Edit tour

Windows Analysis Report
Titan.exe

Overview

General Information

Sample name:	Titan.exe
Analysis ID:	1581526
MD5:	d615c92a9afcabe383cd651ab3cf90f2
SHA1:	1020eb83f5380092b71ddad40e44adda3634f255
SHA256:	feb67c5d1e5362132049270f7d8c9250573872cfda6ebf1817263f14af24d122
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Machine Learning detection for sample

PE file contains section with special chars

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Detected potential crypto function

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Titan.exe (PID: 7028 cmdline: "C:\Users\user\Desktop\Titan.exe" MD5: D615C92A9AFCABE383CD651AB3CF90F2)

WerFault.exe (PID: 2800 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 2164 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Titan.exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000000.00000000.1660154291.0000000001722000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000000.1660154291.0000000000D22000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Titan.exe PID: 7028	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Titan.exe.74a0000.14.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Titan.exe.8a40000.17.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Titan.exe	Virustotal: Detection: 37%			Perma Link
Source: Titan.exe	ReversingLabs: Detection: 15%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: Titan.exe

Joe Sandbox ML: detected

Source: Titan.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.168.136.235:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.136.235:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: Titan.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: Titan.exe
Source:	Binary string: Accessibility.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: costura.costura.pdb.compressed source: Titan.exe
Source:	Binary string: System.pdb) source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: Siticone.Desktop.UI.pdb source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\stage\LibUsbDotNet\obj\Release\net45\LibUsbDotNet.LibUsbDotNet.pdbSHA256*/ source: Titan.exe, 00000000.00000002.2028324960.0000000006940000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.plist-cil.pdb.compressed source: Titan.exe
Source:	Binary string: LibUsbDotNet.LibUsbDotNet.pdb0 source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: costura.easyhttp.pdb.compressed\|\|\|EasyHttp.pdb\|35D5D7694B3CD529E7A33C86F7A0077CB754F6D4\|210432 source: Titan.exe
Source:	Binary string: $^q0costura.libusbdotnet.libusbdotnet.pdb.compressed source: Titan.exe, 00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb$ source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Core.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdb source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2032007658.00000000076C0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: $^q costura.plist-cil.pdb.compressed source: Titan.exe, 00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\iproxy.pdb source: Titan.exe, 00000000.00000002.2012550355.0000000004126000.00000004.00000800.00020000.00000000.sdmp, iproxy.exe0.0.dr
Source:	Binary string: costura.libusbdotnet.libusbdotnet.pdb.compressed source: Titan.exe
Source:	Binary string: System.IO.Compression.pdb4'^qXX^q source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: Renci.SshNet.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\usbmuxd.pdb source: Titan.exe, 00000000.00000002.2012550355.000000000417F000.00000004.00000800.00020000.00000000.sdmp, usbmuxd.dll0.0.dr
Source:	Binary string: Acostura.plist-cil.pdb.compressed source: Titan.exe
Source:	Binary string: C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdbSHA256i source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2032007658.00000000076C0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6C6000A5EAF8579850AB82A89BD6268776EB51AD\|2608 source: Titan.exe
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x64-windows-rel\svc-master-9db0095370\x64\Release\plist.pdb11 source: Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp, plist.dll.0.dr
Source:	Binary string: System.Net.Http.ni.pdbRSDS source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x64-windows-rel\svc-master-d74abb6db1\x64\Release\iproxy.pdb source: Titan.exe, 00000000.00000002.2012550355.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, iproxy.exe.0.dr
Source:	Binary string: costura.libusbdotnet.libusbdotnet.pdb.compressed\|\|\|LibUsbDotNet.LibUsbDotNet.pdb\|C139CE00AA41A42EE15F6C85A9D7D2F7E0D7ADAC\|61852 source: Titan.exe
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x86-windows-rel\svc-master-9db0095370\Win32\Release\plist.pdb source: Titan.exe, 00000000.00000002.2012550355.0000000004152000.00000004.00000800.00020000.00000000.sdmp, plist.dll0.0.dr
Source:	Binary string: LibUsbDotNet.LibUsbDotNet.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: costura.easyhttp.pdb.compressed source: Titan.exe
Source:	Binary string: System.Xml.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.ni.pdbRSDS source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x64-windows-rel\svc-master-d74abb6db1\x64\Release\usbmuxd.pdb source: Titan.exe, 00000000.00000002.2012550355.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, usbmuxd.dll.0.dr
Source:	Binary string: n.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x64-windows-rel\svc-master-9db0095370\x64\Release\plist.pdb source: Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp, plist.dll.0.dr
Source:	Binary string: n0C:\Windows\mscorlib.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Net.Http.pdb( source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: easyhttp?costura.easyhttp.dll.compressed?costura.easyhttp.pdb.compressed%endianbitconverterScostura.endianbitconverter.dll.compressed source: Titan.exe
Source:	Binary string: jsonfx;costura.jsonfx.dll.compressed3libusbdotnet.libusbdotnetacostura.libusbdotnet.libusbdotnet.dll.compressedacostura.libusbdotnet.libusbdotnet.pdb.compressed+metroframework.designYcostura.metroframework.design.dll.compressed source: Titan.exe
Source:	Binary string: System.Configuration.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.IO.Compression.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Configuration.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Xml.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x86-windows-rel\svc-master-9db0095370\Win32\Release\plist.pdb11 source: Titan.exe, 00000000.00000002.2012550355.0000000004152000.00000004.00000800.00020000.00000000.sdmp, plist.dll0.0.dr
Source:	Binary string: System.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\stage\LibUsbDotNet\obj\Release\net45\LibUsbDotNet.LibUsbDotNet.pdb source: Titan.exe, 00000000.00000002.2028324960.0000000006940000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: %%.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: mscorlib.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Configuration.pdbMZ source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\iproxy.pdb source: Titan.exe, 00000000.00000002.2012550355.0000000004126000.00000004.00000800.00020000.00000000.sdmp, iproxy.exe0.0.dr
Source:	Binary string: System.Drawing.pdb\| source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: costura.plist-cil.pdb.compressed\|\|\|plist-cil.pdb\|9210B7F64D141AD8650C0152B5D303D83CD782A2\|31424 source: Titan.exe
Source:	Binary string: System.Drawing.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: nC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: symbols\dll\mscorlib.pdbLb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.IO.Compression.FileSystem.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: Siticone.Desktop.UI.pdb8@N@ @@_CorDllMainmscoree.dll source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER4A9F.tmp.dmp.4.dr

Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-24h]	0_2_03E70F28
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_03E70F28
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-24h]	0_2_03E70F1D
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_03E70F1D
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-20h]	0_2_03E70CC4
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_03E70CC4
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-20h]	0_2_03E70CD0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_03E70CD0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 03EB4144h	0_2_03EB3F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 03EB44F5h	0_2_03EB3F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 03EB4EDAh	0_2_03EB3F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 03EB5192h	0_2_03EB3F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 03EB4144h	0_2_03EB3F67
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 03EB5192h	0_2_03EB4E1A
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-4Ch]	0_2_03EDA900
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-4Ch]	0_2_03EDA8FF
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03F18F7C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03F18F58
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03F198C4
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03F19D74
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_072CB150
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then xor edx, edx	0_2_072CBB30
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-24h]	0_2_072CBBF8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_072CBBF8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_072CB3FE
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then xor edx, edx	0_2_072CBB24
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-24h]	0_2_072CBBEC
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_072CBBEC
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-20h]	0_2_072CB8CC
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_072CB8CC
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-20h]	0_2_072CB8D8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_072CB8D8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077CDB70
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077CF448
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077CF43D
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077CD360
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077CD354
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077CF270
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077CF1D0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077C91C0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077C91B4
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then lea eax, dword ptr [ebp-30h]	0_2_077CDD98
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then lea eax, dword ptr [ebp-30h]	0_2_077CDD8D
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_077CDB64
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then lea edx, dword ptr [ebp-20h]	0_2_077C9928
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then lea edx, dword ptr [ebp-20h]	0_2_077C991F

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 0.2.Titan.exe.74a0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Titan.exe.8a40000.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: ic-titan.net

Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Titan.exe, 00000000.00000002.2012550355.00000000041BB000.00000004.00000800.00020000.00000000.sdmp, plutil.0.dr	String found in binary or memory: http://crl.apple.com/root.crl0
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://gdata.youtube.com/feeds/api/videos/
Source: Titan.exe, 00000000.00000002.2012550355.000000000401A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ic-titan.net
Source: Titan.exe, 00000000.00000002.2012550355.000000000401A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ic-titan.netd
Source: libusb-1.0.dll0.0.dr	String found in binary or memory: http://libusb.info
Source: Titan.exe, 00000000.00000002.2052352730.0000000009160000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.ad
Source: Titan.exe, 00000000.00000002.2052352730.0000000009160000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adbe.
Source: Titan.exe, 00000000.00000002.2012550355.00000000041BB000.00000004.00000800.00020000.00000000.sdmp, plutil.0.dr	String found in binary or memory: http://ocsp.apple.com/ocsp03-wwdr110
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: Titan.exe, 00000000.00000002.2012550355.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.4.dr	String found in binary or memory: http://upx.sf.net
Source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://vimeo.com/api/v2/video/
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Titan.exe, 00000000.00000002.2012550355.0000000004152000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.00000000041BB000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp, plist.dll.0.dr, plutil.0.dr, ut.plist.0.dr, plist.dll0.0.dr	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: Titan.exe, 00000000.00000002.2012550355.00000000041BB000.00000004.00000800.00020000.00000000.sdmp, plutil.0.dr	String found in binary or memory: http://www.apple.com/certificateauthority/0
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Titan.exe, 00000000.00000002.2012550355.0000000004152000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp, libusb-1.0.dll.0.dr, libusb-1.0.dll0.0.dr	String found in binary or memory: http://www.gnu.org/licenses/lgpl-2.1.htmlF
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Titan.exe, 00000000.00000002.2028324960.0000000006940000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.mono-project.com/DllNotFoundException)
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Titan.exe	String found in binary or memory: https://dev.anthonyfessy.com/check.json
Source: Titan.exe	String found in binary or memory: https://dev.anthonyfessy.com/lottie.min.js
Source: Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gunaframework.com/api/licensing.php
Source: Titan.exe, 00000000.00000002.2012550355.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gunaui.com/
Source: Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gunaui.com/api/licensing.php
Source: Titan.exe, 00000000.00000002.2012550355.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gunaui.com/pricing
Source: Titan.exe, 00000000.00000002.2012550355.000000000430E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net/iphH
Source: Titan.exe, 00000000.00000002.2012550355.000000000430E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net/iphon
Source: Titan.exe, 00000000.00000002.2012550355.000000000430E000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net/iphoneos
Source: Titan.exe, 00000000.00000002.2012550355.000000000430E000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net/iphoneost
Source: Titan.exe, 00000000.00000002.2011096853.00000000021E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net/version_tool.phpd$
Source: Titan.exe, 00000000.00000002.2012550355.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net/version_tool.phpt
Source: Titan.exe, 00000000.00000002.2012550355.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.netV
Source: Titan.exe, 00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://payments.siticoneframework.com/api/licensing.php
Source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://payments.siticoneframework.com/api/licensing.php%Siticone
Source: Titan.exe, 00000000.00000002.2011096853.00000000021E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/LibUsbDotNet/LibUsbDotNet/5dd91a2fda393cf11db2072f2b45c3aee2750388
Source: Titan.exe, 00000000.00000002.2032007658.00000000076C0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc4253#section-4.2
Source: Titan.exe, 00000000.00000002.2012550355.00000000041BB000.00000004.00000800.00020000.00000000.sdmp, plutil.0.dr	String found in binary or memory: https://www.apple.com/appleca/0
Source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.siticoneframework.com/Mhttps://siticoneframework.com/pricing/Mhttps://siticoneframework.

Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748

Source: unknown	HTTPS traffic detected: 104.168.136.235:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.136.235:443 -> 192.168.2.4:49748 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: Titan.exe	Static PE information: section name: Wn(n~
Source: Titan.exe	Static PE information: section name: Wn(n~

Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03E71A1C	0_2_03E71A1C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03E74ABA	0_2_03E74ABA
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB1B7E	0_2_03EB1B7E
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB1A88	0_2_03EB1A88
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB3880	0_2_03EB3880
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB3F68	0_2_03EB3F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB1E2F	0_2_03EB1E2F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB1CDA	0_2_03EB1CDA
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB2BA0	0_2_03EB2BA0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB1BB4	0_2_03EB1BB4
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB2B98	0_2_03EB2B98
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB1B4A	0_2_03EB1B4A
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB1B2F	0_2_03EB1B2F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB1A80	0_2_03EB1A80
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB223F	0_2_03EB223F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB387F	0_2_03EB387F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB3F67	0_2_03EB3F67
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB0F70	0_2_03EB0F70
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8208	0_2_03ED8208
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED4000	0_2_03ED4000
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED1729	0_2_03ED1729
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDEAC0	0_2_03EDEAC0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDD820	0_2_03EDD820
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED6F70	0_2_03ED6F70
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED7D48	0_2_03ED7D48
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8C11	0_2_03ED8C11
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8207	0_2_03ED8207
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDE1BF	0_2_03EDE1BF
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDF7CF	0_2_03EDF7CF
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDB764	0_2_03EDB764
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDB74A	0_2_03EDB74A
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDB75A	0_2_03EDB75A
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDB722	0_2_03EDB722
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDB73A	0_2_03EDB73A
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDB70A	0_2_03EDB70A
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDB6F8	0_2_03EDB6F8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDF5E0	0_2_03EDF5E0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8BED	0_2_03ED8BED
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8B60	0_2_03ED8B60
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8B5F	0_2_03ED8B5F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDEAB9	0_2_03EDEAB9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EDF9AF	0_2_03EDF9AF
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED3FF7	0_2_03ED3FF7
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED6F69	0_2_03ED6F69
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8F5D	0_2_03ED8F5D
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8EDE	0_2_03ED8EDE
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8DCC	0_2_03ED8DCC
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8D17	0_2_03ED8D17
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8C92	0_2_03ED8C92
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED8C51	0_2_03ED8C51
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03F18B01	0_2_03F18B01
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03F10941	0_2_03F10941
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03F10F8C	0_2_03F10F8C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03F19348	0_2_03F19348
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03F11FC8	0_2_03F11FC8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03F10870	0_2_03F10870
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03F19338	0_2_03F19338
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03F11FB9	0_2_03F11FB9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_072CC7B0	0_2_072CC7B0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_072CC79F	0_2_072CC79F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_072C284C	0_2_072C284C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_072CDF48	0_2_072CDF48
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_077C3224	0_2_077C3224
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_077C3630	0_2_077C3630
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_077C3338	0_2_077C3338
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_077C4288	0_2_077C4288
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_077CCE60	0_2_077CCE60
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_077C3E10	0_2_077C3E10
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0914D5F0	0_2_0914D5F0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0914D180	0_2_0914D180
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0914C5B0	0_2_0914C5B0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0A93DD81	0_2_0A93DD81
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0A932240	0_2_0A932240
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0A932278	0_2_0A932278
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0A93E321	0_2_0A93E321
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D8EF0	0_2_0D5D8EF0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D3084	0_2_0D5D3084
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5DD3D8	0_2_0D5DD3D8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D75D0	0_2_0D5D75D0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D7594	0_2_0D5D7594
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5DCD88	0_2_0D5DCD88
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D3490	0_2_0D5D3490
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D3480	0_2_0D5D3480
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D2640	0_2_0D5D2640
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D2612	0_2_0D5D2612
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D8EC0	0_2_0D5D8EC0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D494A	0_2_0D5D494A
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D490F	0_2_0D5D490F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D90C9	0_2_0D5D90C9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5DD3C3	0_2_0D5DD3C3
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D93BF	0_2_0D5D93BF
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0D5D729C	0_2_0D5D729C

Source: C:\Users\user\Desktop\Titan.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 2164

Source: libusb-1.0.dll.0.dr	Static PE information: Number of sections : 12 > 10
Source: libusb-1.0.dll0.0.dr	Static PE information: Number of sections : 11 > 10

Source: Titan.exe, 00000000.00000002.2012550355.0000000004152000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusb-1.0.dll" vs Titan.exe
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameGuna.UI2.dllD vs Titan.exe
Source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRenci.SshNet.dll0 vs Titan.exe
Source: Titan.exe, 00000000.00000002.2032007658.00000000076C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRenci.SshNet.dll0 vs Titan.exe
Source: Titan.exe, 00000000.00000002.2011096853.000000000214E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Titan.exe
Source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSiticone.Desktop.UI.dllH vs Titan.exe
Source: Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSiticone.Desktop.UI.dllH vs Titan.exe
Source: Titan.exe, 00000000.00000002.2033016881.00000000077D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMetroFramework.dll@ vs Titan.exe
Source: Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSiticone.Desktop.UI.dllH vs Titan.exe
Source: Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusb-1.0.dll" vs Titan.exe
Source: Titan.exe, 00000000.00000002.2019828747.0000000005051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMetroFramework.dll@ vs Titan.exe
Source: Titan.exe, 00000000.00000002.2028324960.0000000006940000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameLibUsbDotNet.LibUsbDotNet.dllT vs Titan.exe
Source: Titan.exe, 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameGuna.UI2.dllD vs Titan.exe
Source: Titan.exe, 00000000.00000002.2019828747.0000000004F31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMetroFramework.dll@ vs Titan.exe

Source: Titan.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: Titan.exe

Static PE information: Section: Wn(n~ ZLIB complexity 1.0003244500411184

Source: classification engine

Classification label: mal84.troj.spyw.evad.winEXE@2/28@2/1

Source: C:\Users\user\Desktop\Titan.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7028
Source: C:\Users\user\Desktop\Titan.exe	Mutant created: \Sessions\1\BaseNamedObjects\TitanMutex

Source: C:\Users\user\Desktop\Titan.exe

File created: C:\Users\user\AppData\Local\Temp\TitanTmp

Jump to behavior

Source: Titan.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.90%

Source: C:\Users\user\Desktop\Titan.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Titan.exe	Virustotal: Detection: 37%
Source: Titan.exe	ReversingLabs: Detection: 15%

Source: C:\Users\user\Desktop\Titan.exe

File read: C:\Users\user\Desktop\Titan.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Titan.exe "C:\Users\user\Desktop\Titan.exe"
Source: C:\Users\user\Desktop\Titan.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 2164

Source: C:\Users\user\Desktop\Titan.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: mobiledevice.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: schannel.dll	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Titan.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Titan.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Titan.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Titan.exe

Static file information: File size 15447040 > 1048576

Source: Titan.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0xe21400

Source: Titan.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: Titan.exe
Source:	Binary string: Accessibility.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: costura.costura.pdb.compressed source: Titan.exe
Source:	Binary string: System.pdb) source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: Siticone.Desktop.UI.pdb source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\stage\LibUsbDotNet\obj\Release\net45\LibUsbDotNet.LibUsbDotNet.pdbSHA256*/ source: Titan.exe, 00000000.00000002.2028324960.0000000006940000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.plist-cil.pdb.compressed source: Titan.exe
Source:	Binary string: LibUsbDotNet.LibUsbDotNet.pdb0 source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: costura.easyhttp.pdb.compressed\|\|\|EasyHttp.pdb\|35D5D7694B3CD529E7A33C86F7A0077CB754F6D4\|210432 source: Titan.exe
Source:	Binary string: $^q0costura.libusbdotnet.libusbdotnet.pdb.compressed source: Titan.exe, 00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb$ source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Core.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdb source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2032007658.00000000076C0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: $^q costura.plist-cil.pdb.compressed source: Titan.exe, 00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\iproxy.pdb source: Titan.exe, 00000000.00000002.2012550355.0000000004126000.00000004.00000800.00020000.00000000.sdmp, iproxy.exe0.0.dr
Source:	Binary string: costura.libusbdotnet.libusbdotnet.pdb.compressed source: Titan.exe
Source:	Binary string: System.IO.Compression.pdb4'^qXX^q source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: Renci.SshNet.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\usbmuxd.pdb source: Titan.exe, 00000000.00000002.2012550355.000000000417F000.00000004.00000800.00020000.00000000.sdmp, usbmuxd.dll0.0.dr
Source:	Binary string: Acostura.plist-cil.pdb.compressed source: Titan.exe
Source:	Binary string: C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdbSHA256i source: Titan.exe, 00000000.00000002.2019828747.0000000005191000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2032007658.00000000076C0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6C6000A5EAF8579850AB82A89BD6268776EB51AD\|2608 source: Titan.exe
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x64-windows-rel\svc-master-9db0095370\x64\Release\plist.pdb11 source: Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp, plist.dll.0.dr
Source:	Binary string: System.Net.Http.ni.pdbRSDS source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x64-windows-rel\svc-master-d74abb6db1\x64\Release\iproxy.pdb source: Titan.exe, 00000000.00000002.2012550355.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, iproxy.exe.0.dr
Source:	Binary string: costura.libusbdotnet.libusbdotnet.pdb.compressed\|\|\|LibUsbDotNet.LibUsbDotNet.pdb\|C139CE00AA41A42EE15F6C85A9D7D2F7E0D7ADAC\|61852 source: Titan.exe
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x86-windows-rel\svc-master-9db0095370\Win32\Release\plist.pdb source: Titan.exe, 00000000.00000002.2012550355.0000000004152000.00000004.00000800.00020000.00000000.sdmp, plist.dll0.0.dr
Source:	Binary string: LibUsbDotNet.LibUsbDotNet.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: costura.easyhttp.pdb.compressed source: Titan.exe
Source:	Binary string: System.Xml.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.ni.pdbRSDS source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x64-windows-rel\svc-master-d74abb6db1\x64\Release\usbmuxd.pdb source: Titan.exe, 00000000.00000002.2012550355.00000000042F7000.00000004.00000800.00020000.00000000.sdmp, usbmuxd.dll.0.dr
Source:	Binary string: n.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x64-windows-rel\svc-master-9db0095370\x64\Release\plist.pdb source: Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp, plist.dll.0.dr
Source:	Binary string: n0C:\Windows\mscorlib.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Net.Http.pdb( source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: easyhttp?costura.easyhttp.dll.compressed?costura.easyhttp.pdb.compressed%endianbitconverterScostura.endianbitconverter.dll.compressed source: Titan.exe
Source:	Binary string: jsonfx;costura.jsonfx.dll.compressed3libusbdotnet.libusbdotnetacostura.libusbdotnet.libusbdotnet.dll.compressedacostura.libusbdotnet.libusbdotnet.pdb.compressed+metroframework.designYcostura.metroframework.design.dll.compressed source: Titan.exe
Source:	Binary string: System.Configuration.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.IO.Compression.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Configuration.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Xml.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x86-windows-rel\svc-master-9db0095370\Win32\Release\plist.pdb11 source: Titan.exe, 00000000.00000002.2012550355.0000000004152000.00000004.00000800.00020000.00000000.sdmp, plist.dll0.0.dr
Source:	Binary string: System.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\stage\LibUsbDotNet\obj\Release\net45\LibUsbDotNet.LibUsbDotNet.pdb source: Titan.exe, 00000000.00000002.2028324960.0000000006940000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: %%.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: mscorlib.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Configuration.pdbMZ source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\iproxy.pdb source: Titan.exe, 00000000.00000002.2012550355.0000000004126000.00000004.00000800.00020000.00000000.sdmp, iproxy.exe0.0.dr
Source:	Binary string: System.Drawing.pdb\| source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: costura.plist-cil.pdb.compressed\|\|\|plist-cil.pdb\|9210B7F64D141AD8650C0152B5D303D83CD782A2\|31424 source: Titan.exe
Source:	Binary string: System.Drawing.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: nC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: symbols\dll\mscorlib.pdbLb source: Titan.exe, 00000000.00000002.2068286486.000000000D2FB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.IO.Compression.FileSystem.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: Siticone.Desktop.UI.pdb8@N@ @@_CorDllMainmscoree.dll source: Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WER4A9F.tmp.dmp.4.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER4A9F.tmp.dmp.4.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Titan.exe

