123
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	DjnwNMDQhC.exe
File size:	1'880'576 bytes
MD5:	bb3efe811c844a9a22479cc45aea3e6c
SHA1:	a4cbc2108e732917ea02fa01b18330997d557630
SHA256:	3f4d4f7ab21ec762ebf104a59fae6229941c638595e01e80bb7070a62fb1b4f5
SHA512:	832502c18b294393892da3dcb5737c26afeb5146ff5350c10f56cc8e67634f5ca0d33b614efdf3ee3e28253a1969ba3c7c836ac571f3ac0442f38595aa227eb8
SSDEEP:	49152:gzS+MnCA9iuNu6kPz54lmLT4+onwvf8PA+GueRJo:gzK3lo6k2lmLTGafIsJo
TLSH:	BC953351E3C08E9BDACF82B17E53132FAFA6893AD5328143774496E94767ADC731840B
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................I...........@.......................... J...........@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x89f000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF65943D0DAh
seto byte ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FF65943F0D5h
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop ds
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov cl, 80h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or al, 80h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	4e40704cc326c253223b2064ec0fd175	False	0.9996042687908496	data	7.9870647730054465	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1ac	0x200	c4249243ceaeb236e3ce8ce2ab2c9a69	False	0.5390625	data	5.249019796122045	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x2a7000	0x200	6b4821dceebf7da66be7b8d27548b54f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
pavigcuh	0x2fc000	0x1a2000	0x1a1200	642e1dff52a2885b6a524513ec17356c	False	0.9943794248201978	data	7.951969639543988	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lzgwbmgt	0x49e000	0x1000	0x400	ce61761cefa7b04f675203bf4d244123	False	0.8203125	data	6.414340906242083	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x49f000	0x3000	0x2200	96c5efe88a8411b34b7093e60a5982e8	False	0.06973805147058823	DOS executable (COM)	0.7488005265989964	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T13:11:25.762943+0100	2058514	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)	1	192.168.2.7	54853	1.1.1.1	53	UDP
2024-12-26T13:11:25.903486+0100	2058502	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)	1	192.168.2.7	49166	1.1.1.1	53	UDP
2024-12-26T13:11:26.075574+0100	2058492	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)	1	192.168.2.7	56334	1.1.1.1	53	UDP
2024-12-26T13:11:26.216961+0100	2058500	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)	1	192.168.2.7	51418	1.1.1.1	53	UDP
2024-12-26T13:11:26.357874+0100	2058510	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)	1	192.168.2.7	55994	1.1.1.1	53	UDP
2024-12-26T13:11:26.497892+0100	2058484	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)	1	192.168.2.7	56421	1.1.1.1	53	UDP
2024-12-26T13:11:26.663592+0100	2058512	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)	1	192.168.2.7	54852	1.1.1.1	53	UDP
2024-12-26T13:11:26.907831+0100	2058480	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)	1	192.168.2.7	60326	1.1.1.1	53	UDP
2024-12-26T13:11:28.676784+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49701	104.102.49.254	443	TCP
2024-12-26T13:11:29.427377+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.7	49701	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:11:27.193192005 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:27.193249941 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:27.193341970 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:27.196711063 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:27.196726084 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:28.676702023 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:28.676784039 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:28.680680990 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:28.680695057 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:28.681015968 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:28.723613024 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:28.739065886 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:28.779335022 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.427408934 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.427436113 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.427468061 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.427479982 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.427489996 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:29.427510977 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.427524090 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.427541018 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:29.427576065 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:29.622514963 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.622559071 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.622608900 CET	443	49701	104.102.49.254	192.168.2.7
Dec 26, 2024 13:11:29.622610092 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:29.622662067 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:29.626132965 CET	49701	443	192.168.2.7	104.102.49.254
Dec 26, 2024 13:11:29.626161098 CET	443	49701	104.102.49.254	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:11:25.618017912 CET	62920	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:25.757445097 CET	53	62920	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:25.762943029 CET	54853	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:25.901242971 CET	53	54853	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:25.903486013 CET	49166	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:26.040596962 CET	53	49166	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:26.075573921 CET	56334	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:26.213989973 CET	53	56334	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:26.216960907 CET	51418	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:26.355272055 CET	53	51418	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:26.357873917 CET	55994	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:26.494738102 CET	53	55994	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:26.497891903 CET	56421	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:26.635855913 CET	53	56421	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:26.663592100 CET	54852	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:26.802634954 CET	53	54852	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:26.907830954 CET	60326	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:27.045593977 CET	53	60326	1.1.1.1	192.168.2.7
Dec 26, 2024 13:11:27.047427893 CET	49775	53	192.168.2.7	1.1.1.1
Dec 26, 2024 13:11:27.185214996 CET	53	49775	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 13:11:25.618017912 CET	192.168.2.7	1.1.1.1	0x789	Standard query (0)	observerfry.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:25.762943029 CET	192.168.2.7	1.1.1.1	0x7e8a	Standard query (0)	wordyfindy.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:25.903486013 CET	192.168.2.7	1.1.1.1	0xabbf	Standard query (0)	slipperyloo.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.075573921 CET	192.168.2.7	1.1.1.1	0xc0e6	Standard query (0)	manyrestro.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.216960907 CET	192.168.2.7	1.1.1.1	0xf231	Standard query (0)	shapestickyr.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.357873917 CET	192.168.2.7	1.1.1.1	0x9c20	Standard query (0)	talkynicer.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.497891903 CET	192.168.2.7	1.1.1.1	0x578a	Standard query (0)	curverpluch.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.663592100 CET	192.168.2.7	1.1.1.1	0x6b5e	Standard query (0)	tentabatte.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.907830954 CET	192.168.2.7	1.1.1.1	0xeea1	Standard query (0)	bashfulacid.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:27.047427893 CET	192.168.2.7	1.1.1.1	0x1c15	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 13:11:25.757445097 CET	1.1.1.1	192.168.2.7	0x789	Name error (3)	observerfry.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:25.901242971 CET	1.1.1.1	192.168.2.7	0x7e8a	Name error (3)	wordyfindy.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.040596962 CET	1.1.1.1	192.168.2.7	0xabbf	Name error (3)	slipperyloo.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.213989973 CET	1.1.1.1	192.168.2.7	0xc0e6	Name error (3)	manyrestro.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.355272055 CET	1.1.1.1	192.168.2.7	0xf231	Name error (3)	shapestickyr.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.494738102 CET	1.1.1.1	192.168.2.7	0x9c20	Name error (3)	talkynicer.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.635855913 CET	1.1.1.1	192.168.2.7	0x578a	Name error (3)	curverpluch.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:26.802634954 CET	1.1.1.1	192.168.2.7	0x6b5e	Name error (3)	tentabatte.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:27.045593977 CET	1.1.1.1	192.168.2.7	0xeea1	Name error (3)	bashfulacid.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:11:27.185214996 CET	1.1.1.1	192.168.2.7	0x1c15	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49701	104.102.49.254	443	6676	C:\Users\user\Desktop\DjnwNMDQhC.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:11:28 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-26 12:11:29 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Dec 2024 12:11:29 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=04cd33758f6c0be9b1eb42ac; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-26 12:11:29 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-26 12:11:29 UTC	11186	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>

Target ID:	0
Start time:	07:11:24
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\DjnwNMDQhC.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\DjnwNMDQhC.exe"
Imagebase:	0x6a0000
File size:	1'880'576 bytes
MD5 hash:	BB3EFE811C844A9A22479CC45AEA3E6C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	26.2%
Total number of Nodes:	61
Total number of Limit Nodes:	4

Executed Functions

Function 006AB100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

k=W?, xrefs: 006AB23F
9]_, xrefs: 006AB28F
yQrS, xrefs: 006AB271
(Y6[, xrefs: 006AB285
hI2K, xrefs: 006AB25D
XyR{, xrefs: 006AB2D5
Gq\s, xrefs: 006AB2C1
.AtC, xrefs: 006AB249
Gu@w, xrefs: 006AB2CB
pE}G, xrefs: 006AB253
b6j4, xrefs: 006AB57D
zMzO, xrefs: 006AB267
D!M#, xrefs: 006AB1F9
Ym]o, xrefs: 006AB2B7
S%U', xrefs: 006AB203

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: e36c3d0d3d8db4ff03ae9e82da0d0c8253bc3be01653bf2b8adba00689cfe006
Instruction ID: 13278a401c1222597d1709c81a41e907299439e73d08550f0b5087f7d4e78004
Opcode Fuzzy Hash: e36c3d0d3d8db4ff03ae9e82da0d0c8253bc3be01653bf2b8adba00689cfe006
Instruction Fuzzy Hash: 7D0254B1200B41CFD724CF25D891B9BBBE2FB49314F149A2CD5AB8BAA1D774A845CF50

Function 006A8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 006A8A4B

Part of subcall function 006AB7B0: FreeLibrary.KERNEL32(006A8A31), ref: 006AB7B6
Part of subcall function 006AB7B0: FreeLibrary.KERNEL32 ref: 006AB7D7

Strings

b]u), xrefs: 006A8877
}, xrefs: 006A890C
}, xrefs: 006A8913

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: f7e0e97ab4864698e7b37252ced5062c8e127edfb70518a0f20a121993c6070e
Instruction ID: 8f48b1e6ac7674c17699ff5a678eb2177ff0ad7192c348f83e9c498b3dce6ef1
Opcode Fuzzy Hash: f7e0e97ab4864698e7b37252ced5062c8e127edfb70518a0f20a121993c6070e
Instruction Fuzzy Hash: 07C1E573E187144BC718EF69C84125AF7D7ABC8710F0AC52EA898EB351EA74DD058BC6

Function 006DE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(006E148A,?,00000018,?,?,00000018,?,?,?), ref: 006DE13E

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 006E1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=<32, xrefs: 006E176D

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: 277956d8c1a98562787a90240a45627a6918ab9550940349ddbb9c2c52714f31
Instruction ID: 1e1aed052d6591c6bc7988a6bad70f1fbcfa378dc4bf914be1cdf95e6b18b18b
Opcode Fuzzy Hash: 277956d8c1a98562787a90240a45627a6918ab9550940349ddbb9c2c52714f31
Instruction Fuzzy Hash: B03168347063845BEB149A559CD1BBFB397EB86710F18852CE5859F3D0E730EC40A782

Function 006A8A50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction ID: a666b1b723500338ecaaf3222727c4e06752e6bc8149e868d8600725070a6adc
Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction Fuzzy Hash: 5A21B337A627184BD3108E54DCC87917762E7D9328F3E86B889249F392C97BAD1386C0

Function 006A9D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 006A9D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 006A9E78

Strings

CKs, xrefs: 006A9E85

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: LibraryLoad
String ID: CKs
API String ID: 1029625771-1461476547
Opcode ID: 8afcbffcd42bc3e1765a6d43da910ab29fe6141badce33eb26869c2b47678007
Instruction ID: dc2a074975dac71df69703fdd1943bea417ffaf3bfadbfc2c82635b68ee693db
Opcode Fuzzy Hash: 8afcbffcd42bc3e1765a6d43da910ab29fe6141badce33eb26869c2b47678007
Instruction Fuzzy Hash: E4411274D003409FE715AF7899D2A9A7F72FB06324F51929DD5902F3A6C631980ACFE2

Function 006DE0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 006DE0E0

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5b528495d0a0ac345aa9fb98a69fdeed5a566f28e94bebce5c875a66575dbb40
Instruction ID: aef724f8b54159208c94af8bf55b995c3f898c47e1ad2fcb1dd7ec55d844134a
Opcode Fuzzy Hash: 5b528495d0a0ac345aa9fb98a69fdeed5a566f28e94bebce5c875a66575dbb40
Instruction Fuzzy Hash: DEF0A771C14252EBC3502F24BD05A5B3666AFC6720F05183AF4015E260DA35D826C5A5

Function 006A9EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 006A9ED2

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 4cdbe66c00e1cf82f148a5b827239b72df7edec9ef8d3f7c0b54286e3ae9543a
Instruction ID: 05507079cc246bdc3ad2403be344a70f5846c5be58199f35df7316634ff23918
Opcode Fuzzy Hash: 4cdbe66c00e1cf82f148a5b827239b72df7edec9ef8d3f7c0b54286e3ae9543a
Instruction Fuzzy Hash: DFE02B33A407429BD700DB70EC87E493357DB15345709D429E216DA171FA72A5109A50

Function 006DC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,006DE0F9), ref: 006DC590

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 1443ce56be805633a8bce379d4fc7bf661039e91225559780673df675b75cd18
Instruction ID: 1c62b19434c4c7bf2fcf88eff60cd718966cf48ddfdaa45a26ed3bdaa5252f9c
Opcode Fuzzy Hash: 1443ce56be805633a8bce379d4fc7bf661039e91225559780673df675b75cd18
Instruction Fuzzy Hash: 9DD0C931815222EBCA502F28BC16BD73B56AF49320F071892B404AE274C624EC91CAD4

Function 006DC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 006DC561

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b7b3cc64a4290c80bc7bc7ba0eadc809aee4bbd84c9060a750ecb04caa1ddccd
Instruction ID: cbd9012c8b833170d040f8080d6af16818f8d22be24eb08cbc9a09b5269522e8
Opcode Fuzzy Hash: b7b3cc64a4290c80bc7bc7ba0eadc809aee4bbd84c9060a750ecb04caa1ddccd
Instruction Fuzzy Hash: 46A001B11851119BDA562B24BC19B947A22AB58621F125191E101990F686619892DA84

Function 006FA1D7 Relevance: 1.3, APIs: 1, Instructions: 26memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 006FA354

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3cb2796b7603301104ac3dca0a89a6c46e6370016b1a634228f743c3a331eeda
Instruction ID: ef8e63367214af8fcc3d8326fa9360321af1aadf1c6d2530e0dac8424324ca33
Opcode Fuzzy Hash: 3cb2796b7603301104ac3dca0a89a6c46e6370016b1a634228f743c3a331eeda
Instruction Fuzzy Hash: 31E092F280C6189FEB143F24A845BBEFBE9EB41701F02043DEBC842240E6321848CA97

Function 006F9C45 Relevance: 1.3, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 006F9C51

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 289f0dd2f039eb1e1d4d7a16bded2555cd7d0253f4ecf349933b5bc502129eb8
Instruction ID: 232e0904a186ea183526b135db28d60ef2394a0108af7b677eb365bd711b9b62
Opcode Fuzzy Hash: 289f0dd2f039eb1e1d4d7a16bded2555cd7d0253f4ecf349933b5bc502129eb8
Instruction Fuzzy Hash: D5E0B6B405860DCFD7082F6485486BDBBF5EF04712F21061DE996C2A90D2710C90DB1A

Non-executed Functions

Function 006C42D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 006C43AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 006C443E

Strings

|r, xrefs: 006C53A8
Xs, xrefs: 006C5CD8
y{, xrefs: 006C5B36
n l, xrefs: 006C596A
+$e, xrefs: 006C43FA, 006C442B
r:i8, xrefs: 006C5899
=?, xrefs: 006C5BF1
DD, xrefs: 006C5CEE
<j:h, xrefs: 006C5975
bFl, xrefs: 006C464E
%r?p, xrefs: 006C595F
+$e, xrefs: 006C4365, 006C437A
REl, xrefs: 006C4542
b`, xrefs: 006C55F9
gd, xrefs: 006C5E60
=:, xrefs: 006C57CE
13, xrefs: 006C5BFC
uw, xrefs: 006C5B57
N~4|, xrefs: 006C593E
ut, xrefs: 006C5CE3
e>n<, xrefs: 006C588E
tj, xrefs: 006C53BE

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$REl$Xs$bFl$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-3050881601
Opcode ID: c5bdf2d26fb09fa42b02f79a9e8c109f05916489fae34878c2b72dd7e951ddd6
Instruction ID: dc426c1eeb8e745bd43899d77fa10d8a2715ece1089661584a7c1c4f80949dda
Opcode Fuzzy Hash: c5bdf2d26fb09fa42b02f79a9e8c109f05916489fae34878c2b72dd7e951ddd6
Instruction Fuzzy Hash: 54C21DB560C3848AD334CF54C452BDFBAF2EB82300F00892DD5E96B255D7B1464A8B9B

Function 006C4560 Relevance: 39.6, APIs: 1, Strings: 21, Instructions: 1081COMMON

Download Yara Rule

Strings

|r, xrefs: 006C53A8
Xs, xrefs: 006C5CD8
y{, xrefs: 006C5B36
n l, xrefs: 006C596A
+$e, xrefs: 006C442B
r:i8, xrefs: 006C5899
=?, xrefs: 006C5BF1
DD, xrefs: 006C5CEE
<j:h, xrefs: 006C5975
bFl, xrefs: 006C464E
%r?p, xrefs: 006C595F
REl, xrefs: 006C4542
b`, xrefs: 006C55F9
gd, xrefs: 006C5E60
=:, xrefs: 006C57CE
13, xrefs: 006C5BFC
uw, xrefs: 006C5B57
N~4|, xrefs: 006C593E
ut, xrefs: 006C5CE3
e>n<, xrefs: 006C588E
tj, xrefs: 006C53BE

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$REl$Xs$bFl$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-682191098
Opcode ID: 2c3bd8214d30beb7a20e879f18dbf6939b79faafc59ef40202f744484aef4980
Instruction ID: 1cd7c64c5070af2e246c250049d244a592fed8a86f21ae77ebef174cf2ca8587
Opcode Fuzzy Hash: 2c3bd8214d30beb7a20e879f18dbf6939b79faafc59ef40202f744484aef4980
Instruction Fuzzy Hash: 32C21DB560D3848AE334CF54C852BDFBAF2FB82300F00892DD5E96B255D7B546498B9B

Function 006B60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

*,-", xrefs: 006B66EF
JyTK, xrefs: 006B6160
w}MI, xrefs: 006B6128
3F&D, xrefs: 006B6273
ntxE, xrefs: 006B6112
L4, xrefs: 006B6BA0
uqrs, xrefs: 006B6AF0
{zdy, xrefs: 006B611D
L4, xrefs: 006B6780
~mfQ, xrefs: 006B613E
t~v:, xrefs: 006B61E7
qRb`, xrefs: 006B6133
pt}w, xrefs: 006B61F2

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: 830feff7e85fc03f9013d1879095e9c532fadce832d9c8a71c312c3901f26f28
Instruction ID: fecb493bfba5634ba00b5cb2373391e2e9ce7ff144e5c0a1af0c722c054355e9
Opcode Fuzzy Hash: 830feff7e85fc03f9013d1879095e9c532fadce832d9c8a71c312c3901f26f28
Instruction Fuzzy Hash: CA4213B26083918FD7248F24D8916ABB7E3BFD6314F19893CE4D98B355DB349846CB42

Function 008623D2 Relevance: 10.0, Strings: 7, Instructions: 1264COMMON

Download Yara Rule

Strings

|aO, xrefs: 008628D0
L!|, xrefs: 0086305A
'[t-, xrefs: 008624B9
N&., xrefs: 008627B8
aa~, xrefs: 00862B4E
vb{}, xrefs: 00862614
'[t-, xrefs: 008624A5

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: '[t-$'[t-$L!|$N&.$aa~$vb{}$|aO
API String ID: 0-3550707890
Opcode ID: 16265b8fa74f7c44e9725c7856ecfe4be91a5208ac61fa6a3de3310815454238
Instruction ID: aa2128a4a1849763da61df2f3b4e53af172a7c0e880a04d8751871ec2c8ac989
Opcode Fuzzy Hash: 16265b8fa74f7c44e9725c7856ecfe4be91a5208ac61fa6a3de3310815454238
Instruction Fuzzy Hash: 75824CF360C2009FE7046E2DEC8567ABBEAEFD4320F1A453DE6C5C7744E93598058696

Function 006B747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 006B75C5

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 1ead05527d8a38ea4cb4315a6e531373e1568e9d7bd2dce4d23569428ced3167
Instruction ID: 5cfc572405321056001b5c29255e9c9d8826c251669558888327c2d9a5a32250
Opcode Fuzzy Hash: 1ead05527d8a38ea4cb4315a6e531373e1568e9d7bd2dce4d23569428ced3167
Instruction Fuzzy Hash: 848235B15083518BC724CF28C8917EBB7E2EFD9354F198A6CE8D58B3A5E7348945CB42

Function 0086039D Relevance: 8.0, Strings: 5, Instructions: 1711COMMON

Download Yara Rule

Strings

+D.?, xrefs: 008617AE
;{__, xrefs: 00860DD1
Wo~, xrefs: 00860AA8
;-Mn, xrefs: 0086087C
t'], xrefs: 008617EC

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: +D.?$;-Mn$;{__$t']$Wo~
API String ID: 0-2290914124
Opcode ID: 90f654ee8aa6bcae770c2ae3ff346679dbdb5f57f979a835ef0133ea3558529f
Instruction ID: 1642d5c68992843635595bc62af472e31313daab0aaff4209eb34b9009f360a9
Opcode Fuzzy Hash: 90f654ee8aa6bcae770c2ae3ff346679dbdb5f57f979a835ef0133ea3558529f
Instruction Fuzzy Hash: EEB238F360C2049FE304AE2DEC8567ABBE9EF94720F1A493DEAC5C3744E63558058697

Function 006C81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 006C84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 006C85B4

Strings

_^]\, xrefs: 006C8A15
LF7Y, xrefs: 006C8951

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: cf246498d562bcc085a685f4a8316d7723f6e5ce8421b02680401046c6a9c711
Instruction ID: 4438802a76fc622d450c1234cb52a620d43ff68738b0763b728fdc08d1afb794
Opcode Fuzzy Hash: cf246498d562bcc085a685f4a8316d7723f6e5ce8421b02680401046c6a9c711
Instruction Fuzzy Hash: F022E371908381CFD7249F28D880B6FB7E2FF85310F194A6CE9955B3A1D7319A41CB92

Function 006C83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 006C84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 006C85B4

Strings

_^]\, xrefs: 006C8A15
LF7Y, xrefs: 006C8951

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 8f15dd188fe67b444cfe56552b6b3bda88b48a074b7458ef6251c72264308c20
Instruction ID: c35c6b74a58bb516bef58c4b1f4f5e060ea516cfa1da6b744cfd576e131effc2
Opcode Fuzzy Hash: 8f15dd188fe67b444cfe56552b6b3bda88b48a074b7458ef6251c72264308c20
Instruction Fuzzy Hash: CD12D171908381CFD3249F28D880B6FBBE2FF85310F194A6CE9955B3A1D7359A45CB52

Function 006C24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

"_,Y, xrefs: 006C2530
.[TU, xrefs: 006C2538
pCj], xrefs: 006C2528
;GsA, xrefs: 006C2520
=K0E, xrefs: 006C2544

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: cb24fd31b759b609d1aa02a8344bf6e5add2d9c85b153a992332867f2f284cf9
Instruction ID: 6b9a7252d4bc1597864e0a19cc5a9b284ceb285bdb770b7b84e090aea5af9681
Opcode Fuzzy Hash: cb24fd31b759b609d1aa02a8344bf6e5add2d9c85b153a992332867f2f284cf9
Instruction Fuzzy Hash: 499101B16083019BC714DF24C8A5BB7B3B2EF85314F18842CEC898B382E775D906CB66

Function 006B8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

gfff, xrefs: 006B8458
2h?n, xrefs: 006B83A0
7, xrefs: 006B8419
^`/4, xrefs: 006B81E1
SP, xrefs: 006B8396

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: 234f1a81742f25c85607ff7ae687442bab851314e0d4bb1ac1bba8488e6fa208
Instruction ID: 563048a04934c9728167d9bc3c96d7b4423e961081c6a56cb54ae065b916757f
Opcode Fuzzy Hash: 234f1a81742f25c85607ff7ae687442bab851314e0d4bb1ac1bba8488e6fa208
Instruction Fuzzy Hash: 5CA115B2A143504FD364CB28D8517AFB7E7FBC5314F198A2DE485DB391EA388946CB81

Function 006C90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 006C9170

Strings

M/(, xrefs: 006C913D
M/(, xrefs: 006C919E

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: 2df9c4a9a391375afc69c49989f96efa979c63f39244de671f550d128d608adb
Instruction ID: c3a2cbe6e712edd6144bc0d0d0426b60fb93cf3c33a5620dd304bfdf98c46133
Opcode Fuzzy Hash: 2df9c4a9a391375afc69c49989f96efa979c63f39244de671f550d128d608adb
Instruction Fuzzy Hash: B3212371A5C3515FE714CE349886B9FB7AAEBC2700F01892CE0D1DB2C5D675880B8756

Function 006CA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

VN, xrefs: 006CA520
i, xrefs: 006CA527
VN, xrefs: 006CA5C6
i, xrefs: 006CA5CD

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: VN$VN$i$i
API String ID: 0-1885346908
Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction ID: 9a87468603630719a840fd9f974a6c072dc4543228c67785fe9dc8e72adf1d64
Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction Fuzzy Hash: 2121C3311583858AD3058EB580407B6BBE3EBC672CF68865ED1F15B391EA3BC90A8757

Function 0080C136 Relevance: 4.2, Strings: 3, Instructions: 410COMMON

Download Yara Rule

Strings

Pu, xrefs: 0080C6FC
p8w\, xrefs: 0080C6ED
Vp%n, xrefs: 0080C565

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: Pu$Vp%n$p8w\
API String ID: 0-369727290
Opcode ID: 2f17f7617ec75097f6510e256cb8e2fe4c96c9b903171f2fd4f383e4e6e4c047
Instruction ID: 54d9686ae27986bba48bb643604c00cd35ddcad9cc6f84453999b75fff72cd50
Opcode Fuzzy Hash: 2f17f7617ec75097f6510e256cb8e2fe4c96c9b903171f2fd4f383e4e6e4c047
Instruction Fuzzy Hash: 8BD1BEF3E146204BF3149E29DC843A6B6D6EB94320F1F863D9E88A77C4E97E5C058785

Function 006CA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

.txt, xrefs: 006CA371
<\hX, xrefs: 006CA236
_^]\, xrefs: 006CA49C, 006CA188

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 464da69ef07efdef2f2029e627ba37ac39800e2ac5d8b4f14fa0bb7e8f6de07a
Instruction ID: 1bcd7a17a3118f50c8136112cd800f5c1500918325826b87c79bf51ffe19066e
Opcode Fuzzy Hash: 464da69ef07efdef2f2029e627ba37ac39800e2ac5d8b4f14fa0bb7e8f6de07a
Instruction Fuzzy Hash: 0DC1127150C384DFD7089F68EC91A7ABBE3EF85314F188A6CF0954B2A2D7359A45CB12

Function 006BD003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 006BD4DD
bh, xrefs: 006BD4D6

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 90d65f1aabfb844f683adb852b04ba36970b94081c280ea2f0e62a5bb7a4d659
Instruction ID: 82008262f60c1d1464e5e5d163095d1d4fc550b959c47e6076dc68ccf6db1269
Opcode Fuzzy Hash: 90d65f1aabfb844f683adb852b04ba36970b94081c280ea2f0e62a5bb7a4d659
Instruction Fuzzy Hash: 763215B1901615CBCB24CF28C8916F7B7B2FF95310F188268D8969F395F735A981CB91

Function 00730481 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

Y>:, xrefs: 00730A9C
5u, xrefs: 007308FF

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: Y>:$5u
API String ID: 0-2174254675
Opcode ID: 432501ea4ed7d0f00a3e6dc513e46487dfdf3c10d7904ca2c1ecde896728ab8a
Instruction ID: f51e79b2786e67c7d9cf215dbd2ab6eef9eb0d0bbfa4f416d520d99fda61794f
Opcode Fuzzy Hash: 432501ea4ed7d0f00a3e6dc513e46487dfdf3c10d7904ca2c1ecde896728ab8a
Instruction Fuzzy Hash: 8FE1F4F3E116148BF3444D29DC983A6B693EBD4321F2F823C9A989B7C4E97E5D094384

Function 0080030C Relevance: 2.9, Strings: 2, Instructions: 402COMMON

Download Yara Rule

Strings

V_q, xrefs: 0080087A
RwW, xrefs: 0080085C

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: RwW$V_q
API String ID: 0-1312916694
Opcode ID: afb04497b9f53b7c69e94e5d5522ff15074515b8e851a00eccba95c8a4417052
Instruction ID: 6159db52af248f1bdb46087bfa2e05addab01140cf3542beb8cba10d82828745
Opcode Fuzzy Hash: afb04497b9f53b7c69e94e5d5522ff15074515b8e851a00eccba95c8a4417052
Instruction Fuzzy Hash: 5DD1FFF3F042258BF3040E29DC94366B792EB95324F2B423DDA49AB7C4D97E9D098385

Function 007463A0 Relevance: 2.9, Strings: 2, Instructions: 386COMMON

Download Yara Rule

Strings

)Ug, xrefs: 00746767
$5/, xrefs: 007468CF

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: $5/$)Ug
API String ID: 0-2601835195
Opcode ID: dd8a0affed4546b435b8c67c1677f5ff6cf1878bd9bc7f6178db917aff2fc107
Instruction ID: 61ade91d001af8306f407ac32e8dda6f34427ae0f9191a8b820341835aef308a
Opcode Fuzzy Hash: dd8a0affed4546b435b8c67c1677f5ff6cf1878bd9bc7f6178db917aff2fc107
Instruction Fuzzy Hash: DDC1E0B3F152204BF3544D28DC94366B697EBD4320F2F863C9A98AB7C5E97E9C094385

Function 006A4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 006A42EB
IEND, xrefs: 006A4661

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: ed9c4ef4470efadb558bebb6d39ddbe3103a9da8da52b18b01484f0e2fad09bf
Instruction ID: 71870187ad6a0483c2ca71bea16aa6f2b66425c84b4ef9279b3a74c4425b4d4a
Opcode Fuzzy Hash: ed9c4ef4470efadb558bebb6d39ddbe3103a9da8da52b18b01484f0e2fad09bf
Instruction Fuzzy Hash: 38D1CF719083449FD710EF18DC41B9ABBE5AB96304F14482DF9999B382D7B5ED08CF92

Function 007C70F9 Relevance: 2.8, Strings: 2, Instructions: 279COMMON

Download Yara Rule

Strings

2, xrefs: 007C7202
RF[t, xrefs: 007C72E3

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: 2$RF[t
API String ID: 0-3607464224
Opcode ID: 61747b80d561036d78265acfc4fa28d650c9d4983b4825ab84722b4a329736b7
Instruction ID: aff5536ff95540e4a41c3ad23e2749f867282c9e97e8917969013e06fa62382d
Opcode Fuzzy Hash: 61747b80d561036d78265acfc4fa28d650c9d4983b4825ab84722b4a329736b7
Instruction Fuzzy Hash: 9BA1CFB3F2152587F3544E28CC583A1B793EB95311F2F82788E49AB7C4D93EAD099784

Function 00802162 Relevance: 1.8, Strings: 1, Instructions: 561COMMON

Download Yara Rule

Strings

6|/, xrefs: 008028A1

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: 6|/
API String ID: 0-602051575
Opcode ID: 591f5730823434e247188b593863d7d8624b8df1172034a50ed650121b89180f
Instruction ID: ebe1b53e13dac9a44eecc7255a9695866e968b839ddfc9c1d1f361ce4d7fac4f
Opcode Fuzzy Hash: 591f5730823434e247188b593863d7d8624b8df1172034a50ed650121b89180f
Instruction Fuzzy Hash: 1802CBB3F155204BF3584939DC58366B693EBD4320F2B823C9E99A77C4D97E5C0A8385

Function 007B65B8 Relevance: 1.7, Strings: 1, Instructions: 480COMMON

Download Yara Rule

Strings

U%v, xrefs: 007B6B9D

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: U%v
API String ID: 0-1286829100
Opcode ID: 9977eba7f7bb259cdf03ed6fbf2f978102501a6066fe8178f167db453eae3f5f
Instruction ID: 75292bf3400dfb3f38bedf654ca4446f084a82c0b9fed62d667c995b41d41715
Opcode Fuzzy Hash: 9977eba7f7bb259cdf03ed6fbf2f978102501a6066fe8178f167db453eae3f5f
Instruction Fuzzy Hash: A5F1D2B3E146108BF3485E29DC95366B7D2EBA4310F2B453DDA889B3C4DE3E5C058785

Function 0083634E Relevance: 1.7, Strings: 1, Instructions: 471COMMON

Download Yara Rule

Strings

gU/u, xrefs: 00836800

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: gU/u
API String ID: 0-3752935715
Opcode ID: 0aeb9f25d6821cd8e99f3fafc02eaa8d04f3b7d8c0c815236a64fd9074364d60
Instruction ID: 24a2c5c7cd2245f62e9746a573804894cbd320e5b5abac5ee76380453a6299cd
Opcode Fuzzy Hash: 0aeb9f25d6821cd8e99f3fafc02eaa8d04f3b7d8c0c815236a64fd9074364d60
Instruction Fuzzy Hash: 13F1E1B3E142204BF3545D29DC88366B692EBD4320F2F823CDE98AB7C4D93E5D098385

Function 007EE380 Relevance: 1.7, Strings: 1, Instructions: 405COMMON

Download Yara Rule

Strings

?*U, xrefs: 007EE7F5

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: ?*U
API String ID: 0-3320561331
Opcode ID: 617309c1f49e0282a085abd3dd47fafd193f0a3db06b8c54247d4ecc3ac6a9ca
Instruction ID: 9b4b35604120d284b3872a611a565d08b10cf5c13c8c7c8737aae09199688fe1
Opcode Fuzzy Hash: 617309c1f49e0282a085abd3dd47fafd193f0a3db06b8c54247d4ecc3ac6a9ca
Instruction Fuzzy Hash: 73D1D0F3F142104BF3445E39DC59366B6D2DB94310F2B863D9A899BBC4E93E9C098385

Function 006CD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 006CD2A4

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 8ba7940bbbe2a5e92a2f9d08b37f7f121b934ff2987384988c9b98a8d8f144f9
Instruction ID: 8ed3806a904a2fde8a7296dec90bc2b2ba1488438213dbcf2ae7e67a28b5ab07
Opcode Fuzzy Hash: 8ba7940bbbe2a5e92a2f9d08b37f7f121b934ff2987384988c9b98a8d8f144f9
Instruction Fuzzy Hash: 1C41C2705043819BE3158F34C9A0B72BBE2EF57314F28869CE59A4B393D629E8468B55

Function 006CD34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

><+, xrefs: 006CD353

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: ><+
API String ID: 0-2918635699
Opcode ID: 07bbc6ffef1039071e7b71901d3e7ea2b4ebbd0d99ed859973fd938f88604086
Instruction ID: c79e20fb4e9891736fe25cfa4399e35651c7544a0ddc6c2193a8c0b498fe0840
Opcode Fuzzy Hash: 07bbc6ffef1039071e7b71901d3e7ea2b4ebbd0d99ed859973fd938f88604086
Instruction Fuzzy Hash: 9BC1A1756047818FD725CF2AC490762FBE2FF9A314B2985ADC4DA8B752C735E806CB50

Function 006CB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 006CB458

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction ID: fcf0495d00f87db825bf470df2f54ff4de9627acfeae795489d6b44956bb06d2
Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction Fuzzy Hash: 7BC1E5B2A083445BD7258E24C492FBBB7DBEF85310F5C992DE49987382E734DD448792