Unpacked PE file: 0.2.Titan.exe.d20000.0.unpack Wn(n~:EW;Wn(n~:EW;.text:ER;.rsrc:R;inVRGFmg:ER;.reloc:R; vs Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:ER;Unknown_Section3:R;Unknown_Section4:ER;Unknown_Section5:R;

Yara detected Costura Assembly Loader

Source: Yara match	File source: Titan.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1660154291.0000000001722000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1660154291.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Titan.exe PID: 7028, type: MEMORYSTR

Source: Titan.exe

Static PE information: 0xCD8A2C9F [Mon Apr 10 20:37:51 2079 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: inVRGFmg

Source: Titan.exe	Static PE information: section name: Wn(n~
Source: Titan.exe	Static PE information: section name: Wn(n~
Source: Titan.exe	Static PE information: section name: inVRGFmg
Source: libusb-1.0.dll.0.dr	Static PE information: section name: .xdata
Source: libusb-1.0.dll0.0.dr	Static PE information: section name: /4

Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EBC871 push es; ret	0_2_03EBC880
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03EB2E41 push cs; iretd	0_2_03EB2E42
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03ED573F push es; ret	0_2_03ED5740
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_072CD356 push esp; iretd	0_2_072CD36D
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_077CA411 push es; retn 0004h	0_2_077CA420
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_077CFAA8 push esp; ret	0_2_077CFAA9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0A932730 push 6C0731D2h; retf 063Bh	0_2_0A93275D

Source: Titan.exe

Static PE information: section name: Wn(n~ entropy: 7.999419325988196

Source: Titan.exe, CFString.cs	High entropy of concatenated method names: 'Dispose', 'Dispose', 'Equals', 'vRduYpwsPAmwdZLhHyCfpqsWWkNXKPASWZDdRFrHhEZAEgBnQoMkMMUFYGXncYiAAUZEWhQBGvykQrSqiaHVDQGKEyFKiDeIWZAkGxRjYKdQNjohohFBQMxjOPzXbFTCQpOrrhjlJYxsmpwVJXWAydrJcQWrxtHSrbzXUxqGxTssOFwYSeOEiSDnyFOaKsnPRfALpYAMhPDekzuXTyYTeDkYXMZPiPwEfcbjElitdCWSPYDzKrGMTUkOucndyldRTyzHXKSiPeqcgRJyJaEqJjkLsNocxFvrYEyQZvbzZXxpeIhdSoUXgnHkNnPKWqkKjyDbStZNzFRlmvhjfLJJkXLlwOClgRdinnFfEFKZPGYbVWySGfeKhbZMmSeErnhibjyzqBfaBkteykQaQkfAnTBMNtsmbFibZqzmYzcEAEIwhvNCBEoGIhvIhmlwIsywCSEIkdCQHaziKEeSfqkXQbTsvrElNfvIFMuPqFSXBXzhhMxdHSRSIbfbzMMsZQDcfrdxKPcaXMVtclKjtbeuOcAdhTQdsZykUWCqiASsqqvvGlyNBdyymIOCrAPrzyhxOkZFjUAtImEXhEXvUDcObzyLHzzikbssIxgVMtdhdFqzErUmcUXwWTWOlNykVSJgtLOjXCjbZulWJzHQeMFQEwWpbRjzutMKvJFsclOakwWbhAFmFiFIMtcxpZIGSjggiaaztOntyffIZuHbMwuMnDyChIDDcIHBPptGaGtquLKgNUXuRhtWpTsecXSlLjRqYeskBBAGDDSctSpMkImvOlLwwOeCnIeKuUIjbntQgnSlBQlKiFACxWbmSwnmWySvYHiZJFlxPWOaSZugdUUhHcNYsWQeAGtiVXMuiLAcUCnaHATsCGJBdlnwtKgnpGxIdgFvM', 'GetHashCode'
Source: Titan.exe, API.cs	High entropy of concatenated method names: 'CloseHandle', 'CreatePipe', 'CreateProcess', 'FreeLibrary', 'DfxgldpuOcjOAtjnRvbcfnpNubPKtApgZHhiBXBLVquKRONAqyYZPcdPpkmJOeBOnCpsLBltuQHotfwfNOUvbPRxeRsRlrwqpfXOZVppMffyUoWKoHwAKGmXlrOtIUHDTRzOIhFsYfjwkScpvicevwfjszciGvgrYbfDpICGBDbfWqnSPZyZrcHWlPVIFXlcyrYInZzngWdrVAMCMKThxGzvUIRamtAeRygfRfepZKtVzQBlDSwvDEfrscofHZAmVyZWThlgfdHnNewDGgWUxFaNTomoqziAJHzAqeRWhPQawseNgkZaCgpPXLDfuw', 'GetProcAddress', 'LoadLibrary', 'ReadFile'
Source: Titan.exe, CFBoolean.cs	High entropy of concatenated method names: 'GetModuleHandle', 'LoadLibrary', 'GetProcAddress', 'qfuHdGfvNbPAmhpARbJZIGaHydRjdebmckZkfoPYikWxLBtHaXucVUojFmJzovRjAdYCIFUcMlqXjcwwjKJGjzQHwpftfPkmSnxidrzUCRQkeQzcqMPdmLzAMRFSZbxwAEFwfOSsKoDSigcgqDDSzGzHowVMlgubUTjaLDwbuXTyHgSgoZcWYexuExIjtGHetcyOwCVmGbYcnAzHeoYMEYDpWpVNvNinQoFfiDklEpQwFVGDyAEEivZVYIsGhHrstkMyuTYaEnHPHHjAjROuIdFUPkHaKeDwxYC'
Source: Titan.exe, EnumHelper.cs	High entropy of concatenated method names: 'tsJxdlDuKrwBTvIduGryWBsxKVsXcVLXoBfCtkSMxZPipUnMxGKSaPwrzMmIsfSpfZNSPGjKneBwlKHphgaVLtwZEnChxJURHaCQHVwrXAewNAGpFwbMFwelcoNcDBMeKjoLHqiLkjyKPALEhNbAhHMLwRoTHUnVnAleLvhONPcVyTWbcJvpaLwCXdOqCPEPvcWPPhsmgNmSfqNcuMqyZyvbDiGigqMyLMZVwHMuQIINZeXgPmvqZFqxguLgaKFpAoGTRrgnzvhQpiCZKaSuvVZFVcpBvfUGCSMkXEPYFHqdYaHysmWAsLufPAxoCesTbbNXWSBGLuonewhuVrJJJTNrYgVWGaVbPWBwNkbZkPoxXGATTDSLViKINWypxfAkYMXHukhlPkZueQTRgCD', 'DIKGhMtjrllcFOEZKisYiVgvlJPdxChIvbxbOGqvBBqAdHUfaqJiodVhbOVXwQloEdhdRcKDswXgfgSdpkDGtyURFQAAlTylPBvAaqOxfFqrGpBuwriMMfvFIPYBcKSYymQelRDyWGbnHcLQOFDtkmYkFpsKSMUUmRtUYXJeojqGEHxfEHnWGYoMNfYvZsgJlGAqjrrqwZEBwRgyrMGKZyONdgGszOFwCgVxGHvNQwahUmQwzaDMmWjnsmMCkyqiTIyPwirkQsucXgtqQKtZKsJgxiFTuscRGsOMoAzQiTwtcGPLtWmaERXaySRNcXpXQcWfShCQKdqrwQEqTuaYGBMoUnOVjlnLdYdzjjtLTWQbagehNauiwRQOQiLeTggYpfNYnEHjAOEklkOoJgHIrFOMHOjBYPsmprmvTGuJTLiiMfdfTXUmZYhjQBQYVFKlVSvtxTVDlyofXgAbkDhBuFNQJCeRpVnOAwMtkkhABRBajCMkAooRXJqPFejvpDNPLafaTGrAWhzcEmgHqtRBhVqrGwoFAmLyDlPJWmQuxovqJNLSybEvlMipjnUXRlAkWAZSXXkDdWEtaAhskVHYhPMrDaZiStdLnLTJotvaqBSPIoOjGbmvebCGnhOxyClkttFPgYDraghgxxjPLqcqGhgMINVGeycoPiWPjzCiYuVxuWJqyzlHZudLMtGTDwNcEsQOaUgLnuSLMiSmEeIfMUPVEKCpsiebhttBGuPeTaUfcSzdaUPYohPjdvKQRqSEPqdTpQgJPdMmAksmLZPYTGnzdJYLkyNcHPPmognJoFI', 'KVditCXFsbulICdpgsVZQQjelUGxelFkNxdeAaeIMtUBNdGjKqHRTgstmyxYvZaGVKXKZzpFOMMWvhRHNWnodoQgFjrBdGMnTOfCFwKLACCGUVyFhqLZmlchtrFpIocIzZDhBOBRMbnblKMjllTnunAhlyJOqVCMZuHvRQESotNKyAwjfVEWUpNLZWvDEmaqZbCqDRRUhByAapjkBajURfrkhvVvUANBSWlWyGgNDjoTqMljnLBeDGZtjSIHvWzgnxhEEMlvuVQhrYtVKmHJzjyMwsngxYShkIgtegfbZGjhpsCKYnxIOqhDyVILZFxWDjxiszqdGgjszQXDpcHKaJStacvJYTBUJNeGuTSZwUChGpDiyEWxymvtQDIQEhEnfPimmRJWKhOGHlnlYNLUxEWWSkprLBVOPOCrGRvgvzmQYomfQWrrWkpatMTBbRKIMzrsivfHReZxRFxdyKapKdreZcxtytFdpeDZxtwUqkZsLsInOpDRqVxiINTGxlIXYvInBYgENGyZDySgTKfIqomTgVRkaqWEbCTQkVlpJzDkWYeJummnGAhkIoGgHwdXjuyBfCwyYpyqkBwIqHpoDjxaUjHvOFhMVgBcZcdrpoPQBqzGryqzGpTAw', 'XhwvBjSIlVEAUiNdyyPThZdjAEQPhGgMBgCvhwoEwIPVvGXPcVIqDgOyDMuxTDaforzngRwBKLWYJInugBmLypJURDsVCrktikgDGjiLZGgsKqovYAQSROhzifWcZazTadqZbknxSbmrJQKbPxwCbSbTDhVbNFlyHNSgzPToNSzpcppRUuNcewrHBXVuOLkNpnjwydczdHoITmrNrDGSsJUKVKectYZBilzpGtTrSNyWIjnPgIDKERVgSYbnzAFEhnZhmBHxkPAeLxClXOvlVPwQQTWhSfrRItoUJFdeBFZpQqVUVpQkEUjSqJRSfZfFYiWRJibSlRkQpHzayBMcPHNnKVeAoKzbZURiUDLnNyznkSdiJrUdMCpQViHnEbdaRIqUqRFuqZORHZDrrvrxqWPXeAMmwYjmUYVbcJrrlZnnnYJvePvIkgkvtTpqFSyRpcxjEbPiDzLQibjGqQIgcaCnnZiJTBmTbVxLbZrCANFkVTMSjjzoKRpPaJwetGOCMrpNdYeRZFgPVRRTNQZjByJJgikRdMJtyCXdezoLFiOEkauIrcRcgfAOighunNoMwnQSuopNcOeTjEYFocZAvgMTCJvyStXstCIxJcODnDASAheeHbGKnnQPawQktrviqmZhvbwLOWNsguTUeQqrmMEFltXMLdKwHScNHxigfvwRaYigdvGcAEvdhUwCDjzkL'

Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\iproxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\plist.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\usbmuxd.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\libusb-1.0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\libusb-1.0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\plist.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\iproxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\usbmuxd.dll (copy)	Jump to dropped file

Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 3D20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 3F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 3E70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 78F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 88F0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Code function: 0_2_072CF578 rdtsc

0_2_072CF578

Source: C:\Users\user\Desktop\Titan.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Window / User API: threadDelayed 466

Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\iproxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\plist.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\usbmuxd.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\libusb-1.0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\libusb-1.0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\plist.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\iproxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\usbmuxd.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Titan.exe TID: 2896