Function 007E45F9 Relevance: 1.6, Strings: 1, Instructions: 352COMMON

Download Yara Rule

Strings

x, xrefs: 007E4753

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: x
API String ID: 0-2363233923
Opcode ID: 568e12973739aef8a14c3e1cd5e65f5055e57e533028ad4417eb40c950587b85
Instruction ID: 6b754dee2853b470a0f068396b65b1b32d5b100efcb6f1eb105c88354449f461
Opcode Fuzzy Hash: 568e12973739aef8a14c3e1cd5e65f5055e57e533028ad4417eb40c950587b85
Instruction Fuzzy Hash: 80C1AAB3F1163547F3644969CCA83A27692EB95320F2F82788E5CAB7C1D97E5C0953C4

Function 0077258F Relevance: 1.6, Strings: 1, Instructions: 339COMMON

Download Yara Rule

Strings

~, xrefs: 007726AE

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: ~
API String ID: 0-1707062198
Opcode ID: 21621c0a1ca85f02232246f537621ac776722303ed97bde5bd726243ec769b7a
Instruction ID: 808455a6d3d625366494e4ba38e5758d01139ff79c0302a25c376943fe83cd83
Opcode Fuzzy Hash: 21621c0a1ca85f02232246f537621ac776722303ed97bde5bd726243ec769b7a
Instruction Fuzzy Hash: CAC179B7F5162147F3544839DC983A26683ABE4324F2F82788E9D6B7C6DC7E5C0A4384

Function 007F2006 Relevance: 1.6, Strings: 1, Instructions: 334COMMON

Download Yara Rule

Strings

0, xrefs: 007F20E4

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 6dc2ccdf0cb8ee921a4340ad1fb4fe56dd851bd64af3dadda3a91795b9003e33
Instruction ID: e5699b74c46596865b4337b6192ada5df0fbefaa6030dace47a5e8c81c84cbc5
Opcode Fuzzy Hash: 6dc2ccdf0cb8ee921a4340ad1fb4fe56dd851bd64af3dadda3a91795b9003e33
Instruction Fuzzy Hash: 29B15DB3F125254BF344892ACC583A276839BD5325F3F81788B4C6B7C9DD7E5D0A5288

Function 007080D7 Relevance: 1.6, Strings: 1, Instructions: 329COMMON

Download Yara Rule

Strings

a, xrefs: 0070829F

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: cc109864360c85f799a768dd7412262b01fd6c0d3f4bb0c53e0ed4bbae083e79
Instruction ID: 0e5e395ec2de2e830598ee701feb3981b3c320f240306e9b114262874d2e1d4a
Opcode Fuzzy Hash: cc109864360c85f799a768dd7412262b01fd6c0d3f4bb0c53e0ed4bbae083e79
Instruction Fuzzy Hash: 31B186B3F112254BF3444979CC983626283EBD5325F2F82788E48AB7C9CC7E6D0A5384

Function 008290B4 Relevance: 1.6, Strings: 1, Instructions: 322COMMON

Download Yara Rule

Strings

?VR1, xrefs: 008290C0

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: ?VR1
API String ID: 0-946756101
Opcode ID: 8711aadd3f82edd371cdeb9269edfc2cfdb723cb759ef324d4982891cec03211
Instruction ID: f07b1b1ad86892db0591e93999851ea36ce322e43c9f3c2a6bfee3b6be4ca9c2
Opcode Fuzzy Hash: 8711aadd3f82edd371cdeb9269edfc2cfdb723cb759ef324d4982891cec03211
Instruction Fuzzy Hash: D9B16CB3F1162547F3984879CD983A26583ABD0320F2F82788E9DAB7C5DC7E5D0A5384

Function 00726237 Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

`, xrefs: 00726364

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 48e4ab8bf324f2e3ea89fbbf3f80a734a64a2dff14c6e0b6b16d54d1161de2b6
Instruction ID: 14f4d43ef4e9c3816ef4f02351f14e413747bb049b0dae03ffea55eb05643b95
Opcode Fuzzy Hash: 48e4ab8bf324f2e3ea89fbbf3f80a734a64a2dff14c6e0b6b16d54d1161de2b6
Instruction Fuzzy Hash: 59A18DF3F116244BF3484928CC693A26683D795324F2F82798F59AB7C5D87E9D0A53C8

Function 006C7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 006C7465

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 54017cee2499703eab2f241d027a214e588d90bbed31c518dd978dd75009631c
Instruction ID: 0ddefa0611d340947d9e1d4c295a51612feb411f5bc5753b06a29e795fe6e1ef
Opcode Fuzzy Hash: 54017cee2499703eab2f241d027a214e588d90bbed31c518dd978dd75009631c
Instruction Fuzzy Hash: 5A7128B1A083005BD7289A69DCD2F7B77E3DF92318F18853DE4868B392E674DC058B56

Function 006CC53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

x|*H, xrefs: 006CCE93

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: de8f4ca726abd83533f3704a7579c3c1fac3f3b790af108ab1d5c501b7ad0d4d
Instruction ID: c3e1cae215f253e6d31f79ed982a99a92682695ca47b6d06d0a3476bdc0b4970
Opcode Fuzzy Hash: de8f4ca726abd83533f3704a7579c3c1fac3f3b790af108ab1d5c501b7ad0d4d
Instruction Fuzzy Hash: 0A71F2B06047818FD729CB39C4A0B72BBE2EF97315F28C4ADD4DB8B796D63598068710

Function 007A901A Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

Jb>, xrefs: 007A9240

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: Jb>
API String ID: 0-3237486062
Opcode ID: 362fe33937d37cc22060494f7c0f529188dd79bfe6726a629b9fcbaaf2b6d45d
Instruction ID: a2c84d5804b3af4c484b4f7c2c860e03998425998b87ad3cf4b08540dd7ef1a5
Opcode Fuzzy Hash: 362fe33937d37cc22060494f7c0f529188dd79bfe6726a629b9fcbaaf2b6d45d
Instruction Fuzzy Hash: FE816EB3F1122587F3544D28CC583A27293DB95324F2F82789E59AB7D4D93E6D0A9388

Function 007C4148 Relevance: 1.5, Strings: 1, Instructions: 237COMMON

Download Yara Rule

Strings

V, xrefs: 007C41A4

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 03ecc16de631c92d46074aa965864bf289299eb085ec2b5a92485f509d708ede
Instruction ID: 2697dc2f94fbd2a7a93a8cdf05432f2dd1a159dd0d1933e0605277f30a05b7af
Opcode Fuzzy Hash: 03ecc16de631c92d46074aa965864bf289299eb085ec2b5a92485f509d708ede
Instruction Fuzzy Hash: 7581BFB3F115258BF3504D29CC583627293EBD5320F2F82788A58AB7C8DD7E9D0A9384

Function 006AD021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 006AD455

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 8f10c3ba1b8b44c310bddf952a0f2089735abed6af0e09fa0c496f837d832b94
Instruction ID: 57c28bedd6329cb325e19c9783c2b364a9e79cd6704381b157d2d8c540ef53cf
Opcode Fuzzy Hash: 8f10c3ba1b8b44c310bddf952a0f2089735abed6af0e09fa0c496f837d832b94
Instruction Fuzzy Hash: 2E51E3702013008FCB249F54D8D0AB6BBE3EB5B714719981CD5978BB62D271BC468B51

Function 006CC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 006CC173

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: ee8442dcd9c2d64c0917fcfde67b20d392c4fbd08c421605c4641235499a3108
Instruction ID: 6d56a1497cfecf4c98c70b76757cd93f5ea4da2557a93a7272972335fa3dac7c
Opcode Fuzzy Hash: ee8442dcd9c2d64c0917fcfde67b20d392c4fbd08c421605c4641235499a3108
Instruction Fuzzy Hash: CB51D521614B804AD729CB3A88517B7BBD3EBDB314B5C969DC4DBC7B86CA3CA4068710

Function 00718060 Relevance: 1.5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

Strings

DSx, xrefs: 0071825F

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: DSx
API String ID: 0-353607034
Opcode ID: f24f51ac7da79cf369e55cae5ff6fd60e338925d77543e9c1bac21d7477739f9
Instruction ID: 147e9bc2e2722c8d0b7321fdda0a4ed63b0ad00110844d821469c5a556d4c3f1
Opcode Fuzzy Hash: f24f51ac7da79cf369e55cae5ff6fd60e338925d77543e9c1bac21d7477739f9
Instruction Fuzzy Hash: A581A1F3F116294BF3440D28DC983A27692DBA5324F2F41788F48AB7D6D97E9D065388

Function 006CC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 006CC173

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 6e4deb1f52ebd14559cf18c135c39595b2e7f0726ea97f204ed15396187c30ac
Instruction ID: c3b59130a901d3fac891257d12a5fe08bb831a4239a37171c45c8d334e7f9c6f
Opcode Fuzzy Hash: 6e4deb1f52ebd14559cf18c135c39595b2e7f0726ea97f204ed15396187c30ac
Instruction Fuzzy Hash: B351F725614B804AD72ACB3A88507B3BBD3AB97310F5C969DC4DBDBB86CA3C94028711

Function 0077E13A Relevance: 1.4, Strings: 1, Instructions: 194COMMON

Download Yara Rule

Strings

AuW3, xrefs: 0077E2E2

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: AuW3
API String ID: 0-452780154
Opcode ID: 994ac3150337e16be0a9e4889414cb329aea08f52511831ef5c67635be8434e3
Instruction ID: fcd4e6976f156cd2e6ed8367fd22412c329d6525ac28105f52af1045c9291f29
Opcode Fuzzy Hash: 994ac3150337e16be0a9e4889414cb329aea08f52511831ef5c67635be8434e3
Instruction Fuzzy Hash: 76617DB3F2152447F3544D39CC083626583ABD5324F2F86788A9CAB7C9ED7E9D0A5384

Function 00777027 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

bjD*, xrefs: 007771B7

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: bjD*
API String ID: 0-3129339317
Opcode ID: b9886472fbf0d0f686f48823af92ebf714691cf689f3c124d47ab27b49f8e78e
Instruction ID: 44328503270a7caea082029a60fb0b9df2ad27ce610300817e40b60eb9eda3b8
Opcode Fuzzy Hash: b9886472fbf0d0f686f48823af92ebf714691cf689f3c124d47ab27b49f8e78e
Instruction Fuzzy Hash: 3C518BB3F1162547F3580D28DC983627683DBD5315F2E82788B896B7C9DC3E9D4A9388

Function 006E1160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 006E123B

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ad40fe3756f687ed36be45cd30d41b0d8b87792ce1b2086edccdd10b844b5535
Instruction ID: bbe307eff7aa1f73957d6210bcfcfd25a99e11acdd205487664432a10984adcc
Opcode Fuzzy Hash: ad40fe3756f687ed36be45cd30d41b0d8b87792ce1b2086edccdd10b844b5535
Instruction Fuzzy Hash: 644122B1A053409BD7248F50CC56BBBBBA2FFD6314F08891CE6854F3A0E3359904C782

Function 006CC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 006CD9F4

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: b724194b07600bd887afffdb87448af9443517b7eae9a5ee444906e01343dae7
Instruction ID: 8b9f092ab165af113c7b5d7cd7355878ce09934dde077a9b53a3b8eda927a7f8
Opcode Fuzzy Hash: b724194b07600bd887afffdb87448af9443517b7eae9a5ee444906e01343dae7
Instruction Fuzzy Hash: 4441E5755047928FD7228F39C850BB2BBE2FB97310B1896ACC0D69B796D734E845CB90

Function 009190BD Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

WX{}, xrefs: 009190D8

Memory Dump Source

Source File: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: WX{}
API String ID: 0-4149099187
Opcode ID: c53ce6d05f0e451b1e4c5312e3029955417b7983fb41cfa848229ba3dd8fd52c
Instruction ID: 85d6ab2df59d4b963ce93cdffbe5a10eca86b51b4aaebfe1c21a0c253f1b87a0
Opcode Fuzzy Hash: c53ce6d05f0e451b1e4c5312e3029955417b7983fb41cfa848229ba3dd8fd52c
Instruction Fuzzy Hash: F031A1B240D7089FE709BF19DC8167AF7E9FF88310F16892DE6C583710EA3658448A97

Function 006C8528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

_^]\, xrefs: 006C8545

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 1a46fccdcc85d4dd1d4c623c4b791557375de92ac22a54bc667c9d9017554672
Instruction ID: b80f6bafd3adc86fb60ef5bb4e4203d680b3ef94205a32e3821556bcf5d14790
Opcode Fuzzy Hash: 1a46fccdcc85d4dd1d4c623c4b791557375de92ac22a54bc667c9d9017554672
Instruction Fuzzy Hash: 0221B6746093408FDB7C8B2488D1F7FB3A3EB95314F28152DD253577A1EA359C128A59

Function 006E0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 006E03AD

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 3717f077cac4635d3404c91cc35037a0738677692dd0bb0e1fdb0b36cc95e667
Instruction ID: 8829c14065a7ebd2870649563e6d9c2cd7db7115a9d640d34c0d92345a002b21
Opcode Fuzzy Hash: 3717f077cac4635d3404c91cc35037a0738677692dd0bb0e1fdb0b36cc95e667
Instruction Fuzzy Hash: 173101756093448BD314DF98D8C26BFBBE6EBC5324F14992CE69887390D3759888CB92

Function 006CE180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2e1f77ebed78141539ba699fc7d1c02c6b37dc81a16520bb536ef1e163bb66
Instruction ID: 18d1e7f1fac48dd228aef4645d3f4131adfd24287ef7b7aa2d425667fb48062b
Opcode Fuzzy Hash: 1b2e1f77ebed78141539ba699fc7d1c02c6b37dc81a16520bb536ef1e163bb66
Instruction Fuzzy Hash: 7962A3F1912B819FD3A1CF2AC881793BFEAAF89310F14591EE5AD97311DB7065018F92

Function 006A65F0 Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3ae04f252995b593b283b814d1f12265780667426c95dd3f848897b8ff5020
Instruction ID: a1ca088681bb9e4e55fd8159631662f185f1ce4eaa498c721a7939da39afa823
Opcode Fuzzy Hash: 1a3ae04f252995b593b283b814d1f12265780667426c95dd3f848897b8ff5020
Instruction Fuzzy Hash: 9152B6B0908B848FE735EB24C4843E7BBE2EF52314F18496DE5E706786C379AD858B15

Function 006A73D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction ID: 3bab457acdec95e82713bd96dd1d8a7b467b3a59cf91c66bd22f2bdbcfaf2031
Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction Fuzzy Hash: AA22B032A0C7118BC725EF18DC806ABB3E2EFC6315F19892DD9C697385D734AD118B96

Function 008243C6 Relevance: .5, Instructions: 530COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa6da24b31c3431371e2a32b1f6cb4e196eb911b5bbe78f92f66fab6fa4a97b
Instruction ID: 1768461e0dced5f3bb82679b52a3d686e8fadca0999de704d7d73fa4ea6e78b3
Opcode Fuzzy Hash: daa6da24b31c3431371e2a32b1f6cb4e196eb911b5bbe78f92f66fab6fa4a97b
Instruction Fuzzy Hash: 9C028DF7F917250BF3540868ED983A21583D7E1320E2F9274CF485B7C6D8BE488A5398

Function 007121B4 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fffccea2b742f242872a29690201befb95a1dc2b7ed662b0bbf89f28a78ad02
Instruction ID: 5ba2cdbabd969ad10b04a910784d9239c0eb8a106a233efdc7fcb5726c88ac6c
Opcode Fuzzy Hash: 6fffccea2b742f242872a29690201befb95a1dc2b7ed662b0bbf89f28a78ad02
Instruction Fuzzy Hash: 22F1EDB3F146204BF3145E29DC5936AB692EBD8320F2F853D8B89A77C4D97E5C058385

Function 007D4361 Relevance: .5, Instructions: 490COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18f578cd78c5642c40f2901698af8b461400231b4b048cdabe10ccec5628b011
Instruction ID: e61791e81c538a75006e8810bb6c0d85adbed78a19fcdb8905c8f42c369aa62b
Opcode Fuzzy Hash: 18f578cd78c5642c40f2901698af8b461400231b4b048cdabe10ccec5628b011
Instruction Fuzzy Hash: 46F1EEB3F146144BF3485E68DC943B6B692EB94320F2B823CDB899B7C5D97E5C098385

Function 006DA5D4 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e6641257c2e4e386b4c034ca1e30f8904a1708375f358c8571b09417f11d0b
Instruction ID: f206d370d388a26b004217397fbdb9fbb3f241a72c254fd29bbaa382dbc39cfd
Opcode Fuzzy Hash: 95e6641257c2e4e386b4c034ca1e30f8904a1708375f358c8571b09417f11d0b
Instruction Fuzzy Hash: B9D12636528356CBCB148F38E892266B3F2FF49741F4A997DC8818B3A0E779C954C761

Function 008244B8 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f57029a7134837c4c1ea5fe4ed91a8acd41ea6721f072c213b004ab9d18541a0
Instruction ID: 93e71c4c20545b1bd66a8a753dbae545fbf90f0974c13339d61e2f013fc99b07
Opcode Fuzzy Hash: f57029a7134837c4c1ea5fe4ed91a8acd41ea6721f072c213b004ab9d18541a0
Instruction Fuzzy Hash: ACD17CF7F917650BF7540868ED983A21983D7E5320D2F9178CB498B7CAD8BE488A4358

Function 00816425 Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65ca24ab25e90b5a64d94c051608b64764c788cc0d1ebd823ad0a33d299756bb
Instruction ID: 402ef32509117c8d83fdb3519c79a508343aebe45f76a348071af858f543fa8e
Opcode Fuzzy Hash: 65ca24ab25e90b5a64d94c051608b64764c788cc0d1ebd823ad0a33d299756bb
Instruction Fuzzy Hash: D6D157F3F1162547F3544D29CC983626683DBE0325F2F82788E99AB7C5E87E5D0A5384

Function 0072C3AD Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e3309eb5027c82bebbbc7b07a208a1901dbfb6cd22551e601556b3eebec6d8a
Instruction ID: 21a08a747e2d9a49c204394062de9fba1a491d24c819c4752be370b3b8f2c4fb
Opcode Fuzzy Hash: 6e3309eb5027c82bebbbc7b07a208a1901dbfb6cd22551e601556b3eebec6d8a
Instruction Fuzzy Hash: B1C1CDB3F5022547F3444D38DC983A27693EB95320F2F82788E59AB7C5D97E5D099384

Function 00700546 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e50491a985fa6ae225fc2ab955f7d4968fa3c09a9bb01d21142cb5e0b3dac16
Instruction ID: 2924cd25b520468ff9fc05ceca702833df50d307e4217a69a9914ab319de7c2e
Opcode Fuzzy Hash: 1e50491a985fa6ae225fc2ab955f7d4968fa3c09a9bb01d21142cb5e0b3dac16
Instruction Fuzzy Hash: 8BC158B3F1152547F3584938CC693A266839B95320F2F823C8F6AAB7C5DD7E9D0A5384

Function 00774032 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8370de05fe202f419e1c874cafb2d0ceef3d57a1c369c65710dee504843c1a
Instruction ID: 8080492b5d810407cbb0c680fa12aea1d441f4fcef8703e7683de8b6699bf776
Opcode Fuzzy Hash: da8370de05fe202f419e1c874cafb2d0ceef3d57a1c369c65710dee504843c1a
Instruction Fuzzy Hash: 48C19EB3F512254BF3444C79CD983A26683EB95320F2B82388F59AB7C9DC7E5D4A5384

Function 007250D6 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3796bac74c6edfed5ad63cb7d575150a104ddfa08db2256c90751e746b070b74
Instruction ID: 1b399de549728f25616205f08ef271b5c118645c8d2c6ab89e68aab82020f9d5
Opcode Fuzzy Hash: 3796bac74c6edfed5ad63cb7d575150a104ddfa08db2256c90751e746b070b74
Instruction Fuzzy Hash: F9C179B3F1062447F3584928DCA83A27692DB95324F2F82798F09AB7C5DD7E5C0993C8

Function 0075053D Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018aeac27bd0e7e21549141fd17868d400fdfaa9291c26c5332cd6b139ee4114
Instruction ID: f64a36206ba924b5711225c3eb7c5877d234ef7270e201df4696c50afdff31c8
Opcode Fuzzy Hash: 018aeac27bd0e7e21549141fd17868d400fdfaa9291c26c5332cd6b139ee4114
Instruction Fuzzy Hash: 8CC17BB3F2152147F3544D29CC583A266939B94324F3F82788EACAB7C5D97E9D0A53C4

Function 00786350 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d357920460240a33d5e50d34264bb73f315fc63a5e971cb712eb1a4e09e7c146
Instruction ID: a3a01e2e0be9c0c5a6a18ccf0a3f9fb22432666214307dda25687e075fe204f6
Opcode Fuzzy Hash: d357920460240a33d5e50d34264bb73f315fc63a5e971cb712eb1a4e09e7c146
Instruction Fuzzy Hash: 4EC1AAB3F605214BF3580D38CD983A22693DBD5314F2F82788E49ABBC9D97E5D099384

Function 007A255D Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1897387e34f01e0d957f8a1f18a5ec81276ed09fab67815b941d07863375bbb4
Instruction ID: 6a6a2553930d25b1ca0ec0a1b31661134d5eec3ffb337ff3ed722d8ac7da5b9a
Opcode Fuzzy Hash: 1897387e34f01e0d957f8a1f18a5ec81276ed09fab67815b941d07863375bbb4
Instruction Fuzzy Hash: EAC17CB3F115204BF3588939CC583A266839BD5325F2F82788A5CABBD5DD7E5C0A9384

Function 00808294 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0135e6f28f07bac628faeffd6f4428c5172d9cb115d72a25711c940660d9003f
Instruction ID: ee9c7ff10210f4ee9d5fba882026a2214e9e657986a6fab3edad5c2331aec57c
Opcode Fuzzy Hash: 0135e6f28f07bac628faeffd6f4428c5172d9cb115d72a25711c940660d9003f
Instruction Fuzzy Hash: 08C19BB3F1162547F3444879CD983626583DBE5324F2F82788F58ABBCAD87E9D0A5384

Function 007CE173 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8012e0252b6259b34dabb1f9bde1078afe0fcb2f2b79d1fa11247b5364fdb204
Instruction ID: f9138823eef650bc2ad13d7ee6ee9fa82c66149d45ebab6dfb441e1d918336a0
Opcode Fuzzy Hash: 8012e0252b6259b34dabb1f9bde1078afe0fcb2f2b79d1fa11247b5364fdb204
Instruction Fuzzy Hash: B8C168B3F2152547F3584978CC683A26682AB91324F2F427C8F9DAB7C5D87E5D0A53C4

Function 008230DB Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ee18371c9d3fb4432bbf8a334f29741aa6276282fdcb349845ab0028f46428
Instruction ID: 7033e6efc749575ed548fdca33bfbef6ccb2b309a1f17e4c41f8e53fc0803679
Opcode Fuzzy Hash: d9ee18371c9d3fb4432bbf8a334f29741aa6276282fdcb349845ab0028f46428
Instruction Fuzzy Hash: 59C1ADF3F116214BF3544939DC9836266839BE5324F2F82788E5CAB7C6D87E5D0A5388

Function 007FC569 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d710c511c5c01435c9bfc4f2f7a4321e3070869ff2501ca48116d3c143085b0
Instruction ID: 788962eecb325c88d70c894ee2694710aae7a8eeaa39f8f1b34a3fdc070b15a8
Opcode Fuzzy Hash: 7d710c511c5c01435c9bfc4f2f7a4321e3070869ff2501ca48116d3c143085b0
Instruction Fuzzy Hash: FDC1CEB3F106254BF3444D28CC983A27693DB95324F2F42788E98AB3C5D97E9D0A9384

Function 0079414D Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c03d8eb64ffba8b180e3b03a20d0460b1359cc70f8d5b304a4a2a699994632e
Instruction ID: 46cb1cfc03230824f7cdbbda48ebf678ce0c8bec9ea80299c56f63c26a00805b
Opcode Fuzzy Hash: 8c03d8eb64ffba8b180e3b03a20d0460b1359cc70f8d5b304a4a2a699994632e
Instruction Fuzzy Hash: EDC159B3F116254BF3484879CCA83A66583DBD1325F2F82388F596BBC9D87E5D0A5384

Function 006BE220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: babddc66e84a643bdb8401c3d6da40da83c31ec8db4b36bd3eecaffc0ba965a9
Instruction ID: 447dcd864e2597711e2af83d57f75e6800496bf3a3434a1ab79e88ea45454f22
Opcode Fuzzy Hash: babddc66e84a643bdb8401c3d6da40da83c31ec8db4b36bd3eecaffc0ba965a9
Instruction Fuzzy Hash: 4EB1E7B5904301AFD7209F24CC41B9ABBE3BF94314F188A2DF594A73A1DB7799548B82

Function 0070E5B4 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 228290e1030948fedbfeccbbd5d6b61685f2194277f91862a1f323f543a99589
Instruction ID: 22ec3a3731f72d4bb019a5ad6015da6d2d65a0aabf05ed4075026f53e984cff5
Opcode Fuzzy Hash: 228290e1030948fedbfeccbbd5d6b61685f2194277f91862a1f323f543a99589
Instruction Fuzzy Hash: B0B191B3F5162547F3544869CC983A26683DBD5325F2F81388F4DAB7C6D8BE9C0A5388

Function 00833090 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27a532c5657081dc71c3a60c9626e82d425dd4cd6f7bd6537fa003b9d9a7118e
Instruction ID: 8adfa1a0466c6c60f31339f01df0a5116ed6057d0e6c46c5643513a90de78dbb
Opcode Fuzzy Hash: 27a532c5657081dc71c3a60c9626e82d425dd4cd6f7bd6537fa003b9d9a7118e
Instruction Fuzzy Hash: 88B1DCB3F516258BF3404969CC983A26683DBD5324F3F42788E5CAB7C1D97E9E0A5384

Function 007840A7 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5392e643e0c40593562b594094ba8a52a3e2d5184421b3cdfa59c1e0bc86566
Instruction ID: 8a34c0aa93d9717a1a0da80b37b5e2e585afa46bc911487fbe4cf742f70a08a3
Opcode Fuzzy Hash: f5392e643e0c40593562b594094ba8a52a3e2d5184421b3cdfa59c1e0bc86566
Instruction Fuzzy Hash: BEB169F7F116254BF3444839DD983626983ABD1325F2F82388F58A7BC9DC7D5D0A5288

Function 0078C066 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df77f6258666327b1401b5b981bb311e42a6b80368e2675fbe45c6e52e5d3d3b
Instruction ID: d9a0bd18014df16575541d8ed74e4a8cea37492c24903dd6c97c1917f2d1fd7f
Opcode Fuzzy Hash: df77f6258666327b1401b5b981bb311e42a6b80368e2675fbe45c6e52e5d3d3b
Instruction Fuzzy Hash: E8B1ADB3F215254BF3444D28CC983A22693DBD4315F2F81788F49ABBCAD97E6D0A5384

Function 0071A2C6 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f740db6303c210dafc583ba724156f59014f89fbd24874ea1a17d9780d1e865
Instruction ID: a8f50d6e4d0a1db937e80e86d8121a62a46e83101c67453636212a14e5dd120e
Opcode Fuzzy Hash: 6f740db6303c210dafc583ba724156f59014f89fbd24874ea1a17d9780d1e865
Instruction Fuzzy Hash: D4B1AFF3F6162147F3544878DD983A26583DBA4324F2F82788F9C67BC9D87E4D0A5284

Function 007801C4 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d50059ea8ca621d09cc0c1d9acdf0d8d476afc7adaf3c77051c757741d19c93
Instruction ID: 9da7e1374280c5e7b1fa7fb42d4d5a4989a213e74f240ff63b30849e61f2c629
Opcode Fuzzy Hash: 1d50059ea8ca621d09cc0c1d9acdf0d8d476afc7adaf3c77051c757741d19c93
Instruction Fuzzy Hash: 10B1BEB3F1162447F3444D29DC983A27693DBD5320F2F82788E58AB7C5D97E9D0A9384

Function 00716214 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79b3b96c1c68db3f705e796088ff9f45fbfb1b19104f5752a5f513eb4b646a14
Instruction ID: e60357ba8bdbb161f7cd0fe892e5ff4e086717886b4e72adabbfbf7ccb0dc7d2
Opcode Fuzzy Hash: 79b3b96c1c68db3f705e796088ff9f45fbfb1b19104f5752a5f513eb4b646a14
Instruction Fuzzy Hash: 34B15AB3F101258BF3544D69CD583A27693EBD5320F2F82788E886B7C4D97E9D0A9784

Function 007D65E5 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 655bcd7a01506d2a1535cc37f2528159a1e031602de80243c05dfa5903bea57c
Instruction ID: f0415d12bdd10c553cc118068e72469de8164afe613fbc35af64e8681616e880
Opcode Fuzzy Hash: 655bcd7a01506d2a1535cc37f2528159a1e031602de80243c05dfa5903bea57c
Instruction Fuzzy Hash: 79B1BDF3F606254BF3544968DCA83A12283DBE5320F2F42788F586B7C6D97E5D0A5384

Function 0081E0E0 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd73dbdd2e59ec63db164b8b85ef2e998dfcfdcb420512a4d51cacf117b55e1d
Instruction ID: c8b8573feae5cd44e144b871a9edc5fceca5238a80a116142e7056e65c0ac9ec
Opcode Fuzzy Hash: bd73dbdd2e59ec63db164b8b85ef2e998dfcfdcb420512a4d51cacf117b55e1d
Instruction Fuzzy Hash: 1FB17AF3E2162547F3544D38CC983A26683DBA1324F2F82788F59AB7C5D87E9D0A5384

Function 0070439A Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c838d549ff541a7ee4888c4e7639432d8e4640a33c77a459ba0864d816ae13b
Instruction ID: 6a118d7be3cfda613d375773678b7538951feeb8324805b4d950ac2fc71ae3b8
Opcode Fuzzy Hash: 2c838d549ff541a7ee4888c4e7639432d8e4640a33c77a459ba0864d816ae13b
Instruction Fuzzy Hash: E9B1ADB3F1112547F3484938CDA93A16693DBD5320F2F82388F49ABBC5ED7E9D095284

Function 00838288 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4965875e828ef87e22d98a12a7e15330cd81a60f484fd2c43778bdbc6a85a43d
Instruction ID: c9a9b370d700bc65085d15c1761c07975af3d529626475f9c71cf5586594d6eb
Opcode Fuzzy Hash: 4965875e828ef87e22d98a12a7e15330cd81a60f484fd2c43778bdbc6a85a43d
Instruction Fuzzy Hash: 7DB19FB3F1022547F3584C78CD6836266929B95320F2F82788F59BBBC9D87E5D0A53C4

Function 007825B3 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0cb415b9f09b4c0019983fedb5f0567e75d459533c4fc7c0f55e8f10ad4f914
Instruction ID: 025c8b7fa4133620f951f2442c7a72ff57757bb25f13d80b6dd5063065d75f4a
Opcode Fuzzy Hash: f0cb415b9f09b4c0019983fedb5f0567e75d459533c4fc7c0f55e8f10ad4f914
Instruction Fuzzy Hash: C5B19CB3F512254BF3444D78CC983A26693EBD5314F2F82388B58AB7C5D97E9D0A5384

Function 0076258E Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 299b47f8306243aabee4fb7b2d8a194684f7c6bf8a73ba820f1513251f979141
Instruction ID: 5b2076ee2b5ce048668782e9d9b20801d7add4c1c1fe4d208857c901cf3e69da
Opcode Fuzzy Hash: 299b47f8306243aabee4fb7b2d8a194684f7c6bf8a73ba820f1513251f979141
Instruction Fuzzy Hash: 74B1AAB7F116254BF3544D39CC8836266839BE5315F2F82788E48ABBC9DC7E9D0A5384

Function 0071437E Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56710fd8990360bf94616b87f00b54e847e86496d89f342381ea08b7365afea3
Instruction ID: 06d2fe39f699938a1a5be8f0d24d5b3ebe3565be08461e2cfc5f1c9591b5ee33
Opcode Fuzzy Hash: 56710fd8990360bf94616b87f00b54e847e86496d89f342381ea08b7365afea3
Instruction Fuzzy Hash: 9DB18BB3F116224BF3844978CCA83A66683EBD5314F2F817C8E496B7C5D97E5E0A5384

Function 0076C5BE Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00452a6073dffb13c5d564f3b6420933a4a0bb60c4f930a5977c64fe255ac173
Instruction ID: 39ab69ad7634660f556181902158d882aa2e6e6339ca2618375dd5853c7135b4
Opcode Fuzzy Hash: 00452a6073dffb13c5d564f3b6420933a4a0bb60c4f930a5977c64fe255ac173
Instruction Fuzzy Hash: 89B19FB3F116264BF3544D29CC983A2B693DBD5310F2F82788E486B7C9D97E9D0A5384

Function 007F6239 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb33cc5029dff3b5645626ca05a33a790d739e08e22c7902a4de5e3a227d8bd1
Instruction ID: 19cdc2633b33e4952a657e1e0730ceab1fb2e139275e466bd12c26fe2c7408ec
Opcode Fuzzy Hash: eb33cc5029dff3b5645626ca05a33a790d739e08e22c7902a4de5e3a227d8bd1
Instruction Fuzzy Hash: 05B17AB3F112254BF3544839CD983A26583ABD1321F2F82798F5DABBC9D87E5D0A5384

Function 00804581 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82abeebf2cc3926808261da971b942b212c657dbac5ea46e5b2b949bcf8c5711
Instruction ID: 02a5b6eea97ca69d49b1a46a05a84371b592255a3893cf06a08e8faf3b03b2ad
Opcode Fuzzy Hash: 82abeebf2cc3926808261da971b942b212c657dbac5ea46e5b2b949bcf8c5711
Instruction Fuzzy Hash: 10A17CB7F5162547F3584838DCA836265839BD5324F2F827C8E9DAB7C9DC7E5C0A4288

Function 00822297 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f70cb6383574cc8ff16e27a0c137bb8167dd6862af5e6dce36fa1c8ae2ef4b8
Instruction ID: 69d49c4d9788276fe09c3d22207141f8842da4c1f2f2e65fd097827be3b44ce9
Opcode Fuzzy Hash: 9f70cb6383574cc8ff16e27a0c137bb8167dd6862af5e6dce36fa1c8ae2ef4b8
Instruction Fuzzy Hash: 70A1CCB3F116254BF3444929CC983A27683EBD5320F2F82388F59AB7C9D97E5D0A5384

Function 0072A282 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 534d3153582b8e7868288cebd15b73b496c0c5030b4e8f982d7da894b6e471d5
Instruction ID: 57d2e7a79aec56fcbfc8b12bafc594ea284f3c45f822071f2d01f26eda8bfc06
Opcode Fuzzy Hash: 534d3153582b8e7868288cebd15b73b496c0c5030b4e8f982d7da894b6e471d5
Instruction Fuzzy Hash: 3AB169B3F2162547F3484928CCA83A27653EBD5324F3F41788A59AB7C5D93E9D0A5388

Function 006A6160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: 6c8e4d64e055d364859ad0000706d240d7f0e954e7eb4378c0a0ed75b353b5e6
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: D3C15BB29087418FC360DF68DC86BABB7E1BF85318F08492DE1D9C6342E778A555CB06