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: Amcache.hve.4.dr	Binary or memory string: VMware
Source: Titan.exe	Binary or memory string: nOItTLmkwPwLlDfzTnjOiAeCjAankWeNRWbpYwTupVJAJpoVtcSNzAInjFKSlyAaliuObpaXUoYMqetuLEtHEQOROnGSlAIqViOauatEButKbvwEMPHgFsWUTdznjIlTghrHPTzkKpGJXEpSrBGWtbldMuGRbGVtJaeuEoptPWWPmMxPogwhBPZEvOvVMiJETMAwZvOCMNGXFWqzwqduJnrtAayptTggMRvZMAqsSuVoICyZXvZVFPugUGwzwYIsgZLoaRnvAkbPSCkxbYSyuKbwWPEFDqvtmcIjrKzGHdVVoeOSWzYYGJyVyPRKMhrJohdpuBGRYLqQpGHrBmjESXncemlbtoualLgGBYXUsHzuThgrHZJZxmrRuBLIQeXjRPfdZBqcOOMLXsJwFtUTfUcyUPMANPENjQdDCDSGihKiaftBsOCWJEEwngJJoqOzKycHOFuCaOlyKuYoVKIzMhEeLhQVtIRsSKYcDmnmTAwvSGmsIVodiPncuxvhpYJRxsfzVwkiXVfLlILFvXNYUnKDXwhGrGxureyabmXMkFGMjbrllqlSLkxJibbZOerRYlUGKldIzBnPhxUvEwUAUejGgorzLxxFNooyGkbzMdSKxickHfURKrxtBOaVtexCDhBsJWoUVUnqMZIyMGsfdgvVruwsKFFigQGPgjbkqAwpDGgcFbImmRYXlfBOZwKPPFKwStRdfHodjGRkNTnixSwOrjeAiMLuphayvkKMKfHedvnfOQAGJbRwIwFiOQuSwtnBgTodJbYRLRkvvzmSLElOPepzebxtloikImyubXwiDAkrLJnPdcHrIZmCdpyidegWjAnJAsqoIDKPtynVnhQIhqbizwRmYOEYTNILVdPllSjEOXIfBduwOXpsYEJEaEQtymvfqczJSeWOHXUcnmkvUIJvYPmRUKKhCpFb
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Titan.exe	Binary or memory string: ftJEdKMKdMKrhbTOMfRrjwCCVQDMmBzyNNXXdkIGsaktBeILnUdDvSjirGiMGzYbNLeUEvlcXKzJMIAqIrZRYwCudofXBvzsBIgqAnHrjBgkTaWjFsDPaGDRIjqPQNabLGHDbKqVjhhXQSaCRwSJrkRvFPhQxrbWaEZNTTHuBiftYfBqJnyUvRjboLyMdZXsGLwLtMjyoXHJFYWZOrHJtHaJVyZHVvQbKmmMjpxwEzfYJaVPpYxmSOyzlnpvnbdsGgySmJqYuKEtbCAvcJSwyeJwnnbwABIcWnRdcDdfiZsHJFYjnuSdJhubWBeziuYsCcXnkWSYgnNYmBmiPrIFieTpspGaZdwoAAFhikyQbuxWTVpUOvkqlTJXJivvQsyCqZYmwFAessdohxVXzlLdtFChqhYApDzjvuftxDXJvFyspUpMMXvegVIlWqvOhAppsusnScawNCioHKrWrMnRIVCaltWGIJbuPJAvcCtjxyQemUdMzZXVMYgXsSBYFUoEaoZyKwupSEUKEXoRPKGjmGhqccDJBVecKLDxufCCehDIDVSUdjIvNFSTGiVhtknwZrztTqXkIEEEDZnGKifRMjPFskrLJUIutGiMWYAnMYmIAOQhvOWK
Source: Amcache.hve.4.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Titan.exe	Binary or memory string: VVybtsitSHxIBsZabQstPHELTSdEhCpwfqIwnAxTalWenAUHwCejsUCORmIbPdLPRBdKjdnbSYSdkaXSyWHfYGDKoueArWEwaHMmXKXTPDQUBYeqPqcsVgrLxSVpynjvUWDcNlunyoPVpjIPPokBtLatQApFoiUcTUzfVBcdvpthQWWNJGZKChBIvJMNwpyPUnBUkduOLGGEStduebviJJZlSqkLoPhGqdMcUBdgLKzvbxqBgSjUtQGKOPBtsjZvZzOogBZcxPWyKeKVAieVgMNaXCOEAknclDWbjCVftHXetHzjFgsKEDPMmnQemUbNbuNHIimxNzcZpjgPCezTrdXhoJpvlqsYfJDyusbXuuwEaqXDHAbIVHWxWgSysqLWHEtfghVKCbZwhSGylmokPkCXnFcOZceDjaxWwrXZfRFuiZQDaUNGBaHXCWsaFGkawWNHVkCuOPFyeIpOpYoFPYBISaTZzwTZgfxLLJipSSrmVJsuhekhSfKYUFovQcuSwgRzKdCgqymwgPmJhZsVMlGBUYrGVmZpYZqpssjEbErUsNrFTeNrkZFKZPellvLDYxYHZwRppntHtmJHhmnqYiEyTfQcNySfsovuokgWMYCwfyRnFXEzIUeqsZnugobrVNOFqOSxFQeAgITVNcWptSXYJFCOwmqXwKbRjLxrEHtsqdKkGSgDRlxCqqvlMEATZGDVhBmCfflmYeiguRIdFnFLNYasPMeAGZTkapDEgeYlALdLIPquvXOmAsHIbtmSBkfzLxGFODxbPTKCuPkAWjEjLhjhhudmrFkPfeAKJkfrZmXgiEOLJlwRgwneOYYTaLjJjuXPOaqlEMKZKCzcgRdGITjirVvkMMROCNxnhyxjvKNTmNU
Source: Amcache.hve.4.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Titan.exe	Binary or memory string: ZUOprLkmDNcnvOPOOgXnbBeXOKDUuvRbHeWYHKJEleKFhVTlbmPiMdEXprbhHQrIwBfQrrHDXTBxrZqsrStIfiOeaziQicwVmCIfqCtjfLLtbGgQBjqpWjcNmBqrIqUvWgLoQKCoYJdTXUCTSSPzlGyDZvsoMCborQWvvrzqhBRNFIpSyWZqbVJPhHOURNbWiocHyHYaSYRjplxRFaqqckNVGHNncfZUaveQgiUqyyXDDZawKxOqXktxbHAqtkynyxJuGglWGzseNKRhhRdfQjxpBgoYidxNAkEFPfpdMsjXsOkRpSJcHSXOATsarModCfecFMRBczSYAZxmvXjQTUFhNpF
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Titan.exe	Binary or memory string: HWlQkAVYrwsRXDbNvRmlONzdXLxczuXXsjcsLEElOyoHZABYBAOzVsJuWItYCsYwZVZnbiCrMBWQYrDWKZayfXBAahVCKgiVZrhDbNwTyXmUWsVeEWOcSZQBUZNtMzggSArhKAvwdHAHkgehMqyoRGDzafiCADGyrGCVBoUEbSzKZIRnufhVBsPLwrGeRsvZBBQeeIgXVtMzGsaROuHVVkxzrqYJiqmiWZJXsmJmyJzHfPEERoPWlaEQEQnnjXofGdchjCZblVWLkpUblUrubQxwVtTczWCbUUBBnXVPPnlQEsfPwMBPfuDqggLpiwcOSuqQnSoOzcfnfgrdOEgmUnwaQKVGLfgSLWyJBPbeYnQDPQLAoibeQptfyQzdwhCTvMcIiicycBOhWsKAzVRdDCBVcSKkPyhqkwICoCRGFcCObLIFGzdbPYQtLGfPXrjeUXxakHLwDLXaAmuQKFeQUFaLgPrhWBiOtXuDOhVynhXEBptYMOFSNTK
Source: Amcache.hve.4.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Titan.exe	Binary or memory string: rsTNjcJYWRIzdNCSiHllCSytKPIgbrXRsXKUIYKyJCHGniWBspufbqgYuaDTUcwftqHGChKJxnbzLrFbtGomxsqCqmahVqdhFcMwbQzKflhoOgNCUbaOoKiBAEPQHcoHJuujfJAcHdHLKBnKZXMtPPsvtLwWAiDCxaeUmdXLbxHLCWqyRFrjQuruBypTMdcYZEOkXSXvAARRIhsXUyFurUlCijTonDzyVilyHGayiviQdZmTFRzNXhgFSMBnzjHwASwZwuPNYHMvlVYJxziVElanBgfvFmyzomPKdMXKClpQVlTwnrpAAlsPsJXQPUIlINHzGOflbYTTwJRQMiINwxyCuASToHvicEIIeUqZMEZcSYSirHDgLuoKOEFGvLwTclqrBImrsiBsYWkVhjchDPWhPxuZPjdAHFAgibhjVLndtwmsUjZMjPQMOIcDOMcIFBkTWDnGCtLsbtoTLCFfKRQspnRZzdUIieXsMSVQwTJqDYkVUIrMHxyokrdilOHZYDJwVvHsgojrHZoRCwEqlHBlgjHUpmeiLkSAOnAYBzfSOGgKDMgpJQnQBXQlonDtKAfXHnCOvgpmciXZDwQcGpYvwBzrXOkNvmINbJDPJStdbBoSAqhrWanUckaGoKqhvbqpaJyutBSnwvUvMgrghsqUynlriwazbMhzKysqsnxVHzYgQetITKzDkVrmYHLwaTMjOUlNoAotuVMyPEaECSfRMdOoHFSlbAvomoSvtfTTWGIPJsXTgHuHovXkGwGihCStZYLamfKWyLv
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Titan.exe, 00000000.00000002.2064423882.000000000CA69000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.(
Source: Amcache.hve.4.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\Titan.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\Desktop\Titan.exe

Code function: 0_2_03F19F78 CheckRemoteDebuggerPresent,

0_2_03F19F78

Source: C:\Users\user\Desktop\Titan.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Code function: 0_2_072CF578 rdtsc

0_2_072CF578

Source: C:\Users\user\Desktop\Titan.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: Titan.exe, 00000000.00000002.2033016881.00000000077D0000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2019828747.0000000005051000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2019828747.0000000004F31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: Titan.exe, 00000000.00000002.2033016881.00000000077D0000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2019828747.0000000005051000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2019828747.0000000004F31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndGMetroFramework.Properties.ResourcesfJ

Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Users\user\Desktop\Titan.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Titan.exe

File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	2 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	131 Security Software Discovery	Remote Services	1 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Process Injection	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
Titan.exe	38%	Virustotal	Browse
Titan.exe	16%	ReversingLabs
Titan.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\TitanTmp\ref\plutil (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\plutil	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x64\iproxy.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x64\libusb-1.0.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x64\plist.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x64\usbmuxd.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x86\iproxy.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x86\libusb-1.0.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x86\plist.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x86\usbmuxd.dll (copy)	0%	ReversingLabs