Function 007720BF Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff38ccfbba4361ac90871fc780ca5e47a8bde4ecc4a5296114ac924c8f7856d2
Instruction ID: 977d08b861f4b312121da8ee6b0418c9ece75bd6911094cc16d569996f04f1d7
Opcode Fuzzy Hash: ff38ccfbba4361ac90871fc780ca5e47a8bde4ecc4a5296114ac924c8f7856d2
Instruction Fuzzy Hash: BCA15FF3F1162547F3444D28CC583A2A653D7E0325F2F81788E58AB7C5D97EAD0A5388

Function 007183F8 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c364b214032ce2cee157b8b8a6b671bfb78a951eafb14df7a3a07314e8e45e
Instruction ID: d6265418d418539dfcfb88e6a460be556c7d90060bef05bbf33cc0065e7db604
Opcode Fuzzy Hash: 37c364b214032ce2cee157b8b8a6b671bfb78a951eafb14df7a3a07314e8e45e
Instruction Fuzzy Hash: 9AA1BFB3F2162547F3444979CD983A166839BD5324F3F82788A5CAB3C5ECBE5D0A5384

Function 007D019E Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa82feef43da37e1cf9dd9705ca7291bf0b26229c0ebfddeb42940cbcc02364
Instruction ID: b4da8e705d254aff70ed032235e6609f4cbee93546927d3d8fc388039ff2e63d
Opcode Fuzzy Hash: daa82feef43da37e1cf9dd9705ca7291bf0b26229c0ebfddeb42940cbcc02364
Instruction Fuzzy Hash: 0CA1BAF3E2153547F3584938CC983A2A6929BA4321F2F82788F6D7B7C5E83E5D0952C4

Function 00776338 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9f9b3815da61b9f3b476b659fdf354a19c1784f114488352f72adc9e0a23128
Instruction ID: 3e97902b5a6065e7624e7c7be98095f854409e80cabb067053471fc0488c9e44
Opcode Fuzzy Hash: a9f9b3815da61b9f3b476b659fdf354a19c1784f114488352f72adc9e0a23128
Instruction Fuzzy Hash: 12A1ADB3F116254BF3544879CD5836266839BE5320F2F82388E4DAB7C9ED7E5D0A4284

Function 00738559 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f44e12f6ee8a2d12f8a8ba715ea967b02f72747aec0dd33bf8178a9ad8b040a6
Instruction ID: 4f2d5a72930397a6c067530b125b50a70b0dfa3281bc1069252ae2a81b00fb2c
Opcode Fuzzy Hash: f44e12f6ee8a2d12f8a8ba715ea967b02f72747aec0dd33bf8178a9ad8b040a6
Instruction Fuzzy Hash: 34A199B3F106258BF3544978CC983A276939BD5324F2F82788E8C6B7C5D97E5D0A9384

Function 007E4117 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d33d86d2fbdee63d3d856c5e9b30de8ec011a2ba4fe96d55bbe7234a97f768d
Instruction ID: 2d8fe892be9f4f025ec2f3e980b1d677ca1a05f766af50b59a8c2362010698ec
Opcode Fuzzy Hash: 7d33d86d2fbdee63d3d856c5e9b30de8ec011a2ba4fe96d55bbe7234a97f768d
Instruction Fuzzy Hash: B4A178F3F1162547F3944969CC583A2A682A795324F2F82388E4CAB7C1ED7E9D0A53C4

Function 00738070 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2602ad800c7f8227ff685018125ebda9d5b78adaa8817d117ebbb15c9587eee3
Instruction ID: da9fcbbd094ec264bd391ac968fde748b909da2fbb723f02a97a252cbbd41719
Opcode Fuzzy Hash: 2602ad800c7f8227ff685018125ebda9d5b78adaa8817d117ebbb15c9587eee3
Instruction Fuzzy Hash: 49A16AF3F012254BF3540D28DD983626683DBA5315F2F82788F586B7C9E97E5C0A5384

Function 0080A1F3 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb9cb532e355cb7323008cf83eddc333885e2a873f3e5089319d6fa407f4356e
Instruction ID: 409472732097dde7d3d0256cb32eb689a20669577eb30e349e48e8956d87b66c
Opcode Fuzzy Hash: fb9cb532e355cb7323008cf83eddc333885e2a873f3e5089319d6fa407f4356e
Instruction Fuzzy Hash: 32A18DB3F1162547F3944929CC983A27293EBE5311F2F82788F486B7C5D97E9D0A9384

Function 0082E16A Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e9b81bbc58cb506d31a8bcc70b491962ada3dda3869ccade6cb3111044af00
Instruction ID: 3f5f64cae6e33b2c9bd4ce0cf156f3796a4dc4afacafb5f4cc502526e9c62635
Opcode Fuzzy Hash: 93e9b81bbc58cb506d31a8bcc70b491962ada3dda3869ccade6cb3111044af00
Instruction Fuzzy Hash: 3EA148F7F1163147F3504829DC98392668297A5325F2F82788E6CBB7C5E8BE9C4A53C4

Function 007E8364 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7074b79a6333448a1d0a1a3b3af474f441f89f0652ed2a7084cb35735b5debb3
Instruction ID: 67878beddf2e3d571c13277a0165ade303f9a084de80a814e21fe1631d08db69
Opcode Fuzzy Hash: 7074b79a6333448a1d0a1a3b3af474f441f89f0652ed2a7084cb35735b5debb3
Instruction Fuzzy Hash: 95A18CB3F1112647F3444D39CC583627643EBD5314F2F86788A58AB7C9D93EAD0A9388

Function 007A04C7 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a88960f2a715032fbec84dbb887918fd9a2933202e08aa997b3a0d749d4db817
Instruction ID: 4db9e972c8b2377aa7bea6d8b7365258090eb5c0774862d6163c8fe89af25517
Opcode Fuzzy Hash: a88960f2a715032fbec84dbb887918fd9a2933202e08aa997b3a0d749d4db817
Instruction Fuzzy Hash: E3A19CB7F5162547F3944878CC983A266939794324F2F82788F48ABBC5D87E5D0A53C4

Function 00826530 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dfbee10563bf08fc4503b33882b87202832faf16f93b45d36c07d6428af9ba0
Instruction ID: b8533d651d9f952ae594f1e0b640cd22c5c4f6563d044aecd15e4a7ee5248292
Opcode Fuzzy Hash: 6dfbee10563bf08fc4503b33882b87202832faf16f93b45d36c07d6428af9ba0
Instruction Fuzzy Hash: D7A17EB3F5152587F3544D29CC983A2B693DB95320F2F82788E8CAB7C5E93E5D0A5384

Function 007DC1FA Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2031f24bee3a7eaa003476eb0dd5f618daecadc4b118738516c047fc7373e11
Instruction ID: 7949afa95e4963dfc62058bd340eb77a84751b258f499f56d534b925d5bb8b0f
Opcode Fuzzy Hash: b2031f24bee3a7eaa003476eb0dd5f618daecadc4b118738516c047fc7373e11
Instruction Fuzzy Hash: 9CA1AAB3F101244BF3544939CD583A26A939BD1324F2F82798E4CABBC9DD7E5D0A9384

Function 007E052C Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d34350f5e934cfa37829fb030802d3083ae1c3035327970ddee6defab521e6ea
Instruction ID: 0917042c59a58ddfa579b4887b9cf5142d3a4cf06a0affb896b4517090243f22
Opcode Fuzzy Hash: d34350f5e934cfa37829fb030802d3083ae1c3035327970ddee6defab521e6ea
Instruction Fuzzy Hash: 75A16AB3F116254BF3884875CCA83A2618397D5324F2F82788F29AB7C6DC7E5D0A5384

Function 0076E55A Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d8dc4d2a8f4d52e0298b9d4e5da237547e60e905517b0ef16de8533b003b78a
Instruction ID: f6f7fbf3d340e79f57992ef39ebbe9eea6a080f7a9eed3de0c314db9d83c3e60
Opcode Fuzzy Hash: 0d8dc4d2a8f4d52e0298b9d4e5da237547e60e905517b0ef16de8533b003b78a
Instruction Fuzzy Hash: D3A16CF3F115254BF3544839CD983A266839BE5325F2F42388F4DABBC5D87E9D0A5284

Function 0081C200 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45692ace3e8c0ad00a0dc446d7fd5316539f1a55e944c4aee41ce14b460f3bf4
Instruction ID: 0039a55a57dda985819927a78666728818caa63372545e390e5cc45d189628c1
Opcode Fuzzy Hash: 45692ace3e8c0ad00a0dc446d7fd5316539f1a55e944c4aee41ce14b460f3bf4
Instruction Fuzzy Hash: 4BA17DB3F106254BF3544D69CC983A27693EB99310F2F42788F49AB3C1D97E9D0A9384

Function 007DE010 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc17aa5ccfe5d6baff486b359b513c6c893a86e852f4ba86308e12d6792f439
Instruction ID: 933dba19c727ab619fa86e39cac435908d1a5a9d176f3e4dfd0a0bbafec6bd01
Opcode Fuzzy Hash: 6dc17aa5ccfe5d6baff486b359b513c6c893a86e852f4ba86308e12d6792f439
Instruction Fuzzy Hash: 6FA1AEB3F116254BF3584978CD983A23653AB91320F2F82788F4DAB7C5D97E5D0A5384

Function 00805016 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c75f460c6be6f3963b2a57a1a905ce2cf7ef4519bf54319e5b4a7b195e47db4
Instruction ID: aa61f44b585c46a8db345fbb205ea02454ac595dac18a3a2418c4bf246a18909
Opcode Fuzzy Hash: 7c75f460c6be6f3963b2a57a1a905ce2cf7ef4519bf54319e5b4a7b195e47db4
Instruction Fuzzy Hash: 81A1A9B3F1162547F3544929DC683A276539BE5320F3F81788E4C6BBC4D97E5C0A9784

Function 0081A2DC Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd61ca44d15c1decf1e9e8d2c945387e1109746e26dae9cc7daab94aa9aeee1
Instruction ID: 3dc9bea56d14b0a1c412b48efcb6b86797846bf4b72af4f9ab7a2c3ecb183911
Opcode Fuzzy Hash: 7dd61ca44d15c1decf1e9e8d2c945387e1109746e26dae9cc7daab94aa9aeee1
Instruction Fuzzy Hash: 6AA179B3F105244BF3484929CC683A66693AB95320F2F827C8E4EAB7C5DD7E5D4A5384

Function 007065AE Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e93c0dece7c134143d297f42bc18bbb30b9e46117754d2d15caadfd23c94430
Instruction ID: b1d6ac3a87f08691a3d8a9a52dad31f85cf76fa369415e286c20a2facb8571de
Opcode Fuzzy Hash: 4e93c0dece7c134143d297f42bc18bbb30b9e46117754d2d15caadfd23c94430
Instruction Fuzzy Hash: 4BA18AB3F111258BF3584E28CCA83627693DB95324F2F42798A09AB7C5DD7E5D0A9384

Function 0070C42F Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a040d5f9fec18193a6fec6e289a3cff3ca237322ba428385807cc546f5a1b1f5
Instruction ID: 0c6594f78d9f86f5bfe9233cb715d3d3fa7decfe0ce7c9bfb4068b5bd9ea6c40
Opcode Fuzzy Hash: a040d5f9fec18193a6fec6e289a3cff3ca237322ba428385807cc546f5a1b1f5
Instruction Fuzzy Hash: 28A16CB3F112254BF3544D28CD983627653EBD5324F2F82788E486BBC9D97E5D0A9384

Function 0079B047 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8ce46181d2d31144b300e59a7e7251761e4cd748e190332ac85ff97b69939ff
Instruction ID: 3248d19f355a9c0a456a0dd3562207e7aac81298474bdd78bd302dd523c7f681
Opcode Fuzzy Hash: e8ce46181d2d31144b300e59a7e7251761e4cd748e190332ac85ff97b69939ff
Instruction Fuzzy Hash: 90A156B3F1163547F3504969CD88362A6939BD4325F2F82788F4C6BBC9E87E5D0A52C8

Function 00744269 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e02751a44c8fad3016eb34d61c8006b226b178fde8363c943e124194c73dbd4
Instruction ID: 4a75f168e310cbd27baa10851d362974b0ec03f71a6e9dc85adf5a85a56b66c9
Opcode Fuzzy Hash: 5e02751a44c8fad3016eb34d61c8006b226b178fde8363c943e124194c73dbd4
Instruction Fuzzy Hash: 87A18AF3F1062447F3544869CD58361A682DBA5324F2F82788F5CAB7C6E87E9D0A53C8

Function 0074105E Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a87ba3c0a80e0a9acccfd7ba6a7a1de137e169be0d7f575f78192ec678c3ef8f
Instruction ID: d0df6ab65d29b72295acef6d8e44aaf8f5a0cebec39ab6060afbc8fe4608182a
Opcode Fuzzy Hash: a87ba3c0a80e0a9acccfd7ba6a7a1de137e169be0d7f575f78192ec678c3ef8f
Instruction Fuzzy Hash: F2A18CB3F1062447F3544929CD983617683EBD4324F2F82788E58AB7C5DD7EAD0A5388

Function 00796259 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a949a0cab165829acbf679663f915bc5e9e46fe48f00b805a7472f0d7616cc02
Instruction ID: ed0fa83f8f76ea59b3ad737a603bf6a2e6ab368eab65021d476e0fea935942b7
Opcode Fuzzy Hash: a949a0cab165829acbf679663f915bc5e9e46fe48f00b805a7472f0d7616cc02
Instruction Fuzzy Hash: 9CA19CB3F112254BF3544D69CC583A26693EBD5321F3F82388A48AB7C5DD7E9D0A5384

Function 007B447B Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c46d23e6c64b8440c42b4a83f21cc95222cd301279a5d89fe8a4af368499e898
Instruction ID: fd1e289fdf7fb7db1c03fd7b2c1645894d152f94e9c55efd3e6d5a79dcd78e21
Opcode Fuzzy Hash: c46d23e6c64b8440c42b4a83f21cc95222cd301279a5d89fe8a4af368499e898
Instruction Fuzzy Hash: 72A1ABB3F1162547F3584938CC583A27683DBD5324F2F82788A9AAB7C5DD7E5C068284

Function 0070A0B4 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 723171a1834181ad0072604c64e5fbe500830bf8b3fade9ec73033eaa45a3ff6
Instruction ID: 38e8f6952624ba0174070085633669dab9279d1a33c5d489ea2b232a50799d16
Opcode Fuzzy Hash: 723171a1834181ad0072604c64e5fbe500830bf8b3fade9ec73033eaa45a3ff6
Instruction Fuzzy Hash: 07A178B3F1152447F3984929CC683726693DBD5320F2F82788E4AAB7D5DD3E5D0A9384

Function 007700F4 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6cc1945984a0f909aace69ca4d760eb58cec4b8fdd7a0e50fa8c04be5c987b4
Instruction ID: ed4952e86e72ed1672b5af4a17de7c2a305a81d9f828f8c8de68f9099da4412b
Opcode Fuzzy Hash: a6cc1945984a0f909aace69ca4d760eb58cec4b8fdd7a0e50fa8c04be5c987b4
Instruction Fuzzy Hash: 9991ADB3F1122547F3504D69DC883A27683EB95325F2F82788E4CAB7C5D9BE6D0A5384

Function 0077A47E Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c721693931d8ee1e52c547165bdf06a039bd210a22540b3ab941c3c193364377
Instruction ID: 99594b50594c93f8f705b41a90429695ba8acc49368ddde965c04c70e6ba1a80
Opcode Fuzzy Hash: c721693931d8ee1e52c547165bdf06a039bd210a22540b3ab941c3c193364377
Instruction Fuzzy Hash: CD917CB3F1162647F3544839CD9836665839BD5320F3F82788E4C6BBC9D8BE5D0A5384

Function 007CA29C Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83dc64c5a1dd74b4de36e7be401d6642aba088cce32e3c39fbe8f357758c781b
Instruction ID: ad8069da1181ddf7b27da9b1560f064b18ad0261b04a9403aeb4d123103c262d
Opcode Fuzzy Hash: 83dc64c5a1dd74b4de36e7be401d6642aba088cce32e3c39fbe8f357758c781b
Instruction Fuzzy Hash: 58917CB3F1062547F3484D28DCA83A27692DB95324F2F817C8E49AB7C5D97E9D0A9384

Function 0082A426 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9951c7ef538af651d3a43ed78267cc8e75a390676ac6c46fd02ca53dec33db7e
Instruction ID: 4acd027bdfea0d5069116371dfa412b53fa4eeb170bab368254bdc4ab19182a9
Opcode Fuzzy Hash: 9951c7ef538af651d3a43ed78267cc8e75a390676ac6c46fd02ca53dec33db7e
Instruction Fuzzy Hash: 8491CFB3F106254BF3484929DC943A17693EBD5324F2F81788E88AB7C1DD7E5D0A9388

Function 007AC1FD Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1781ebd9f0a34721d2e522ea975d6102a9d9a2bf66bb550b95474ba4658b44e
Instruction ID: feb18a91be707899bbfdef5fcf662f6a40fb9518cc674afc695e972b351820f2
Opcode Fuzzy Hash: f1781ebd9f0a34721d2e522ea975d6102a9d9a2bf66bb550b95474ba4658b44e
Instruction Fuzzy Hash: 8291A0F3F1152547F3544928CC583A26683DBE1315F2FC2788E58ABBC9D87E9D0A5384

Function 007AF0EE Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f0aa268f8183ef15bc87ee1e13f8d4211cdd9b13346b11b78628fb6a835cb0
Instruction ID: f494af30de2ba868005ba2ea58a3435cd77e35cf03c8dc7895b5a39b3272f0d7
Opcode Fuzzy Hash: 42f0aa268f8183ef15bc87ee1e13f8d4211cdd9b13346b11b78628fb6a835cb0
Instruction Fuzzy Hash: 1E918CB3F1122547F3504929DC983A27693EBD5311F2F8278CE486B7C9D97E6D0A9384