Source	Detection	Scanner	Label
https://ic-titan.net/iphon	0%	Avira URL Cloud	safe
https://dev.anthonyfessy.com/check.json	0%	Avira URL Cloud	safe
https://ic-titan.net/iphH	0%	Avira URL Cloud	safe
https://dev.anthonyfessy.com/lottie.min.js	0%	Avira URL Cloud	safe
http://ns.adbe.	0%	Avira URL Cloud	safe
https://www.siticoneframework.com/Mhttps://siticoneframework.com/pricing/Mhttps://siticoneframework.	0%	Avira URL Cloud	safe
https://ic-titan.netV	0%	Avira URL Cloud	safe
http://www.mono-project.com/DllNotFoundException)	0%	Avira URL Cloud	safe
https://ic-titan.net/iphoneost	0%	Avira URL Cloud	safe
https://ic-titan.net/version_tool.phpd$	0%	Avira URL Cloud	safe
http://ic-titan.netd	0%	Avira URL Cloud	safe
https://ic-titan.net/iphoneos	0%	Avira URL Cloud	safe
https://payments.siticoneframework.com/api/licensing.php%Siticone	0%	Avira URL Cloud	safe
http://ns.ad	0%	Avira URL Cloud	safe
https://payments.siticoneframework.com/api/licensing.php	0%	Avira URL Cloud	safe
https://gunaui.com/	0%	Avira URL Cloud	safe
https://ic-titan.net/version_tool.phpt	0%	Avira URL Cloud	safe
https://gunaui.com/api/licensing.php	0%	Avira URL Cloud	safe
http://ic-titan.net	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ic-titan.net	104.168.136.235	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers?	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ic-titan.net/iphon	Titan.exe, 00000000.00000002.2012550355.000000000430E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ic-titan.netV	Titan.exe, 00000000.00000002.2012550355.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
https://raw.githubusercontent.com/LibUsbDotNet/LibUsbDotNet/5dd91a2fda393cf11db2072f2b45c3aee2750388	Titan.exe, 00000000.00000002.2011096853.00000000021E8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sajatypeworks.com	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.netD	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/staff/dennis.htm	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dev.anthonyfessy.com/check.json	Titan.exe	false	Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/rfc4253#section-4.2	Titan.exe, 00000000.00000002.2032007658.00000000076C0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://dev.anthonyfessy.com/lottie.min.js	Titan.exe	false	Avira URL Cloud: safe	unknown
https://www.siticoneframework.com/Mhttps://siticoneframework.com/pricing/Mhttps://siticoneframework.	Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.mono-project.com/DllNotFoundException)	Titan.exe, 00000000.00000002.2028324960.0000000006940000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.kr	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.urwpp.deDPlease	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cn	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ns.adbe.	Titan.exe, 00000000.00000002.2052352730.0000000009160000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Titan.exe, 00000000.00000002.2012550355.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gunaui.com/pricing	Titan.exe, 00000000.00000002.2012550355.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://vimeo.com/api/v2/video/	Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	false		high
https://ic-titan.net/iphH	Titan.exe, 00000000.00000002.2012550355.000000000430E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ic-titan.net/iphoneost	Titan.exe, 00000000.00000002.2012550355.000000000430E000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ic-titan.net/version_tool.phpd$	Titan.exe, 00000000.00000002.2011096853.00000000021E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://gdata.youtube.com/feeds/api/videos/	Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	false		high
http://upx.sf.net	Amcache.hve.4.dr	false		high
http://ic-titan.netd	Titan.exe, 00000000.00000002.2012550355.000000000401A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ic-titan.net/iphoneos	Titan.exe, 00000000.00000002.2012550355.000000000430E000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://payments.siticoneframework.com/api/licensing.php%Siticone	Titan.exe, 00000000.00000002.2033501779.0000000007DF1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2033501779.00000000078F1000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.ad	Titan.exe, 00000000.00000002.2052352730.0000000009160000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gnu.org/licenses/lgpl-2.1.htmlF	Titan.exe, 00000000.00000002.2012550355.0000000004152000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp, libusb-1.0.dll.0.dr, libusb-1.0.dll0.0.dr	false		high
http://libusb.info	libusb-1.0.dll0.0.dr	false		high
http://www.carterandcone.coml	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.htmlN	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/frere-user.html	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gunaframework.com/api/licensing.php	Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	false		high
https://payments.siticoneframework.com/api/licensing.php	Titan.exe, 00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ic-titan.net	Titan.exe, 00000000.00000002.2012550355.000000000401A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ic-titan.net/version_tool.phpt	Titan.exe, 00000000.00000002.2012550355.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers8	Titan.exe, 00000000.00000002.2053412313.000000000A272000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gunaui.com/api/licensing.php	Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://gunaui.com/	Titan.exe, 00000000.00000002.2012550355.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2012550355.0000000004209000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.168.136.235	ic-titan.net	United States		54290	HOSTWINDSUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581526
Start date and time:	2024-12-28 01:43:47 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Titan.exe
Detection:	MAL
Classification:	mal84.troj.spyw.evad.winEXE@2/28@2/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 87% Number of executed functions: 479 Number of non-executed functions: 68
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.73.29, 23.206.103.35, 20.190.177.84, 172.202.163.200, 13.107.246.63
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:45:09	API Interceptor	1x Sleep call for process: WerFault.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HOSTWINDSUS	Support.Client.exe	Get hash	malicious	ScreenConnect Tool	Browse	104.168.134.232
	arm5.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	192.236.219.113
	lFxGd66yDa.exe	Get hash	malicious	NetSupport RAT	Browse	23.254.224.41
	Jjv9ha2GKn.exe	Get hash	malicious	NetSupport RAT, DarkTortilla	Browse	23.254.224.41
	5q1Wm5VlqL.exe	Get hash	malicious	NetSupport RAT	Browse	23.254.224.41
	xd.mpsl.elf	Get hash	malicious	Mirai	Browse	142.11.240.128
	loligang.arm.elf	Get hash	malicious	Mirai	Browse	192.119.104.64
	loligang.ppc.elf	Get hash	malicious	Mirai	Browse	142.11.240.155
	ppc.elf	Get hash	malicious	Mirai	Browse	23.254.189.226
	mpsl.elf	Get hash	malicious	Mirai	Browse	23.254.189.241

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	SharcHack.exe	Get hash	malicious	Ades Stealer, BlackGuard, NitroStealer, VEGA Stealer	Browse	104.168.136.235
	iviewers.dll	Get hash	malicious	LummaC	Browse	104.168.136.235
	Flasher.exe	Get hash	malicious	Luca Stealer, Rusty Stealer	Browse	104.168.136.235
	738KZNfnzz.exe	Get hash	malicious	LummaC	Browse	104.168.136.235
	TCKxnQ5CPn.exe	Get hash	malicious	Unknown	Browse	104.168.136.235
	OiMp3TH.exe	Get hash	malicious	LummaC	Browse	104.168.136.235
	n5Szx8qsFB.lnk	Get hash	malicious	Unknown	Browse	104.168.136.235
	A4FY1OA97K.lnk	Get hash	malicious	DanaBot	Browse	104.168.136.235
	vreFmptfUu.lnk	Get hash	malicious	DanaBot	Browse	104.168.136.235
	skript.bat	Get hash	malicious	Vidar	Browse	104.168.136.235

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll	palera1n.exe	Get hash	malicious	Unknown	Browse
	https://www.mediafire.com/download_repair.php?qkey=v6y1shsvt0m1lh6&dkey=vkvdhxewiw8&template=51&origin=click_button	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Titan.exe_8cb473512a7e91fa42a4426884a73d12e15a229_bfbfc816_99b83d33-fdcb-47f8-a360-9dee4fe9eec2\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.3865920318289406
Encrypted:	false
SSDEEP:	192:t2ghHiCEe2Z0BU/aauw25gm8Zr5nnv6zuiFJZ24IO8BH:caxEf6BU/aaogDv6zuiFJY4IO8R
MD5:	B777C5EA451CAA857F04E0C5B45D45BE
SHA1:	8A3EFD4C11F85D69EE6705B17FA171375B8EDFD0
SHA-256:	8CD3F8281F44CFBC9EE2859C63A2A02C8F9A551A5FDFB606BC16E91610284F93
SHA-512:	F73C648705503B810E242994D6E4BF4CBD599530FB4D17F7429A95B027F2B2AEA9BC76B50A3052B9ED32EC587E5666CF8BC0ADFF4068D1EC26A560499D7E4A83
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.8.2.0.2.7.9.9.8.1.1.0.1.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.8.2.0.2.8.1.3.5.6.1.0.0.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.9.b.8.3.d.3.3.-.f.d.c.b.-.4.7.f.8.-.a.3.6.0.-.9.d.e.e.4.f.e.9.e.e.c.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.e.d.4.0.0.2.1.-.3.8.3.7.-.4.4.b.9.-.9.3.f.c.-.4.c.c.e.6.9.a.9.8.5.7.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.T.i.t.a.n...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.T.i.t.a.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.7.4.-.0.0.0.1.-.0.0.1.4.-.7.4.d.1.-.9.5.a.b.c.1.5.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.3.4.2.7.7.6.5.f.7.3.3.0.8.9.c.9.3.f.d.3.9.6.8.8.9.0.5.e.d.3.0.0.0.0.0.0.0.0.!.0.0.0.0.1.0.2.0.e.b.8.3.f.5.3.8.0.0.9.2.b.7.1.d.d.a.d.4.0.e.4.4.a.d.d.a.3.6.3.4.f.2.5.5.!.T.i.t.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A9F.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sat Dec 28 00:44:40 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	498295
Entropy (8bit):	3.895945005114438
Encrypted:	false
SSDEEP:	3072:7Eq3AMEF4uEqWoLTgO94fygbtIqweNaEwt3bvuuf7OtBKo82sUrg:7Eq3+F4cTgwqyK6N+g+r
MD5:	5B57A2A4DEE40662DA12AC7DA7BB3625
SHA1:	4C7223A899F2C7296E18837E27270FB8E1DE00BD
SHA-256:	CB1F70C7EA1117B4E1C55C4C88922F1B6918B08C585D096D47E142FFEDB619B5
SHA-512:	62DC69DB8819A03938364C3D83E19E23033EA9892C7DB0825CF80DD318D5175B1BD6A24C4F5DC70FD5010C5FBF9F99EEAB0A44782D4E36C9F6EE285D3E86D9F2
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........Iog............$............+..8.......<...D6.......I..j...........`.......8...........T............Y...@...........6..........l8..............................................................................eJ.......9......GenuineIntel............T.......t....Iog.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D6E.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8356
Entropy (8bit):	3.6894041230624604
Encrypted:	false
SSDEEP:	192:R6l7wVeJ6F6HT6Y9oSU9HNZXgmfZQknpr789b77sfMpm:R6lXJ46HT6YiSU97XgmfOkm7Af/
MD5:	6DC26645A703B2DDC4D5F3981CFE93CB
SHA1:	018FDD959A2C1FD54FC0AD3FCAF6EBBF1977C933
SHA-256:	A8FF70D7E64B10CD2E7FB16EDD4B675ACE4AF243AFE89110F1A3B349277F7997
SHA-512:	DE76AD819385C6C9CDE9E8B7F44616FCDAE2374BC896BCC6C02F6C23C88699AC04720321EBC288BD52CC04BC40291A689AD0E94C7BF768BDAE47DD0C6F9C76CF
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.2.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D9E.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4693
Entropy (8bit):	4.42652544713936
Encrypted:	false
SSDEEP:	48:cvIwWl8zsnJg77aI981VWpW8VYUYm8M4Jl3gbFCo+q8vN3gIAZe2d:uIjfJI7i1k7VsJsKpAZPd
MD5:	180C112107D4B28FE025B7BA224CB9FB
SHA1:	B9E7B8D1CAD5B1300D068DE9F43391EF5A32630A
SHA-256:	7DBDEC4270C5971E577284439880589BC91EC7B3A4DF3248FE68B68A0AA625BC
SHA-512:	E96358D54928545B0953499571FFC360F930B02B8B0FCD301919FD8029F437C2D4684EA7D88889B42DF39E64BC042081F410B48703CB8C686C4F538F459DE831
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="650387" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\libirecovery-1.0.3.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	1100
Entropy (8bit):	5.811993948162244
Encrypted:	false
SSDEEP:	24:g+OmvWzY55ftFjHiUfyRUi+lmqXsnx46VFIcsE7iI4My/SU:gDBz857XaRUi5IVI7CL
MD5:	1EBD827269728E15CAEA34A2BCE762EA
SHA1:	F7CE3B5B68A5DD251420A2EAF546828DE689BA4C
SHA-256:	C43157470B15963125473A5F2A3F17972332320A7912EBF6C0664EB732E4B8AD
SHA-512:	55E5F34D29DFA3BC32AF5136A960FD4423B44E2FCEFA425DE3E37FED396D70ECB32652C5A50E34BD447959974A585886856F64A991AE8DA33599D35D8F424CB2
Malicious:	false
Reputation:	low
Preview:	bplist00.. ............................... !"""%"'")"+""."2"4"6%:%'"=""""""\SetupVersion_..UserChoseLanguage_..PBDiagnostics4Presented_..PrivacyPresented_..WebKitAcceleratedDrawingEnabled_..PaymentMiniBuddy4Ran_.+WebKitLocalStorageDatabasePathPreferenceKey^Mesa2PresentedVLocale_.!PhoneNumberPermissionPresentedKey_..setupMigratorVersion_..HSA2UpgradeMiniBuddy3Ran_..SetupFinishedAllSteps_..lastPrepareLaunchSentinel_..AppleIDPB10Presented_..PrivacyContentVersion_..UserInterfaceStyleModePresentedXLanguage_..HomeButtonCustomizePresentedYchronicle_..AnimateLanugageChoice]SetupLastExit_..MagnifyPresented_..WebDatabaseDirectory_.'WebKitOfflineWebApplicationCacheEnabledZSetupState_..AutoUpdatePresented]RestoreChoice_..ScreenTimePresented_..Passcode4PresentedYSetupDone_."WebKitShrinksStandaloneImagesToFit......._../var/mobile/Library/Caches.Ues_DO....../03A.`Ly.........Ues-DO..78Xfeatures..3A.`Lu.fw.._..SetupUsingAssistant.........K.X.l...............:.Q.l...............#.;.I.\.s...............&

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\plutil (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Mach-O universal binary with 1 architecture: [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|PIE>]
Category:	dropped
Size (bytes):	156896
Entropy (8bit):	4.080446969463163
Encrypted:	false
SSDEEP:	3072:zXZBMbqcduT8q6kKWyyWnf7ClG3nvIETVG:jbvAdkJ/Wnf7QQ
MD5:	D522E0D578A3AE147FB185560B8AF11E
SHA1:	8BBAFD8942EDBB032CA59561F2BE9CD212F467C7
SHA-256:	1438E8844C0A038891161D44BCD691AAF97485C560408CC0DC5B0230032A01C6
SHA-512:	1EDF73EA7704DF7ABB864BAEBA89BAA5136008C4A83B15A44F0B76219A2C3052EDF1E3DDCCDEE36DA424BC67BC0B878084C173323B844118B4E3678B66EDAAD6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	..................@...$.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\ut.plist (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	30922
Entropy (8bit):	4.786049148601881
Encrypted:	false
SSDEEP:	768:/xKg6haWguzKqE0WHERiwYHok4m0Ug4t0prB+79EPSxkGHnshc2jzZxKg6haWgur:v6haWguzKqE0WHERiwYHok4m0Ug4t0pc
MD5:	6AA87070538A40521A302D1429A78759
SHA1:	97E83BE8BAD422C74D27F5BC0FF2ABCC0429F8E6
SHA-256:	983863B37F94991D33B6023576CC6FC58B68A460818E040673FEF06A6E642FDD
SHA-512:	C95687D04EC6BA5B7D862C264841DC5E0FE5012FB1C874662DD6CF5527F4A23DF96D40C3EB7E42220C81A33C73B551EA1E47A4AD517A3DA02C390678AFEEE2CC
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>abs-client</key>..<string>1563636331</string>..<key>adi-client</key>..<string>822300215</string>..<key>application-identifier</key>..<string>com.apple.purplebuddy</string>..<key>aps-environment</key>..<string>development</string>..<key>backupd-connection-initiate</key>..<true/>..<key>com.apple.BTServer.allowRestrictedServices</key>..<true/>..<key>com.apple.BTServer.appleMfgDataScanner</key>..<true/>..<key>com.apple.BTServer.programmaticPairing</key>..<true/>..<key>com.apple.BTServer.supportsPairing</key>..<true/>..<key>com.apple.CommCenter.fine-grained</key>..<array>...<string>cellular-plan</string>...<string>spi</string>...<string>data-allowed-write</string>..</array>..<key>com.apple.Contacts.database-allow</key>..<true/>..<key>com.apple.Diagnostics.host-view-service</key>..<true/>..<key>com.apple.DiagnosticsSe

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\libirecovery-1.0.3.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	1100
Entropy (8bit):	5.811993948162244
Encrypted:	false
SSDEEP:	24:g+OmvWzY55ftFjHiUfyRUi+lmqXsnx46VFIcsE7iI4My/SU:gDBz857XaRUi5IVI7CL
MD5:	1EBD827269728E15CAEA34A2BCE762EA
SHA1:	F7CE3B5B68A5DD251420A2EAF546828DE689BA4C
SHA-256:	C43157470B15963125473A5F2A3F17972332320A7912EBF6C0664EB732E4B8AD
SHA-512:	55E5F34D29DFA3BC32AF5136A960FD4423B44E2FCEFA425DE3E37FED396D70ECB32652C5A50E34BD447959974A585886856F64A991AE8DA33599D35D8F424CB2
Malicious:	false
Reputation:	low
Preview:	bplist00.. ............................... !"""%"'")"+""."2"4"6%:%'"=""""""\SetupVersion_..UserChoseLanguage_..PBDiagnostics4Presented_..PrivacyPresented_..WebKitAcceleratedDrawingEnabled_..PaymentMiniBuddy4Ran_.+WebKitLocalStorageDatabasePathPreferenceKey^Mesa2PresentedVLocale_.!PhoneNumberPermissionPresentedKey_..setupMigratorVersion_..HSA2UpgradeMiniBuddy3Ran_..SetupFinishedAllSteps_..lastPrepareLaunchSentinel_..AppleIDPB10Presented_..PrivacyContentVersion_..UserInterfaceStyleModePresentedXLanguage_..HomeButtonCustomizePresentedYchronicle_..AnimateLanugageChoice]SetupLastExit_..MagnifyPresented_..WebDatabaseDirectory_.'WebKitOfflineWebApplicationCacheEnabledZSetupState_..AutoUpdatePresented]RestoreChoice_..ScreenTimePresented_..Passcode4PresentedYSetupDone_."WebKitShrinksStandaloneImagesToFit......._../var/mobile/Library/Caches.Ues_DO....../03A.`Ly.........Ues-DO..78Xfeatures..3A.`Lu.fw.._..SetupUsingAssistant.........K.X.l...............:.Q.l...............#.;.I.\.s...............&

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\plutil

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Mach-O universal binary with 1 architecture: [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|PIE>]
Category:	dropped
Size (bytes):	156896
Entropy (8bit):	4.080446969463163
Encrypted:	false
SSDEEP:	3072:zXZBMbqcduT8q6kKWyyWnf7ClG3nvIETVG:jbvAdkJ/Wnf7QQ
MD5:	D522E0D578A3AE147FB185560B8AF11E
SHA1:	8BBAFD8942EDBB032CA59561F2BE9CD212F467C7
SHA-256:	1438E8844C0A038891161D44BCD691AAF97485C560408CC0DC5B0230032A01C6
SHA-512:	1EDF73EA7704DF7ABB864BAEBA89BAA5136008C4A83B15A44F0B76219A2C3052EDF1E3DDCCDEE36DA424BC67BC0B878084C173323B844118B4E3678B66EDAAD6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	..................@...$.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\ut.plist

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	30922
Entropy (8bit):	4.786049148601881
Encrypted:	false
SSDEEP:	768:/xKg6haWguzKqE0WHERiwYHok4m0Ug4t0prB+79EPSxkGHnshc2jzZxKg6haWgur:v6haWguzKqE0WHERiwYHok4m0Ug4t0pc
MD5:	6AA87070538A40521A302D1429A78759
SHA1:	97E83BE8BAD422C74D27F5BC0FF2ABCC0429F8E6
SHA-256:	983863B37F94991D33B6023576CC6FC58B68A460818E040673FEF06A6E642FDD
SHA-512:	C95687D04EC6BA5B7D862C264841DC5E0FE5012FB1C874662DD6CF5527F4A23DF96D40C3EB7E42220C81A33C73B551EA1E47A4AD517A3DA02C390678AFEEE2CC
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>abs-client</key>..<string>1563636331</string>..<key>adi-client</key>..<string>822300215</string>..<key>application-identifier</key>..<string>com.apple.purplebuddy</string>..<key>aps-environment</key>..<string>development</string>..<key>backupd-connection-initiate</key>..<true/>..<key>com.apple.BTServer.allowRestrictedServices</key>..<true/>..<key>com.apple.BTServer.appleMfgDataScanner</key>..<true/>..<key>com.apple.BTServer.programmaticPairing</key>..<true/>..<key>com.apple.BTServer.supportsPairing</key>..<true/>..<key>com.apple.CommCenter.fine-grained</key>..<array>...<string>cellular-plan</string>...<string>spi</string>...<string>data-allowed-write</string>..</array>..<key>com.apple.Contacts.database-allow</key>..<true/>..<key>com.apple.Diagnostics.host-view-service</key>..<true/>..<key>com.apple.DiagnosticsSe