Function 008281CB Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eda6d5667004562321c82ec0474e4096826ddd679b799b65195411ee0eff690
Instruction ID: 87cdbfddb86b72ebcddb64533eb704b750ea8fb9a5dc8adf8e2f8f86ea083817
Opcode Fuzzy Hash: 7eda6d5667004562321c82ec0474e4096826ddd679b799b65195411ee0eff690
Instruction Fuzzy Hash: 169156F7F1262547F3944868CC983A2654397E5325F2F82388F586BBC9DC7E4C0A5384

Function 007982DB Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4256035d44cfaf638dd3a6de5034761b5c6ecabf536df2b32049661698b88f5d
Instruction ID: f1ae61db398410fd21813d0058b1e8cf53056169ef657661732bfac120e2c788
Opcode Fuzzy Hash: 4256035d44cfaf638dd3a6de5034761b5c6ecabf536df2b32049661698b88f5d
Instruction Fuzzy Hash: 60918CB3F106254BF3590938CD583A26683DBD5314F2F82388E5DABBCAD97E5D0942C4

Function 007A836E Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a6c1d75bbd7f97752f4f7474bad3a72bcf17d1fc49f59dcd58862c7246c6c93
Instruction ID: 3dd4ce9cf917f07dc38e5237b3885926e0f9429530d4baaed1629a4ac59714d4
Opcode Fuzzy Hash: 2a6c1d75bbd7f97752f4f7474bad3a72bcf17d1fc49f59dcd58862c7246c6c93
Instruction Fuzzy Hash: 1E918CB7F1162547F3504D68CC883A266939BE4325F2F82788F5CAB7C5E97E5D068388

Function 00832355 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e176261b6301a4f1ccc3ab681653f073f3f547fbc7fff3185a7fa299c275900
Instruction ID: 228e2a4b70ab9e387945c8b8e37debcc47f5535700fa23128e2853a861fc0843
Opcode Fuzzy Hash: 9e176261b6301a4f1ccc3ab681653f073f3f547fbc7fff3185a7fa299c275900
Instruction Fuzzy Hash: 399178F3F116254BF3444968CC983A26293DBA5311F2F82788B4DAB7C5E97E5D0A5384

Function 007BC1B0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb92abd333540ed75b4cddc48bae9d2b1d6e480980e91365b685bbd7e71dad7d
Instruction ID: 3c2461812f18efff59fb9629641e558db5f8450807dccceeacbc544019be82b2
Opcode Fuzzy Hash: cb92abd333540ed75b4cddc48bae9d2b1d6e480980e91365b685bbd7e71dad7d
Instruction Fuzzy Hash: A69168B3F111254BF3484D78CD683A27693DB95320F2F82788A4A6B7C9DD7E5C0A9384

Function 007D82DB Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47962f2fefac593564046661ce2c0f2754192c6bb7ab554f8efd54c385e0a5ef
Instruction ID: 1734c019ddbcd29d16c5117e8e9499f0bc15c583ab60c0daee293bfa7a56d9c6
Opcode Fuzzy Hash: 47962f2fefac593564046661ce2c0f2754192c6bb7ab554f8efd54c385e0a5ef
Instruction Fuzzy Hash: A4918AB3F1022547F3544D68DCA83A16682DB95320F2F427C8F98AB7C5D9BE9D0A9384

Function 007C6505 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e16dbb45f2de7d9f0b50c8c4627b091a4a1fe279fa958a458465568a58dc0efb
Instruction ID: 6227b34676270eab75bc9aeb7c669956e62cec464c817f0a5f96f42de05e2bf8
Opcode Fuzzy Hash: e16dbb45f2de7d9f0b50c8c4627b091a4a1fe279fa958a458465568a58dc0efb
Instruction Fuzzy Hash: 3E919FB3F5062547F3584878CDA83A66583DBD4324F2F82388F59AB7C5E87E9D0A5284

Function 0075E136 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 433bfb59e822fe4f4b8acc587a7415bc85a3792202693e8c652c4f0791c7e4ad
Instruction ID: 22330b4507026b845552fcc024a8edaa1899175e19d54ce3d06e8cce51192c1d
Opcode Fuzzy Hash: 433bfb59e822fe4f4b8acc587a7415bc85a3792202693e8c652c4f0791c7e4ad
Instruction Fuzzy Hash: 6F918CB3F5122547F3544D78CC983626692EB95310F2F42788F486B7CAD97E5D0A9384

Function 0070E1C1 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17eb2b03fe17a8cb87c7662d42045ff979d18a216326fbe8eca3dd4a41879f67
Instruction ID: 17365eba23d7afcb97158f6b7c43b52cfd502cdd884f23abbc1af849ae0a34aa
Opcode Fuzzy Hash: 17eb2b03fe17a8cb87c7662d42045ff979d18a216326fbe8eca3dd4a41879f67
Instruction Fuzzy Hash: 53918EB3F1112487F7644E28CC983A2B693DBD5311F2F82788E496B7C5D97E6C4A9384

Function 0076A2FC Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a495f739e8753f27505d98b4e6d8ffd2008eb6dfdb2cc6160924aedf358b2dff
Instruction ID: 75c7fd38691f35f86bcebbc85c6d867816790106a09e3745df021ce95092f44c
Opcode Fuzzy Hash: a495f739e8753f27505d98b4e6d8ffd2008eb6dfdb2cc6160924aedf358b2dff
Instruction Fuzzy Hash: 5691ACB3F116244BF3544D29CC583626283EBE4321F2F82788E486B7C9ED7E5D0A5384

Function 007EA5F5 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8aed0abc82f9ff84a2ddd60f9e7a1db32c7ca9460563d89773c24b973ee74ea
Instruction ID: 7fce21a1f2f01da3d6c6af7c3bccbbf056b332223392687a9c92e07e63695da7
Opcode Fuzzy Hash: b8aed0abc82f9ff84a2ddd60f9e7a1db32c7ca9460563d89773c24b973ee74ea
Instruction Fuzzy Hash: 1A91AEB3F116254BF3404969CC983A27653EB95320F2F4278CE58AB7C5D97EAD0A93C4

Function 00834172 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91cdd1478f5c0af8210ab10a55c7d55727cc6cf5d63c53e85c110d5c8437bb3b
Instruction ID: 4b4e09938dcb59c05870aa3177e39cfcd0dff11aa83834c4bc609ddb09b1b62c
Opcode Fuzzy Hash: 91cdd1478f5c0af8210ab10a55c7d55727cc6cf5d63c53e85c110d5c8437bb3b
Instruction Fuzzy Hash: 8B9179B3F5152487F3184D29DC983A17293EB95325F2F417C8E48AB7C5DA7E6C0A9384

Function 0074E2B9 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 620ec61eabc22bc8a7241d46342e8b4e02d50aae6f7d0dd5f861c4c564794d2f
Instruction ID: 1c5db92ab9e6d292c69f95642aa2a5f63c092d677a2c52baf18bfa21d21cec87
Opcode Fuzzy Hash: 620ec61eabc22bc8a7241d46342e8b4e02d50aae6f7d0dd5f861c4c564794d2f
Instruction Fuzzy Hash: 2A91ACB3F116254BF3504979CC983A276939BD5314F2F82788E4C6B7C9D97E9C0A9384

Function 00710442 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2098181a4fd2a8b2dc8d1d5827cb74d4076ade16fd388f45da0c3bb14343b317
Instruction ID: 2081e4bfffd8d3cbf935fbc831a9b07669d96a03d4807bf360df73d3fb4a4916
Opcode Fuzzy Hash: 2098181a4fd2a8b2dc8d1d5827cb74d4076ade16fd388f45da0c3bb14343b317
Instruction Fuzzy Hash: 509159E3F5152547F3584835CD693A22583DBE0325F2F82798F49ABBCAD87E9C0A5384

Function 00840216 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ab2cde701ecbcb4ebfed9da57ece2edd6a78266d03bd706509e0bbf2e353e6
Instruction ID: b4696acf2fd1fd76001fd33e178307d0ef223138eb351857c7bb7133f4616100
Opcode Fuzzy Hash: b9ab2cde701ecbcb4ebfed9da57ece2edd6a78266d03bd706509e0bbf2e353e6
Instruction Fuzzy Hash: 1991ACB7F106254BF3580D28DC983A27293DB95314F2F81788E4C6B7C5D97E5D0A9388

Function 007B6196 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 782474e76b28c618d036aab71187cb365ae9a691c127f01d520ecbea8b84ac4e
Instruction ID: e7d52ccf14d08515a2cf877b3ebe3e78746a6978a0bbb2fd329879d3d787ced9
Opcode Fuzzy Hash: 782474e76b28c618d036aab71187cb365ae9a691c127f01d520ecbea8b84ac4e
Instruction Fuzzy Hash: 0891BFB3F1063587F3504D68DC983A17292DB95325F2F42788E48AB7C5D97EAD09A3C8

Function 0078807D Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f6fef08dd0b695745052e7971bbff5c7931376b231896472da45903a78a33c
Instruction ID: 6e05f16c75ced3d2544efc295dd497378c41a7cdb7f3c1ea9838330f72ced5fb
Opcode Fuzzy Hash: b6f6fef08dd0b695745052e7971bbff5c7931376b231896472da45903a78a33c
Instruction Fuzzy Hash: 259189B3F1162547F3584928CC993A26693DBD4314F2F82788F4D6B7C9D87E5C0A5388

Function 0083C099 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88d03fe298c24b691c2b189acfa6b002d11162ab8d0a2cf8905f4e37f28ba3ce
Instruction ID: be1dd37e3b3473d2382d8b637df8589bda3e007eed72c7177343c1f4256b670e
Opcode Fuzzy Hash: 88d03fe298c24b691c2b189acfa6b002d11162ab8d0a2cf8905f4e37f28ba3ce
Instruction Fuzzy Hash: 979146B7F1162447F3844869DD993A26583E7A4314F2F82788F5CAB7C6D8BE9C0A5384

Function 006C04C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: 55c314a66146f254ca6ae8d6df4ff8582ccf0ef1f065ae3cf290dff06b2fcb0f
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 64B16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715

Function 0077C2A9 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e580cba1fea9d5624e52da836707329c14fda96d1946a893eef2f7b17c0a805
Instruction ID: 77816c66df5953e23fa251fd32da48da46ecd1de6bf794dc433950715b25c499
Opcode Fuzzy Hash: 8e580cba1fea9d5624e52da836707329c14fda96d1946a893eef2f7b17c0a805
Instruction Fuzzy Hash: AA819BB7F112244BF3844978CC683A22683EBD5314F2F82788A8CAB7C5DC7E5D0A5384

Function 00812390 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aedddfd043dd0444f56692fe3e188def4801f054f9107c62d42c675ab5616030
Instruction ID: 542deaebb0aadac48131b057d314e6c268bb28842a85cd7529744e2cd0809992
Opcode Fuzzy Hash: aedddfd043dd0444f56692fe3e188def4801f054f9107c62d42c675ab5616030
Instruction Fuzzy Hash: B6918CB3E215254BF3944D24DC983A27653EB94320F2F82788E4CAB7C5D97E5D0A9388

Function 007DA3B0 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2f0e329bbf44e8918d22e0bcc99564dc82dafd6bdfef19d8f3963db3807ea7e
Instruction ID: 93cd2807eea74eb0bcf73f47463d7c5ad9b43303b1fcdfeb760c5e25d6332d55
Opcode Fuzzy Hash: b2f0e329bbf44e8918d22e0bcc99564dc82dafd6bdfef19d8f3963db3807ea7e
Instruction Fuzzy Hash: 9E918073F116258BF3404E29DC993A17793DBD5320F2F41788A58AB3C5DA7E9C169384

Function 007FA54C Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42bb7256cca2b907100f0ed6437cf754744d3fdb4aa4ce4fffc7798ab1f6e797
Instruction ID: 1aae7f67d3e9561f6b4597a94727669cac0f69050b7674193fc305e349b44627
Opcode Fuzzy Hash: 42bb7256cca2b907100f0ed6437cf754744d3fdb4aa4ce4fffc7798ab1f6e797
Instruction Fuzzy Hash: 40918FF3F1162547F3544D68CC983627682EBA4310F2F82398E58AB7C9D97E9D0A53C8

Function 00742049 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b0070f324b1934b266e8c95927682b13ca74c1fd30a272b1ccd41bcb5e87dd7
Instruction ID: a00e6b093733814314112498e9b88620f7c2437ce5fae43b972a8b45d8fbccef
Opcode Fuzzy Hash: 2b0070f324b1934b266e8c95927682b13ca74c1fd30a272b1ccd41bcb5e87dd7
Instruction Fuzzy Hash: D98158B3F1212547F3584939CC583626683ABD4311F2F82798A89AB7C9DD7E5D0A9388

Function 006E0460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: af0d9c5e3e9d950c297d04ed5b119940806a5932ef441a8adbbbed8b3302db03
Instruction ID: c5318964016585600a496dda4686df05b610e94d4d8266ea268d1c518a6c8696
Opcode Fuzzy Hash: af0d9c5e3e9d950c297d04ed5b119940806a5932ef441a8adbbbed8b3302db03
Instruction Fuzzy Hash: 20616935A053819BEB159F19C89067FB3A3EFC5720F19852CE9858B391EB70DC91C782

Function 00724530 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f5f8953daa1453704543afd5b919a32eeadbaa2a11bff9c3bf65c5ab5f1be19
Instruction ID: 2398587ce27dd5066402dfe2c6c9094a6985a2d7d0fa22ef0f214dffaa8476ce
Opcode Fuzzy Hash: 1f5f8953daa1453704543afd5b919a32eeadbaa2a11bff9c3bf65c5ab5f1be19
Instruction Fuzzy Hash: 1781A8B7F1163487F3504968CC98352B6929BA5321F2F82788E9C7B3C5E97E5C0A53C8

Function 0082A012 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042d7e96d06d91b67f3cec240f701a6736031c094dd2a66f09276106b1fd744d
Instruction ID: 7a0f87f873cf93ae5cb77bbff9c3e0b58e0a33b9dd9ba0d42fd6d424a1af24d0
Opcode Fuzzy Hash: 042d7e96d06d91b67f3cec240f701a6736031c094dd2a66f09276106b1fd744d
Instruction Fuzzy Hash: 608149B7F1162547F3544879CD983A26583EBE0314F2F82788F88AB7C9E87E5D0A5384

Function 007B00A7 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da543fdddd8affb17649a58e701fa8cbb43a1f6c8a2054b099e0087fc7e82a4f
Instruction ID: 16ec0f70f1f5e811e8a6dc311e6fc891343d419a533e6fc6b7f260e06317fda8
Opcode Fuzzy Hash: da543fdddd8affb17649a58e701fa8cbb43a1f6c8a2054b099e0087fc7e82a4f
Instruction Fuzzy Hash: 7B81B9F7E126264BF3540D78DC983A26653EBA5321F2F42388F486B7C5E97E1D095384

Function 007B40B8 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f66f96e489369397eac28234816d25ca47d38ce26193a93b9b0cdb096455ab7
Instruction ID: cf06c6c65ab9ea0c3f18280150280344ef864ddb6f8366eedebd215fb7aac96a
Opcode Fuzzy Hash: 7f66f96e489369397eac28234816d25ca47d38ce26193a93b9b0cdb096455ab7
Instruction Fuzzy Hash: 4A81C2B3F116258BF3444D28DC983A27693DBE5311F2F8278CA586B7C9D93E5D0A9384

Function 007FA188 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09813c2658f2b3d0bd7623015fc129523e92fd308266c416632645cdf149d530
Instruction ID: 03ed454445e401be4157bddc7200b9350deaa1f3fc43f1352c1100230bcadbc2
Opcode Fuzzy Hash: 09813c2658f2b3d0bd7623015fc129523e92fd308266c416632645cdf149d530
Instruction Fuzzy Hash: 3F819AB3F115298BF7544E28CC983B27653DB95311F2F82788E486B7D5D93E6D08A388

Function 0071E395 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75783e15f2cce3cac0d8ff1650d06672d9101b8c6c7c7fc2804ac7c3decff831
Instruction ID: ff87ec688021f3e72537a693e559b888f1a4e691972c07d230d1cdc93a887382
Opcode Fuzzy Hash: 75783e15f2cce3cac0d8ff1650d06672d9101b8c6c7c7fc2804ac7c3decff831
Instruction Fuzzy Hash: 658189B7F106254BF3944975DC983627683ABD8324F2F42788F48AB7C6D97E5D0A4388

Function 007D2454 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7556fbeda2c83cb3134d78d63aaa7a0cabc55f1ee84ea1b4d9864e95d42eed74
Instruction ID: b97606e78706a744459fb34f5a3c926c56a987d4c6e68ee238b38bf001e7beba
Opcode Fuzzy Hash: 7556fbeda2c83cb3134d78d63aaa7a0cabc55f1ee84ea1b4d9864e95d42eed74
Instruction Fuzzy Hash: AD819CB3F1162547F7580828DCA83A26693DBE5324F2F42788E4DAB7C6D97E5C065384

Function 0078E182 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1766fef88763770f70627a927559ae401bf602fc20d4503ce1e9cb319eab64f1
Instruction ID: 9679779841d6a3b7a1ec04738f74b43f58e66670ef0aa7e06039bc78f8a7f405
Opcode Fuzzy Hash: 1766fef88763770f70627a927559ae401bf602fc20d4503ce1e9cb319eab64f1
Instruction Fuzzy Hash: 45819CB3F116354BF3544E68DC983A27292DBA5310F2F82788E48AB7C5D93E6D0993C4