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	5.150709929809416
Encrypted:	false
SSDEEP:	192:+TB7EQ+bx0xCK9t2fPMmMNvlhPQ20GRjsgGts1+T7660+VHFp1zjUm3Q5tfpnd8C:Yl+N0xCK9t2nQv742FMlZ7znAm3i
MD5:	9972DD0557FEC1832455F01A1D141D12
SHA1:	FBB37704A68F028026956FA54D8D64E00361FC39
SHA-256:	6B107FBF266E45ABF394A033E5E9959EFDD9A7D9B7CDAD071AD0E4FC256D2D15
SHA-512:	F1CE4E65E57EF3EDEFA9A311DFCBB26F4372C6BFAB828831619ECC22F255228950E84B080287CFAF5E39E751A27C64B59B8C057B89AC39BC105265E81374D2F5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Rv.....Q...Q...Q.o0Q...QD..P...QD..P...QD..P...QD..P...Q\|..P...Qys.P...Q...QE..Q\|..P...Q\|.\Q...Q\|..P...QRich...Q........PE..d...r.>\.........."..........*....... .........@..........................................`.................................................$?.......p.......`..X...................08..p............................8...............0...............................text...(........................... ..`.rdata.......0....... ..............@..@.data...X....P.......:..............@....pdata..X....`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	214745
Entropy (8bit):	6.311489614007665
Encrypted:	false
SSDEEP:	3072:lwhaakECr5GrXKm5UcC8KXvnw8seD5cAECoOJhEg2ptfXd3ZkZPO+e3NRwP3HVw:lViKkKm5Xa3snM2bl3ZkZU9iP3G
MD5:	31A5D095AAC8B96BB00B7436459F98B3
SHA1:	332B76859E9418A54AA90577835F2A6E41E678A4
SHA-256:	76055314E4E69641FB889E88B858BCC14B50AFF06F197E5F8D5A112BA2E13ED7
SHA-512:	83F1B1AD34F59DED60B8D873E846E46DA1D9607C15A3C6C77274C73F8A07A6FB565366F22E500A00B4992AF5FCC54DF8CF4FBF0A332767F3FB48B4CA681E5FAB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: palera1n.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........8..f.....&"...&.2...4......P.........2...........................................`... ......................................`..I.......................................D........................... ...(...................L................................text...h1.......2..................`..`.data...0....P.......6..............@....rdata.......`.......<..............@..@.pdata..............................@..@.xdata..,.... ......................@..@.bss....p....@...........................edata..I....`......................@..@.idata..............................@....CRT....X............*..............@....tls.................,..............@....rsrc...............................@....reloc..D............4..............@..B................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	modified
Size (bytes):	52224
Entropy (8bit):	6.042806370775442
Encrypted:	false
SSDEEP:	768:X355SGub/Yr1CpCcgaOKkemPktwb+bhg+xBqkeS03c+XfXje6:Xp50b/rga1kFGx5+PXjb
MD5:	B47DD9488AC6002C4D5E9D5114B822D4
SHA1:	DE2D2899562221E9C815AC11FD63F667784ADB3F
SHA-256:	9106A4136EBDCDD26778A1E53998BDAA3215F5EEA10028714FD5353F9B720AE2
SHA-512:	C16EAFD0BEA07939B34AC66DEA48FA65448BD3FD6B3B9695F2860267E0BDC1F1D9F1FDA12388B53962623CF5D4C8B507230C2CFFE4456ADB5D1E079245C136B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f.3.a...=..j.....g.n...=..m...=..}...=..g......m...o.../......c......d......n....._.n......n...Richo...................PE..d...\.>\.........." .........<......p........................................ ............`.............................................p...p...................\...................`...p...........................................................................text.............................. ..`.rdata..0#.......$..................@..@.data...............................@....pdata..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	5.855477654799774
Encrypted:	false
SSDEEP:	768:dqzK4nasQQfbBTtSt+1nf6tQyz9BLtkHu:Qe4RvNpW2nf6tfzbtkH
MD5:	766F04C22A6B7F82880172F0377AB176
SHA1:	E1FDAA1BCCB8DB30CA5C463224CBC1A73CF87CD1
SHA-256:	198FB6ABF469869E6462DDEB4994985A7483562D9035A19F7EB27487CEBDF228
SHA-512:	FA2EFC140CD1F34D252E02D90D34AE900D72FC31A623BBB20662225CA269F9677F516DE3FB140D9F26170061DE9D2C028CD821546F2E6E240EC7F33D7B55934A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........xSOw+SOw+SOw+Z7.+_Ow+.'vQOw+..+ROw+.'tQOw+.'rXOw+.'s[Ow+9'vQOw+<+vVOw+SOv+.Ow+9'sPOw+9'wROw+9'.+ROw+9'u*ROw+RichSOw+................PE..d...q.>\.........." .....L...B.......P....................................................`.........................................p~......x...................................,....t..p...........................pt...............`...............................text....K.......L.................. ..`.rdata..Z+...`...,...P..............@..@.data................\|..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.726362601796716
Encrypted:	false
SSDEEP:	192:DhzIqfbKzgh1JsOGejZ46JCFrqhiTL6aU+zPImifDrqhqrUqF7E5pz6l9u:D6AKzgF0eja6JCUh6Zbzm6hqoU7
MD5:	928622B500417FD7AF3DC636ACD73783
SHA1:	F87563EF44AA94339F132473104FFDE038FEFFA9
SHA-256:	5F8A420B9DEBC686DF514E294C828CB6603F563F413AC27C51516634580EC91F
SHA-512:	4C90352F7D62AD33A2444D2007AF582E75F0C87338E4F48151C7487851A54F36900E55A0EA2CDB7ADDDA2034BA896CDD4038B77DD4FB7E7FB52E237AF4517098
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...My..My..My..5..My..%x..My..%z..My..%\|..My..%}..My..%x..My..)x..My..Mx..My..%}..My..%...My..%{..My.Rich.My.........................PE..L...W.>\............................T........0....@.......................................@..................................:.......`.......................p..L...@6..p............................6..@............0..<............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@.reloc..L....p.......2..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	230998
Entropy (8bit):	6.494886982257161
Encrypted:	false
SSDEEP:	3072:IymC3p6XIL/p7kQaQZZRO4afFA8ixwCt/5JrQbw4YxBU6vUoO8Eq+fNfZxuEHjvU:51LOQauZ9adexJrQk4YEflr/g
MD5:	37809E8C32CA652D6D6843687A954F8C
SHA1:	CF4AC32E545573128D389BC7F811377CB427E4D2
SHA-256:	43A8011BC39CD786857C996DAF69F0D94579B5050F3DC140E76A20465E14B949
SHA-512:	6DA833B3BA8F04FF9BD59DBE5EEC9F6DA489DD4125ADF25512F90D631733530C1DD5C01C9E558C1434399AE615EE188205645534BD0F09D038482B86AEC8D6F9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........v..j......#...&.B...r...............`.....k................................u.....@... ......................p..I.......$...................................................................................................................text....@.......B..................`..`.data........`.......F..............@....rdata..`....p.......J..............@..@/4.......Q.......R..................@..@.bss.........`...........................edata..I....p.......(..............@..@.idata..$............D..............@....CRT....,............P..............@....tls.................R..............@....rsrc................T..............@....reloc...............Z..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	45568
Entropy (8bit):	6.461810277701716
Encrypted:	false
SSDEEP:	768:dIIvCUBV6YpfSKtOmWz1bUCyK1NDv+TAyiMGDeZIK2XS0XF:dzvCUBPfS0OmEzyGNDWE2GUIK2C0X
MD5:	6593861573E6B16C96E9D56037DE7F67
SHA1:	4298F4FD85311BD44272E46F200CE52C8634A98B
SHA-256:	0CF5976EF7ECF21F53341BE750E812658C3F35F171F6ACB317E330C080F066AE
SHA-512:	8D75504AC062EF7D54B16256A87547DED84DC9942A30A59FAB647E39AA59519085BCDFE1A91ED0C6CE9F9FB0E73E489A6AED9498916DB5BF513681C1F23F6481
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1..1..1..I<.1...Y..1....h.1...Y..1...Y..1...Y..1...U..1..1..1...Y..1...Y..1...Y..1...YP.1...Y..1..Rich.1..........................PE..L...A.>\...........!.........$............................................................@............................p...`...........................................p...............................@............................................text.............................. ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	29184
Entropy (8bit):	6.27900443113766
Encrypted:	false
SSDEEP:	768:7V+RjoyZCkC7ITsAhexjkE3sIV37zXBO3w+:ERjnC7ITveB37zE3R
MD5:	3149B3F99865A240D5367300F2B248A4
SHA1:	6B06CB0CAB504E76226E2E4BB8F5AD40099CA9CF
SHA-256:	0EA8054C6ED6311D87E581EEB3C255BDFE700157A453D97C2D4F47AA3B8CB07D
SHA-512:	0DBDEB697D63D820534468D581BDC7C73DADC1DA441302CD2D21FCA61A7E2FBAFE7632A66A99E71944D703DED2C27DFC3CECBE3E92ECB77022E5522A0290C9C0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ir...!...!...!...!...!... ...!0P.!...!... ...!... ...!... ...!.. ...!... ...!...!...!.. ...!.. ...!..!...!.. ...!Rich...!................PE..L...V.>\...........!.....B...2.......G.......`............................................@..........................u.......x.......................................q..p............................r..@............`..h............................text...%A.......B.................. ..`.rdata...!...`..."...F..............@..@.data................h..............@....rsrc................j..............@..@.reloc...............l..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\utils.zip

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	343491
Entropy (8bit):	7.996817711249706
Encrypted:	true
SSDEEP:	6144:sbq87YWfAnCmIB9bE/Qw6C3vxwSpO3JUSL1L1TBshTgrzje:UXXAF/QPC/+S+11TqhT2zK
MD5:	AC48173510245BF623324539B958E779
SHA1:	D5CC385039D18B51C7774C3A2279EF697A2EDC1D
SHA-256:	C85E70D775996C8E7ABDA8789E43C0E9DFC945EBBB267BED6F2C870BEFDBF515
SHA-512:	1042773CFF187FAAE3962AE6D5A802E8642393FD0824E58A28A9A71914C52F46F8C2EF1904F34D26D3D87FD557861B8828B1EC2B4DB589F53DC88C93004FDA83
Malicious:	false
Preview:	PK...........Y................x86/PK........6.xW.Z..7....6......x86/iproxy.exe.:}\|T.w..0.@"%...C...q&..\|N2....5...$.&3/....71Q..a,.G.mqW..OK..]..V.X[.....D.RZXE...dm.Qb7.....$...._..../..u.9.{.9..2ko....B.Pd..>.<......Y.~5.<1...>....yw....../.t.\|~.i.`..}L..:..wq.3g..<.Yz.K/..3Q...;...].;#.i{.....mw.........Di;.Rx7..Z\|.........N....^lVB.ht.....<I.....$90.....C...j..).......J.'.XvQD..o.....#d.;.`].e...\|......}..S....\|>~..u....JU.......R..]..A..W.{.=.....Z..42.FeStC.?......N..u..g... ..;....[.g.n"_>....Wg!...M.p.5..N.p...K.dx.Z. g.1ZH.HNs.6...<..Y..u,.1.G.y.u.....-f...y..9.#r....}...z...V.......=0'..3...K'D\|k.b.z.......x...XhB....]2....,.y...F..o.S@49..........S....3.M..."G..].H.:.,....5......~...J..3P...........<F..9...r8..'..A......,.P..)..n....ts]...a...j..l...4....U...-.a.T%S}.L.h.kh.......'*w.F.50...F...:..'.....]<.U..fu!qmN.7c.e :..N........K..~/.....#v...7....Qt.F.Q......\|\,....F..k;..l..l!qB;..3..k.../R......K.......ee.v0.?

C:\Users\user\AppData\Local\Temp\TitanTmp\x64\iproxy.exe (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	5.150709929809416
Encrypted:	false
SSDEEP:	192:+TB7EQ+bx0xCK9t2fPMmMNvlhPQ20GRjsgGts1+T7660+VHFp1zjUm3Q5tfpnd8C:Yl+N0xCK9t2nQv742FMlZ7znAm3i
MD5:	9972DD0557FEC1832455F01A1D141D12
SHA1:	FBB37704A68F028026956FA54D8D64E00361FC39
SHA-256:	6B107FBF266E45ABF394A033E5E9959EFDD9A7D9B7CDAD071AD0E4FC256D2D15
SHA-512:	F1CE4E65E57EF3EDEFA9A311DFCBB26F4372C6BFAB828831619ECC22F255228950E84B080287CFAF5E39E751A27C64B59B8C057B89AC39BC105265E81374D2F5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Rv.....Q...Q...Q.o0Q...QD..P...QD..P...QD..P...QD..P...Q\|..P...Qys.P...Q...QE..Q\|..P...Q\|.\Q...Q\|..P...QRich...Q........PE..d...r.>\.........."..........*....... .........@..........................................`.................................................$?.......p.......`..X...................08..p............................8...............0...............................text...(........................... ..`.rdata.......0....... ..............@..@.data...X....P.......:..............@....pdata..X....`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x64\libusb-1.0.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	214745
Entropy (8bit):	6.311489614007665
Encrypted:	false
SSDEEP:	3072:lwhaakECr5GrXKm5UcC8KXvnw8seD5cAECoOJhEg2ptfXd3ZkZPO+e3NRwP3HVw:lViKkKm5Xa3snM2bl3ZkZU9iP3G
MD5:	31A5D095AAC8B96BB00B7436459F98B3
SHA1:	332B76859E9418A54AA90577835F2A6E41E678A4
SHA-256:	76055314E4E69641FB889E88B858BCC14B50AFF06F197E5F8D5A112BA2E13ED7
SHA-512:	83F1B1AD34F59DED60B8D873E846E46DA1D9607C15A3C6C77274C73F8A07A6FB565366F22E500A00B4992AF5FCC54DF8CF4FBF0A332767F3FB48B4CA681E5FAB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........8..f.....&"...&.2...4......P.........2...........................................`... ......................................`..I.......................................D........................... ...(...................L................................text...h1.......2..................`..`.data...0....P.......6..............@....rdata.......`.......<..............@..@.pdata..............................@..@.xdata..,.... ......................@..@.bss....p....@...........................edata..I....`......................@..@.idata..............................@....CRT....X............*..............@....tls.................,..............@....rsrc...............................@....reloc..D............4..............@..B................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x64\plist.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	52224
Entropy (8bit):	6.042806370775442
Encrypted:	false
SSDEEP:	768:X355SGub/Yr1CpCcgaOKkemPktwb+bhg+xBqkeS03c+XfXje6:Xp50b/rga1kFGx5+PXjb
MD5:	B47DD9488AC6002C4D5E9D5114B822D4
SHA1:	DE2D2899562221E9C815AC11FD63F667784ADB3F
SHA-256:	9106A4136EBDCDD26778A1E53998BDAA3215F5EEA10028714FD5353F9B720AE2
SHA-512:	C16EAFD0BEA07939B34AC66DEA48FA65448BD3FD6B3B9695F2860267E0BDC1F1D9F1FDA12388B53962623CF5D4C8B507230C2CFFE4456ADB5D1E079245C136B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f.3.a...=..j.....g.n...=..m...=..}...=..g......m...o.../......c......d......n....._.n......n...Richo...................PE..d...\.>\.........." .........<......p........................................ ............`.............................................p...p...................\...................`...p...........................................................................text.............................. ..`.rdata..0#.......$..................@..@.data...............................@....pdata..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x64\usbmuxd.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	5.855477654799774
Encrypted:	false
SSDEEP:	768:dqzK4nasQQfbBTtSt+1nf6tQyz9BLtkHu:Qe4RvNpW2nf6tfzbtkH
MD5:	766F04C22A6B7F82880172F0377AB176
SHA1:	E1FDAA1BCCB8DB30CA5C463224CBC1A73CF87CD1
SHA-256:	198FB6ABF469869E6462DDEB4994985A7483562D9035A19F7EB27487CEBDF228
SHA-512:	FA2EFC140CD1F34D252E02D90D34AE900D72FC31A623BBB20662225CA269F9677F516DE3FB140D9F26170061DE9D2C028CD821546F2E6E240EC7F33D7B55934A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........xSOw+SOw+SOw+Z7.+_Ow+.'vQOw+..+ROw+.'tQOw+.'rXOw+.'s[Ow+9'vQOw+<+vVOw+SOv+.Ow+9'sPOw+9'wROw+9'.+ROw+9'u*ROw+RichSOw+................PE..d...q.>\.........." .....L...B.......P....................................................`.........................................p~......x...................................,....t..p...........................pt...............`...............................text....K.......L.................. ..`.rdata..Z+...`...,...P..............@..@.data................\|..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x86\iproxy.exe (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.726362601796716
Encrypted:	false
SSDEEP:	192:DhzIqfbKzgh1JsOGejZ46JCFrqhiTL6aU+zPImifDrqhqrUqF7E5pz6l9u:D6AKzgF0eja6JCUh6Zbzm6hqoU7
MD5:	928622B500417FD7AF3DC636ACD73783
SHA1:	F87563EF44AA94339F132473104FFDE038FEFFA9
SHA-256:	5F8A420B9DEBC686DF514E294C828CB6603F563F413AC27C51516634580EC91F
SHA-512:	4C90352F7D62AD33A2444D2007AF582E75F0C87338E4F48151C7487851A54F36900E55A0EA2CDB7ADDDA2034BA896CDD4038B77DD4FB7E7FB52E237AF4517098
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...My..My..My..5..My..%x..My..%z..My..%\|..My..%}..My..%x..My..)x..My..Mx..My..%}..My..%...My..%{..My.Rich.My.........................PE..L...W.>\............................T........0....@.......................................@..................................:.......`.......................p..L...@6..p............................6..@............0..<............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@.reloc..L....p.......2..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x86\libusb-1.0.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	230998
Entropy (8bit):	6.494886982257161
Encrypted:	false
SSDEEP:	3072:IymC3p6XIL/p7kQaQZZRO4afFA8ixwCt/5JrQbw4YxBU6vUoO8Eq+fNfZxuEHjvU:51LOQauZ9adexJrQk4YEflr/g
MD5:	37809E8C32CA652D6D6843687A954F8C
SHA1:	CF4AC32E545573128D389BC7F811377CB427E4D2
SHA-256:	43A8011BC39CD786857C996DAF69F0D94579B5050F3DC140E76A20465E14B949
SHA-512:	6DA833B3BA8F04FF9BD59DBE5EEC9F6DA489DD4125ADF25512F90D631733530C1DD5C01C9E558C1434399AE615EE188205645534BD0F09D038482B86AEC8D6F9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........v..j......#...&.B...r...............`.....k................................u.....@... ......................p..I.......$...................................................................................................................text....@.......B..................`..`.data........`.......F..............@....rdata..`....p.......J..............@..@/4.......Q.......R..................@..@.bss.........`...........................edata..I....p.......(..............@..@.idata..$............D..............@....CRT....,............P..............@....tls.................R..............@....rsrc................T..............@....reloc...............Z..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x86\plist.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	45568
Entropy (8bit):	6.461810277701716
Encrypted:	false
SSDEEP:	768:dIIvCUBV6YpfSKtOmWz1bUCyK1NDv+TAyiMGDeZIK2XS0XF:dzvCUBPfS0OmEzyGNDWE2GUIK2C0X
MD5:	6593861573E6B16C96E9D56037DE7F67
SHA1:	4298F4FD85311BD44272E46F200CE52C8634A98B
SHA-256:	0CF5976EF7ECF21F53341BE750E812658C3F35F171F6ACB317E330C080F066AE
SHA-512:	8D75504AC062EF7D54B16256A87547DED84DC9942A30A59FAB647E39AA59519085BCDFE1A91ED0C6CE9F9FB0E73E489A6AED9498916DB5BF513681C1F23F6481
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1..1..1..I<.1...Y..1....h.1...Y..1...Y..1...Y..1...U..1..1..1...Y..1...Y..1...Y..1...YP.1...Y..1..Rich.1..........................PE..L...A.>\...........!.........$............................................................@............................p...`...........................................p...............................@............................................text.............................. ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x86\usbmuxd.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	29184
Entropy (8bit):	6.27900443113766
Encrypted:	false
SSDEEP:	768:7V+RjoyZCkC7ITsAhexjkE3sIV37zXBO3w+:ERjnC7ITveB37zE3R
MD5:	3149B3F99865A240D5367300F2B248A4
SHA1:	6B06CB0CAB504E76226E2E4BB8F5AD40099CA9CF
SHA-256:	0EA8054C6ED6311D87E581EEB3C255BDFE700157A453D97C2D4F47AA3B8CB07D
SHA-512:	0DBDEB697D63D820534468D581BDC7C73DADC1DA441302CD2D21FCA61A7E2FBAFE7632A66A99E71944D703DED2C27DFC3CECBE3E92ECB77022E5522A0290C9C0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ir...!...!...!...!...!... ...!0P.!...!... ...!... ...!... ...!.. ...!... ...!...!...!.. ...!.. ...!..!...!.. ...!Rich...!................PE..L...V.>\...........!.....B...2.......G.......`............................................@..........................u.......x.......................................q..p............................r..@............`..h............................text...%A.......B.................. ..`.rdata...!...`..."...F..............@..@.data................h..............@....rsrc................j..............@..@.reloc...............l..............@..B........................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465588219558464
Encrypted:	false
SSDEEP:	6144:wIXfpi67eLPU9skLmb0b4WWSPKaJG8nAgejZMMhA2gX4WABl0uNkdwBCswSbb:VXD94WWlLZMM6YFHq+b
MD5:	C820D6F01F446481188B89B71F048F6E
SHA1:	14E3892F63BBD1FF642A3B267BE0487A9F37BC42
SHA-256:	ADB25FA200E0F32CE9B765CDD865FCEDAFB6E26B17E7D8A065250F868898ECEF
SHA-512:	47EC91B05C113FAB15372CF615F025340B7CCA80A296417A33A8DC6EB02813CCD9933FA8213EE149254E2019D56C0ED89D07FE5EF2074905816B55548EAF1C49
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.!\..X................................................................................................................................................................................................................................................................................................................................................K.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.943977922701104
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.90% Win32 Executable (generic) a (10002005/4) 49.85% InstallShield setup (43055/19) 0.21% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01%
File name:	Titan.exe
File size:	15'447'040 bytes
MD5:	d615c92a9afcabe383cd651ab3cf90f2
SHA1:	1020eb83f5380092b71ddad40e44adda3634f255
SHA256:	feb67c5d1e5362132049270f7d8c9250573872cfda6ebf1817263f14af24d122
SHA512:	aa473ecd1488917edb5a043165d3f6964fa0945237bc41fa1a4854ba66083a2d6f18a36ab1ad31a6aedd88f76da49dd30f5ecafe6b20daa60dc4d64af5f393e9
SSDEEP:	196608:5HZpYAmscVO0lYzgqv4YAmscVO0lYzgqvPvkKHEyUzeApkSIfSKYODT:55pLmVPGz2LmVPGz1vkAEySpkScv
TLSH:	7FF63316A1B68D42FB1E373871C416201F7170CE9BA7F7372784A8842B877BD89D8997
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,............"...0...................... ....@.. ....................... ............`................................

File Icon


Icon Hash:	5dc0c372b232f04d

Static PE Info

General

Entrypoint:	0x12be00a
Entrypoint Section:	inVRGFmg
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xCD8A2C9F [Mon Apr 10 20:37:51 2079 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [012BE000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9b594	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xebc000	0x1686	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xec0000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xebe000	0x8	inVRGFmg
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x9a000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
Wn(n~	0x2000	0x4bfe4	0x4c000	caec85eb3fb1262222c864fe37d9c46d	False	0.5090010793585527	data	6.4981399055306985	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Wn(n~	0x4e000	0x4bfe4	0x4c000	417dcf023961f0452326fa8b23739336	False	1.0003244500411184	data	7.999419325988196	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.text	0x9a000	0xe213db	0xe21400	31260ffa20950f82bdde2b58a5f41142	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xebc000	0x1686	0x1800	4dcda0d1142af8353ef4d101737a5d9e	False	0.4910481770833333	data	5.807858457114281	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
inVRGFmg	0xebe000	0x10	0x200	0a02ae2f84339d197b33778e4eaad560	False	0.048828125	data	0.16299007530476972	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0xec0000	0xc	0x200	46017c669932f520fe81ead767031f1a	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xebc130	0x1024	Device independent bitmap graphic, 32 x 62 x 32, image size 3968, resolution 2835 x 2835 px/m	0.5554211035818006
RT_GROUP_ICON	0xebd154	0x14	data	1.05
RT_VERSION	0xebd168	0x334	data	0.41585365853658535
RT_MANIFEST	0xebd49c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 01:45:10.551098108 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:10.551140070 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:45:10.551203012 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:10.551711082 CET	49749	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:10.551795959 CET	443	49749	104.168.136.235	192.168.2.4
Dec 28, 2024 01:45:10.551857948 CET	49749	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:10.586107969 CET	49749	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:10.586160898 CET	443	49749	104.168.136.235	192.168.2.4
Dec 28, 2024 01:45:10.587706089 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:10.587722063 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:45:12.302930117 CET	443	49749	104.168.136.235	192.168.2.4
Dec 28, 2024 01:45:12.303006887 CET	49749	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:12.303347111 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:45:12.303402901 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:18.419385910 CET	49749	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:45:18.419497013 CET	49748	443	192.168.2.4	104.168.136.235

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 01:44:40.001199961 CET	60495	53	192.168.2.4	1.1.1.1
Dec 28, 2024 01:44:41.007507086 CET	60495	53	192.168.2.4	1.1.1.1
Dec 28, 2024 01:44:41.039974928 CET	53	60495	1.1.1.1	192.168.2.4
Dec 28, 2024 01:44:41.144562960 CET	53	60495	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 28, 2024 01:44:40.001199961 CET	192.168.2.4	1.1.1.1	0xd643	Standard query (0)	ic-titan.net	A (IP address)	IN (0x0001)	false
Dec 28, 2024 01:44:41.007507086 CET	192.168.2.4	1.1.1.1	0xd643	Standard query (0)	ic-titan.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 28, 2024 01:44:41.039974928 CET	1.1.1.1	192.168.2.4	0xd643	No error (0)	ic-titan.net		104.168.136.235	A (IP address)	IN (0x0001)	false
Dec 28, 2024 01:44:41.144562960 CET	1.1.1.1	192.168.2.4	0xd643	No error (0)	ic-titan.net		104.168.136.235	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	19:44:36
Start date:	27/12/2024
Path:	C:\Users\user\Desktop\Titan.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Titan.exe"
Imagebase:	0xd20000
File size:	15'447'040 bytes
MD5 hash:	D615C92A9AFCABE383CD651AB3CF90F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2047019588.0000000008A40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2012550355.0000000003F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2030189008.00000000074A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1660154291.0000000001722000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1660154291.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	19:44:39
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 2164
Imagebase:	0x950000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	13.7%
Dynamic/Decrypted Code Coverage:	96.4%
Signature Coverage:	4.8%
Total number of Nodes:	640
Total number of Limit Nodes:	40

Executed Functions

Function 03E71A1C Relevance: 6.9, Strings: 5, Instructions: 622
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 03E752EB
Hbq, xrefs: 03E75089
Hbq, xrefs: 03E7511C
Hbq, xrefs: 03E751A3
Hbq, xrefs: 03E7522D

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq$Hbq$Hbq
API String ID: 0-1677660839
Opcode ID: ee83456450492e3014d1b214b504d3310d8421b3f37592907d5cbc0b3895af58
Instruction ID: f8badc7493079bc931d9531f9ad7c828