Function 006DC5A0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 076758bc55855f2ce6c3e7033b515ee7983f4bcb6bce192174786f81b736f66b
Instruction ID: 18776be695108d7b9f8dcc450f8c87ac0fc5234d342cb43e4d9b6838b2ebac6b
Opcode Fuzzy Hash: 076758bc55855f2ce6c3e7033b515ee7983f4bcb6bce192174786f81b736f66b
Instruction Fuzzy Hash: E1515B75E0834A4BD728AF68C88067FB7D3EBD5320F19897EE4859B391E6319C01CB85

Function 00734597 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e0e89c0a7d5a5ce04e61728fbe3829daf3bb1cb5738bb2e59b0b5998f0e631c
Instruction ID: 77de56261e0e0fc375fcb64cbb73350e01ffd3a02076b24a8b25b48d7a5c152f
Opcode Fuzzy Hash: 8e0e89c0a7d5a5ce04e61728fbe3829daf3bb1cb5738bb2e59b0b5998f0e631c
Instruction Fuzzy Hash: F8818CB7F106254BF3584C28CCA93626582DBA5324F2F82788F99AB7C6DC7D5D0A52C4

Function 007F029B Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f712b39991b77cadebfc5d3b5db3676f5ad917d2ef66b1bdc38e0f6197d328e
Instruction ID: fa8f903b8a10bb2266189dbc4c94ee65cc0d683f63d7d3cd4e41677f9975ae77
Opcode Fuzzy Hash: 3f712b39991b77cadebfc5d3b5db3676f5ad917d2ef66b1bdc38e0f6197d328e
Instruction Fuzzy Hash: D4814AF7F5162147F3884828CC693A6254397D4325F2F82388F896BBCADC7E5D0A5384

Function 0078E536 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cd886d4b71e87edc4655af70c35d51a621e90cd550daabacd91f6ef3a98bb7f
Instruction ID: 88cb6fb485e67bc6c09bdefbe00d4d630d6ebf5e157616fb91c3a72b76bfc601
Opcode Fuzzy Hash: 6cd886d4b71e87edc4655af70c35d51a621e90cd550daabacd91f6ef3a98bb7f
Instruction Fuzzy Hash: 448169B3F115248BF3544D29CC583617293ABD5325F2F82788E48AB7D4DA7E9D0A9388

Function 0076C214 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 008d1f25a5033fd02c73fa83dd45c2caa3608ed46fc95416269d1f210937c8cd
Instruction ID: 0ddb2accad42e1c06f3dba6323aa7a6be5ce26fd18b97563796e2914aeea8438
Opcode Fuzzy Hash: 008d1f25a5033fd02c73fa83dd45c2caa3608ed46fc95416269d1f210937c8cd
Instruction Fuzzy Hash: 77817DB7F1162547F3904928CC983627653EB95324F3F82788E58AB7C5D93EAD0A9384

Function 0070A5A2 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 318a4a0e83dc6725eca7b4128dbb208bb77053fa77cf1be334d40bab7cbf4a3b
Instruction ID: abf579635ebe42ecff00fd91d0d4f9777c6f3255cab1b2c794b5d6b5c33f7c5a
Opcode Fuzzy Hash: 318a4a0e83dc6725eca7b4128dbb208bb77053fa77cf1be334d40bab7cbf4a3b
Instruction Fuzzy Hash: 11817BB3F116254BF3444D28CC9836176839BD5321F2F82788E9C6B7C9D97E6D0A9784

Function 0071C202 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43553c82ed96c479978d1e72258f544163e25943c87f6774ac918d7dc0bd33a7
Instruction ID: 1bba4f5900013abfd29b2dca89f45aaefac557aebcd80162b1f6c603c95cb6e4
Opcode Fuzzy Hash: 43553c82ed96c479978d1e72258f544163e25943c87f6774ac918d7dc0bd33a7
Instruction Fuzzy Hash: 59817DB3F512254BF3444939CD583A26683DBD5321F2F82388A686B7C9ED7E5D0A5384

Function 00754561 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1b122ca64e5b135dd155989e106984fff1745de889f6a58a392b7617cf7c6c
Instruction ID: 1e68cbc2eae8962dd15104ef5395d45e0e099751e5d024b7553ecfc171f9e360
Opcode Fuzzy Hash: eb1b122ca64e5b135dd155989e106984fff1745de889f6a58a392b7617cf7c6c
Instruction Fuzzy Hash: B5819EB3F1162587F3508D79DC883926693DBD5320F2F82788A18A7BC9E97E5D0A5384

Function 00750169 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80b9bb4e71b359ef7c2d6276baa124fbaca1f523e57fecfd4506104138afea18
Instruction ID: b1f1dc67a2ed715e3f09553ae1f900a4cfe5c17b581228c610a9172bfae88987
Opcode Fuzzy Hash: 80b9bb4e71b359ef7c2d6276baa124fbaca1f523e57fecfd4506104138afea18
Instruction Fuzzy Hash: A78199B3F1162547F3944D29DC983A26693DB95320F2F82788E4C6B7C5D97E1D0A53C8

Function 007FC1B8 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb000eb3d53657bd3a85794c11668fd40224d392bc28621d707cb69da0284e2
Instruction ID: 2d4df8f25dc155b3b6ef91bb623a50e2ed23bcff9ecc857d4a9a71c429854a19
Opcode Fuzzy Hash: ecb000eb3d53657bd3a85794c11668fd40224d392bc28621d707cb69da0284e2
Instruction Fuzzy Hash: B98179B3F1162647F3544929CC983A16293EBD5325F2F82388F18AB7C5DD7E5D0A9388

Function 0077E458 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49160174bf44ca31e5327057319750070467626c005dccb606f234bf4ad73f9c
Instruction ID: 1f8e1f898c89b2b8a8694cc25cbb56356a0de85d3514b3aae0e0e4e8578a0f14
Opcode Fuzzy Hash: 49160174bf44ca31e5327057319750070467626c005dccb606f234bf4ad73f9c
Instruction Fuzzy Hash: E8819FB3F1122587F3404E68CC983A17693DB95325F2F42788E586B7C5D93F6D4AA384

Function 007DE4BE Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e5b058e74e97772119420ef676a43e5d129322a870eb9e2e0b9ca25585c30b3
Instruction ID: 47aeefcc99de70f53c9ac1d2ad89c7bc388e304554a38bf3d83fcfcc73009a0f
Opcode Fuzzy Hash: 9e5b058e74e97772119420ef676a43e5d129322a870eb9e2e0b9ca25585c30b3
Instruction Fuzzy Hash: 7C8186B3E1063547F3544D69DC98362B292ABA0324F2F82788E4CBB7C5D97E5D0A57C8

Function 0082001B Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bcf4840ae6b178ee9377fe424575f520f0740b51ea2747d55f43021775a3687
Instruction ID: 6aef82dea897348326f6a664eaa18a98313c664abf71172f1e4fdbe94de7893e
Opcode Fuzzy Hash: 0bcf4840ae6b178ee9377fe424575f520f0740b51ea2747d55f43021775a3687
Instruction Fuzzy Hash: D08189B3F111258BF3944E28CC683A17693EB95310F2E427C8E896B7C4D93F6C499788

Function 0080E5C4 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 068ae3a8706cf66a5929015912789bb8c565455feafd6362f296c811f3e634b4
Instruction ID: c70efe77139c922d804957bb8eb001af79d152fe3e0ccaa804dff29c1b029148
Opcode Fuzzy Hash: 068ae3a8706cf66a5929015912789bb8c565455feafd6362f296c811f3e634b4
Instruction Fuzzy Hash: 4F817AF3F1162447F3440979CD983627683DBA6324F2F82788B58AB7C9D97E5D0A5384

Function 007B90E5 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54b0b7570d8ead4f84c0b445bba2ff7b4690e1e067305282196c4e1a5871e37
Instruction ID: aa121f3d2ddca7a3575826a61c3245d1453ea00b7ee34f959b11c235af8ce105
Opcode Fuzzy Hash: d54b0b7570d8ead4f84c0b445bba2ff7b4690e1e067305282196c4e1a5871e37
Instruction Fuzzy Hash: C67167B7F1022587F3584D69CC983627293EB95314F2B827C8E49AB7C5D97E6D0A8384

Function 007AE570 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cff806fe225556d87bf16ede0bec12ddc55b0ab7aa10727f9de674e0d478aacd
Instruction ID: c376e4ede1e221242e27676e797baf4e1bb82315e3fd300f942e4a0f2a6c398c
Opcode Fuzzy Hash: cff806fe225556d87bf16ede0bec12ddc55b0ab7aa10727f9de674e0d478aacd
Instruction Fuzzy Hash: 2D716AB3F1112547F3544D29CC983627693EB95320F2F82788E48AB7C9D97E6D099384

Function 0079A304 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 556f05b5b935de619044c25c186657667f149899761ea17636da1782fd411b52
Instruction ID: 5fa32757e2763c3ed777d8a9809d199b38643b4c335fa87f4b6a6c52ae5db0ad
Opcode Fuzzy Hash: 556f05b5b935de619044c25c186657667f149899761ea17636da1782fd411b52
Instruction Fuzzy Hash: 6B71AFB3F2162547F3444D28CC543A27693EBD1324F2F82788E996B7C5D97EAD0A5384

Function 0083456A Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c86e194c18ab125d704c090472bde88f444fb8b0e2f748ecec0308f2c17ab01a
Instruction ID: 647c39c46bf04a1222cd02e7edf36efd04e50dd6eae583f2b744271ba113cae3
Opcode Fuzzy Hash: c86e194c18ab125d704c090472bde88f444fb8b0e2f748ecec0308f2c17ab01a
Instruction Fuzzy Hash: 99718BB3F1062547F3944D68CC983627683EBA1324F2F82388E896B7C5D97E6D0953C4

Function 00816082 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fee211c86ab1f9d4daf13aaa36eced3a8cfcc57b41a855bb54a4556f4476899f
Instruction ID: ba0a5725505300c00d151cd2a69a92f8e8fa6c6025c184d6c18353402bb487b8
Opcode Fuzzy Hash: fee211c86ab1f9d4daf13aaa36eced3a8cfcc57b41a855bb54a4556f4476899f
Instruction Fuzzy Hash: 8E7169B3F1162587F3544D29CC983627253DBD5724F2F42788B48AB7C5D93EAD0A9388

Function 007BC5DA Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0a51cb9fc4c2029af5c515636e5e591a834a95ef81482dc4b8930eea29dd028
Instruction ID: 420878c928370264ad02ab736731ba54e8115e32b5137fd9d181c1cb752c0057
Opcode Fuzzy Hash: d0a51cb9fc4c2029af5c515636e5e591a834a95ef81482dc4b8930eea29dd028
Instruction Fuzzy Hash: DA718AB3F1062447F3544969CC983A27693DBA5314F2F82788F486B7CAE97E6D0A5384

Function 007B809C Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 345a63f736c4db9a2478c7df0273a8787942c3cd286b5ab021d17baa343b9127
Instruction ID: 75003ff2892e90fa35ec21d51b298b89c62ac137ff300266ec8387e39faed95d
Opcode Fuzzy Hash: 345a63f736c4db9a2478c7df0273a8787942c3cd286b5ab021d17baa343b9127
Instruction Fuzzy Hash: 0671BDF7F1222447F3440D29CC683617693DBE5325F2F82788A58AB7C6D97EAD0A5384

Function 0073A101 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d11a02c20099030f63310c911c1b3bc2a605300958a04b447330a5fe8ae79b4b
Instruction ID: 26e6a80124e0e265d2e5aa37eeee9609f17a905eb5729669f347ed5846b2310c
Opcode Fuzzy Hash: d11a02c20099030f63310c911c1b3bc2a605300958a04b447330a5fe8ae79b4b
Instruction Fuzzy Hash: F57187B7F1162147F3584838CDA93A16583D795324F2F823C8F5AAB7C1EC7E8D0A4284

Function 0075E5AA Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35001391bbf3f3602bd7218e5f043864db86e3981bc12eb10fe54a126f35d77d
Instruction ID: 05309b1ab526bf9912b240ab6814b1dfc639daecb3e7b4a1ca3e58ed08417347
Opcode Fuzzy Hash: 35001391bbf3f3602bd7218e5f043864db86e3981bc12eb10fe54a126f35d77d
Instruction Fuzzy Hash: 79718DB3F112264BF3544D68CC983A27693EB94314F2F42788E9C6BBC5D97E1D4A9384

Function 0075A427 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5379dd154ad46ecbdfcc9f68dc05144bc92f7b8dfb1c7512d9b2f99fa75735
Instruction ID: 43c8939b16044c6f30f433e83cda46253eb2aa05cb912001932a336bff24ee6a
Opcode Fuzzy Hash: ca5379dd154ad46ecbdfcc9f68dc05144bc92f7b8dfb1c7512d9b2f99fa75735
Instruction Fuzzy Hash: C8718EB3F512254BF3444978CC993A27583DBD5320F2F42788E68AB7D5D8BE5D0A5388

Function 0083E43C Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d559f3d1af5628ceb8ffcd5a743924fba6b7be43f316eb997bf1b92c7306fe54
Instruction ID: 2c45d7de835d9a284c1bfca3ed9f66aa6dd2c518cab994f1b37da2241dcb0d46
Opcode Fuzzy Hash: d559f3d1af5628ceb8ffcd5a743924fba6b7be43f316eb997bf1b92c7306fe54
Instruction Fuzzy Hash: F871A0B7F1122547F3544D28CC983A67253EBD5310F2F82388B58AB7C5D97EAD0A9384

Function 008304D2 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 083b4276db5e45ad622927156eab6cb6babd4674b2dc99d4da8f5fb5d222be32
Instruction ID: 5d357f6a50ca458779facec5b2cffad7b794e9f4ecff73991b5769978887a3c0
Opcode Fuzzy Hash: 083b4276db5e45ad622927156eab6cb6babd4674b2dc99d4da8f5fb5d222be32
Instruction Fuzzy Hash: F0619FB3F1122547F3444869CC983627683DBD4325F2F81788E48AB3C5EC7E9D0A5384

Function 007610C5 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fec48515995c06490fc5ebc308dfb68ef73d53b94f7d5ab65610bffffc52dc50
Instruction ID: a6a5ee18b0a7800ba9862fecc3d86c39017a4027ef0fbeea348384a726003e81
Opcode Fuzzy Hash: fec48515995c06490fc5ebc308dfb68ef73d53b94f7d5ab65610bffffc52dc50
Instruction Fuzzy Hash: 8E615C73F1062447F3644D24DC983627692EB89310F2F41788E887B7C5C97E6E0997C8

Function 0082C184 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ae8e0f9a8abdac5e794d5dd3dd6a3f96112086a73fdba0696d4e65a42f92bbc
Instruction ID: b6c07886d51c8faaa8f224bc7df089d0f42142c0307d69d3a64abd577ec6f828
Opcode Fuzzy Hash: 2ae8e0f9a8abdac5e794d5dd3dd6a3f96112086a73fdba0696d4e65a42f92bbc
Instruction Fuzzy Hash: 8F616CB3F2252587F3484D28CC583617653DBD5321F2F82788B19ABBC9D97E9D099388

Function 007361C5 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a21b003f685724a6de1f11f7e569e36653b42407d6712d035e6f87f36be5a9
Instruction ID: 75048c9305f73c2e2d3a5e4850345ed1af41c77fddd438560a223eaea017d574
Opcode Fuzzy Hash: a1a21b003f685724a6de1f11f7e569e36653b42407d6712d035e6f87f36be5a9
Instruction Fuzzy Hash: EE61ACB3F1162447F3680928DCA83616293DBA5311F2F427D8E8D6B7C6D97E1D0A9388

Function 0077819D Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 582ae9229e54cf031c75852716ae79b7a4768d0b266e2162c1f8fcffb6ec2d98
Instruction ID: 4cf3c11ac28b2d2380143ed672492d40c8adab32dcebffbc41e19c650200780b
Opcode Fuzzy Hash: 582ae9229e54cf031c75852716ae79b7a4768d0b266e2162c1f8fcffb6ec2d98
Instruction Fuzzy Hash: 726180B3F6052547F3484E28CC983627692DB95310F2F417C8E48AB7D5D97EAD0A9388

Function 0073E399 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3abdd904e1489846b1b17cd65e1f29105aa5a29eff47f0526fd272770985e55a
Instruction ID: 1c348b9fff9a9a63756d79d12c7fd79991291bbe14ee507027cf0a721462ef29
Opcode Fuzzy Hash: 3abdd904e1489846b1b17cd65e1f29105aa5a29eff47f0526fd272770985e55a
Instruction Fuzzy Hash: 2A61BDB3F2162587F3944D28CC693627682DB91311F2F82788F89AB7C4DC7E9D099384

Function 007AA3F9 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b09c880ceb61d0814ebfd49471f7967213fe34f0682a89b6360a4617f5eb7c51
Instruction ID: 0f04539ea6c74eb75ec4ef8b7d4294c483555cd6c178c9ded58636d0b4f5e49f
Opcode Fuzzy Hash: b09c880ceb61d0814ebfd49471f7967213fe34f0682a89b6360a4617f5eb7c51
Instruction Fuzzy Hash: A36159B7F112254BF3544D28CC58361B693DBA5314F2F427C8E48AB7C5E93E6D0A9388

Function 007F2520 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaa33391bd67246e44d552dac9e7ab730b42b899aea89dd298a3ab9517df6448
Instruction ID: bcc213770a26a49c875b40fb8dd8113a88b8b4ebd2ac270739b22555ef7668aa
Opcode Fuzzy Hash: aaa33391bd67246e44d552dac9e7ab730b42b899aea89dd298a3ab9517df6448
Instruction Fuzzy Hash: 37618CF3F106258BF3540D38CC983617292DBA5311F2F82788F49AB7D9E97E5D099288

Function 007A624F Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8351fa77e06aced5f93189c0b23e1a6376266b6ef462043574cb67cf02c05b7
Instruction ID: a83081c35ba814f877f918acb0d454594e3cbf6cca6a0cf45c48028da2ebc546
Opcode Fuzzy Hash: c8351fa77e06aced5f93189c0b23e1a6376266b6ef462043574cb67cf02c05b7
Instruction Fuzzy Hash: 5B51AF73F1162547F3984928CCA43627253EB95310F2F82398F596B3C5DD3E6C0A5384

Function 007BE33B Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 435016bc0b8f257cf77a9cbabe5944879c365e5fa686c96352c26787549ab350
Instruction ID: a2e87389374328f986c487a54f508bfe0c170c9d014fe03f2754d9e4d1bd4a3d
Opcode Fuzzy Hash: 435016bc0b8f257cf77a9cbabe5944879c365e5fa686c96352c26787549ab350
Instruction Fuzzy Hash: 21617BB3F2022447F3984839CD593A16682EB91320F2F827D8F99AB7D9DC7E5D095384

Function 007040B0 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf3729184a7b0a43f744b9e74064e11e33027d3c83b3ea1891f24ebe4da2c70f
Instruction ID: 78b06e47db5a28cd42f4d3df8eaa8d8a87a706f10bb762b8e6dce32525f04dd9
Opcode Fuzzy Hash: bf3729184a7b0a43f744b9e74064e11e33027d3c83b3ea1891f24ebe4da2c70f
Instruction Fuzzy Hash: DD51A3B3F6122547F3844D24CC993A23293D795321F2F42788E18AB3C5ED7E9D0A9788

Function 007062EB Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba97384b045b9ff81704cc623627f989060786cf1a4f85ad2907ae91ca8c6bcf
Instruction ID: ecb2dd9721e0648adc94fa5e95d25a8bc0dcf764c40ac5f7d4401391775ac1df
Opcode Fuzzy Hash: ba97384b045b9ff81704cc623627f989060786cf1a4f85ad2907ae91ca8c6bcf
Instruction Fuzzy Hash: F6517DB3F1022447F7584939CC683A5668397D5314F2F813C8E4DABBC5D87E5D0A5384

Function 00705003 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6f629708a804fa4632a27a8c28c951d051270e51167d104c174894478e4f0ea
Instruction ID: 1d74bdf7bd3326caaf6e4cab0defd63741ddf521da94a867cd7e0167773972e5
Opcode Fuzzy Hash: c6f629708a804fa4632a27a8c28c951d051270e51167d104c174894478e4f0ea
Instruction Fuzzy Hash: 4651BDB3F2162587F3544D69CC88362B283E7D5321F2F82788E68A77C5D97D9D065384

Function 007650D8 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1c34f777abc1f595bcdd01c24d3b4ba9c26cd651c45eff500598fc51c291a7
Instruction ID: 35175b725aca9744b0a9119cd12be68cced8e545cf8e1ee80beb9b606508ac65
Opcode Fuzzy Hash: 9b1c34f777abc1f595bcdd01c24d3b4ba9c26cd651c45eff500598fc51c291a7
Instruction Fuzzy Hash: DA519DB3F5122547F3844978CC583A27683D799314F2F82788E58AB7C5DC7EAD0A9384

Function 0073E122 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 441bbe420d01c542b5859472d12c3191a8b71abc8962942566dadf9e51c676c0
Instruction ID: 4a30d070364493aa9476628fb8c28dd1d74a38e0bf32faa5393f89f14e961f03
Opcode Fuzzy Hash: 441bbe420d01c542b5859472d12c3191a8b71abc8962942566dadf9e51c676c0
Instruction Fuzzy Hash: B4517CB3F1122447F3544829CD583A22583DBD9320F2F82788E9CABBC9D87E5D0A53C8

Function 006BB57D Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc215ad3d60ea897cc1870e5a898dd9740764dfad2dea07363d14a09f8c1604a
Instruction ID: af7d4f3e6205967c86137b29c3fcd284969971e19c191ecc60723221f45f59b1
Opcode Fuzzy Hash: bc215ad3d60ea897cc1870e5a898dd9740764dfad2dea07363d14a09f8c1604a
Instruction Fuzzy Hash: 6A3129A05047D04FD73A8F3594A1BB37FE19F27304F18588DD1D38B293E6669549C761

Function 00710204 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf119edda86dacd63599f01241c98cda7c16cf245fac619e9bab47522044a61
Instruction ID: aedd4ce188798278a1fcf83021516da3274f0a27e7c754521839d0b993d647ff
Opcode Fuzzy Hash: 5bf119edda86dacd63599f01241c98cda7c16cf245fac619e9bab47522044a61
Instruction Fuzzy Hash: F95171B3F502248BF3444D39CC983A17693DB96314F2E427C8E89AB7D5D97E6E099384

Function 0081A0C3 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 864e92c52c2a4562f3bf903ccf1bb7832865ebdde83e7fa4b8e4f4cfce8d68e2
Instruction ID: 9874800d7b245176e3bf573bf5c770c884f177d3d174ae16b9678df7e62d3bf9
Opcode Fuzzy Hash: 864e92c52c2a4562f3bf903ccf1bb7832865ebdde83e7fa4b8e4f4cfce8d68e2
Instruction Fuzzy Hash: D8417DB3F6152587F3548D29CC983A23293DBD9320F2F82748E5CAB7C5D97E5D0A5284

Function 007F42B4 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9a5daa9d4ffcb9af9eb35ddf7438c58c91da14816269a3f9372336e71e60c4
Instruction ID: f17efcc3eafc25c1fb3e86dbdd37f44c23d3bef106a9a13183fc308c60eb2033
Opcode Fuzzy Hash: 5d9a5daa9d4ffcb9af9eb35ddf7438c58c91da14816269a3f9372336e71e60c4
Instruction Fuzzy Hash: BB416EF3A082249BF7147E19ECC57AAB7A5EB94360F1B453DDBC897780E53A180487C6

Function 008262F0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29ea7d5b3a4b28e396698785afd83f9abe4d21b49805cba99a42490f35913522
Instruction ID: cafeecd600ef2989395a751adb99f8f1e78e4c771ba9bf542a9ea20dc2e36dfb
Opcode Fuzzy Hash: 29ea7d5b3a4b28e396698785afd83f9abe4d21b49805cba99a42490f35913522
Instruction Fuzzy Hash: 434135B7F1152207F3A44829CD6936265839BD5324F2F82798E8DAB7C5DC7E8D0A43C4

Function 006D2070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a785ef29d109a3de4b277d60b39b540f2dd3f1e125fa1b846dc5171d04e87de2
Instruction ID: 715b38f7f770b7f669b5b7bfc1eac15355f9e5c3d9f54aa3374a36a3213aac99
Opcode Fuzzy Hash: a785ef29d109a3de4b277d60b39b540f2dd3f1e125fa1b846dc5171d04e87de2
Instruction Fuzzy Hash: C98147B550B3C48FD374DF06E99869BBBE2AB8A708F20991DD48C5B350CBB05449CF96

Function 006DA440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction ID: 86ba866827fdf3e7d1fbc2e1351b29710cf55c3a2ffc64f8bc236aa775219be6
Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction Fuzzy Hash: FC31F572E086044BC7199D7D9C9027BBA939BC5334F2DC73EEAB68B3C5DA748C419242

Function 007E2430 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12444b8d2c6d98bd1630a85b829091b4dda88c46a45f26e7faf5e152240342f0
Instruction ID: b9798a60ce216d45e45593ea46a271767e2320150435c64b58d6afbd964d61aa
Opcode Fuzzy Hash: 12444b8d2c6d98bd1630a85b829091b4dda88c46a45f26e7faf5e152240342f0
Instruction Fuzzy Hash: E3315EB3F5172247F3584879DC9436265439BE5325F2F82788F286B7D5DCBD0C0A5284

Function 007D22A3 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676e5cc9cfb2c7a54d6e6f4a9118b1c9daf9dc03a2a817d39b49459e6d44a606
Instruction ID: 35bd5a93ec370eeed52a5c08729e11c293978a2029ecdb2224917c60ec7c6e32
Opcode Fuzzy Hash: 676e5cc9cfb2c7a54d6e6f4a9118b1c9daf9dc03a2a817d39b49459e6d44a606
Instruction Fuzzy Hash: DE317FB3F606354BF3944829DC583A255839BE5314F2F81798E0CAB7CAD87E5C0A12C4

Function 0071A14E Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f479e5862690b24a804e3c75953884e9546d22f525aea4185306755e66dbb850
Instruction ID: 1d266af85052606c297a48db5f7ca56fe6f70c4c1fbf0491cc1f2d87e5ecc28f
Opcode Fuzzy Hash: f479e5862690b24a804e3c75953884e9546d22f525aea4185306755e66dbb850
Instruction Fuzzy Hash: 91317CB3F111148BF3594E28CCA83A27652EB9A311F2F407C8A099B3D1E97F6D499384

Function 007D0502 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82f35fb883a0d1855e8f92d236345add8179049ab10b2bf04c911d20d6225289
Instruction ID: 393c4be674d5227e68b8ea0de3271142a94ccf1bf1844ecf486508e4e8bc6d12
Opcode Fuzzy Hash: 82f35fb883a0d1855e8f92d236345add8179049ab10b2bf04c911d20d6225289
Instruction Fuzzy Hash: C83189B3F5123147F3544869CC583A2A1829BE5321F2F82784F6D7BBC5E87E5C0612C4

Function 0076E3E6 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cafc299e2934c8e29420d43184aa3f9bc89ffd2e5a91ae13132c21f8a92155ed
Instruction ID: 5a094180f4461c3cf52b669a62d73fbd8b7512c27e37a56158a9438907bf8f0f
Opcode Fuzzy Hash: cafc299e2934c8e29420d43184aa3f9bc89ffd2e5a91ae13132c21f8a92155ed
Instruction Fuzzy Hash: B33145F3F5162647F39848A8CC6936261839BE4320F2F82798B49AB7C5E87D5C0A53C4

Function 007C240A Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9fb5f93485a6a5c7a9ca49bee12af835c41585c10cb650525836be235ac8a3a
Instruction ID: b9d7539b77a53ca30a3eb55579e42ff0b943c3149a6cbbfce5488f40d51ff295
Opcode Fuzzy Hash: e9fb5f93485a6a5c7a9ca49bee12af835c41585c10cb650525836be235ac8a3a
Instruction Fuzzy Hash: 67315CB3F1112147F3484878DD2D3A6698797D1324F2F82398A6EAB7C6DC7D8E0A4284

Function 0080440E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa9203a991200adf4c276f70289e93aeb9ea732a42dfef77a3e860ce7f95e56
Instruction ID: c074d0c2c466b24dd98ca90fe9e8b0492c003bc0ae733cdbd9411fc062cadc60
Opcode Fuzzy Hash: 4aa9203a991200adf4c276f70289e93aeb9ea732a42dfef77a3e860ce7f95e56
Instruction Fuzzy Hash: BD3159B3F2052187F7184839CD693A25182DB95320F2F82798FAAAB7C9D87E9D055284

Function 007CE5AE Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43fcbdc745aa176022fb2b36ee1e123ab191982ef5344cbdb03bba0df6d4b9fe
Instruction ID: 851a025cd9048ceb2eab9cde3f6460b319f3dafce3b6b40458658dda5d7ef0d2
Opcode Fuzzy Hash: 43fcbdc745aa176022fb2b36ee1e123ab191982ef5344cbdb03bba0df6d4b9fe
Instruction Fuzzy Hash: CF2134B3F2243147F3648879CD58362A5829B85324F2B42788F5CBB7C5D87E8D0A42C8

Function 00740347 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bbd5fc372db1d6ed9ffff7db8570ce82ce5df7d55c985ab8b135c568a3fcebc
Instruction ID: 134f28daf6df82553bd3f42098dede6d545dd1fb0f31c098656595efe4b47867
Opcode Fuzzy Hash: 4bbd5fc372db1d6ed9ffff7db8570ce82ce5df7d55c985ab8b135c568a3fcebc
Instruction Fuzzy Hash: 15216AB3E1153643F3984838CD283B669929B90360F3F833C8E6A2BBC5DC7D5D095284

Function 00774481 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35b47cb43dea683ec699ee18f29f0284c06d8f54c42d400b5b7121703ec48ebf
Instruction ID: 7fe0c29cf01044ef9168756bebc67f87afd6fa038548a55e5b1d196a6a1201f3
Opcode Fuzzy Hash: 35b47cb43dea683ec699ee18f29f0284c06d8f54c42d400b5b7121703ec48ebf
Instruction Fuzzy Hash: 1E21ACF7F516210BF38418B9CCA83A2658397D5320F2F42388F29AB7C5EC3D8D0A1294

Function 00802000 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b30123eba5a3418e504273a7c0d4343fd70717ddc8722060e593fc556090e2
Instruction ID: 63bdb29b22afe119a5223c1f198a066b4232fc622a683fe116cb800972e43c78
Opcode Fuzzy Hash: c1b30123eba5a3418e504273a7c0d4343fd70717ddc8722060e593fc556090e2
Instruction Fuzzy Hash: 68217CB3E1162047F3584879CDA83A665839BD1324F3F83388F696B7D6DC7D4D4A5284

Function 00706197 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 354bccaa869582c9d32a013c89eb850c0a56c147dd2ba2caf344938ec66975d2
Instruction ID: 0029bd7d12eb6cb66ea971761bc4c9642dfeb0a7591618eef955add57a55079f
Opcode Fuzzy Hash: 354bccaa869582c9d32a013c89eb850c0a56c147dd2ba2caf344938ec66975d2
Instruction Fuzzy Hash: 152147B3F2162447F3944879CD9836265839BD9320F2F8278CA9CAB7C6D87E5C0A53C4

Function 007E8226 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e539c14a117d34b3ed3a9601995be69f7d43f97fa06788f398829984bc44912
Instruction ID: 258e07da1296c934852dadfd66c6f6cc6facbf719990cc6736a5520bbce32386
Opcode Fuzzy Hash: 6e539c14a117d34b3ed3a9601995be69f7d43f97fa06788f398829984bc44912
Instruction Fuzzy Hash: 40216DB3F515214BF354882ACD583526183DBE5325F2FC2798A48A7BCAD87E58474384

Function 007C63AD Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a3fb8f3ad4ef6b0f5976c832221f7eb7293b258d44f2cad8868b28fafb1764
Instruction ID: 3edab4937213c20e0a220e47c8eee40e116a3f5a47d78393095906bd2fcb9cbd
Opcode Fuzzy Hash: 85a3fb8f3ad4ef6b0f5976c832221f7eb7293b258d44f2cad8868b28fafb1764
Instruction Fuzzy Hash: EA21BEF3F5122147F3584878CCA93626182CBA9315F2F823D8F5EAB7C1E8BE5C495280

Function 00814136 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e7f193184ab79efc5aa24abccb7641518305ed9f871db900d3b3bc9fa059e5
Instruction ID: 9110d261369ce0608c20c3809a0af3922babf3138b6c81ad589da9cbf7b4183b
Opcode Fuzzy Hash: b6e7f193184ab79efc5aa24abccb7641518305ed9f871db900d3b3bc9fa059e5
Instruction Fuzzy Hash: 12115EB7FA152547F3980865CC663A2A1439BD1321F2F823E8F1A677C1DC7D5C0A5284

Function 006D6210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 4fd68336e3f3dfa2db2578b697e4423e0cb7a3fc390b7c7966180bfdf83f5cb6
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 2D11C633E451D40ED3168D3CC4405A5BFE30AD3734B19439AF4B89B3D6D6228E8A9354

Function 006BC300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: c1703232485cebf858af3a50b0555d9fe97fff5d5ba027cd8e2b1e0f8182b3b8
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: 5EF04F60104BA18AD7328F3985243B3BFF09F23328F545A8CC5E357AD2D376E14A8794

Function 006CE0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: 0026ea746ccb454004730dc9c5575b858cc47e50545b520d1b641040e95d4ddb
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: 85F06C105087D24AD723473D4450BF2AFE1DB63120B181BD9C4E1977C7C3159557D355

Function 006CD116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61e311d70aa7c9fcf2e4a3b5915077d532a235da39d8b0dbd70fbfacd62b67ec
Instruction ID: e724630a132d9c1e26e2c35d5f3be3ab3b2c9dd0596dc6c2705fa9719353274e
Opcode Fuzzy Hash: 61e311d70aa7c9fcf2e4a3b5915077d532a235da39d8b0dbd70fbfacd62b67ec
Instruction Fuzzy Hash: 470149306002828FD304CF38CCE0676FBA2EB92364B18D75CC0598B796C638C842C784

Function 006C91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 006C91DA

Strings

wpq, xrefs: 006C92B7
+Ku, xrefs: 006C92AF

Memory Dump Source

Source File: 00000000.00000002.1307864917.00000000006A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.1307847300.00000000006A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307864917.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307920646.00000000006F3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.00000000006F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000875000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000095B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.0000000000986000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000098E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1307938636.000000000099C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308278375.000000000099D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308414794.0000000000B3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308432729.0000000000B3F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_DjnwNMDQhC.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: f80e7fc4f1edbb202531ce482441de265348909a561151f0714f3911bb92941b
Instruction ID: ef223f9d98bd36612a4518d7f430e498fb23853f5e983f971ac040264d3bcac1
Opcode Fuzzy Hash: f80e7fc4f1edbb202531ce482441de265348909a561151f0714f3911bb92941b
Instruction Fuzzy Hash: B851BD7221C3518FC324CF69984076FB7E6EBC5310F15892DE4D9CB285DB74D50A8BA2

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DjnwNMDQhC.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
DjnwNMDQhC.exe

Function 006AB100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Function 006A8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 006DE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 006E1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Function 006A9D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Function 006DE0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Function 006A9EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Function 006DC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Function 006DC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON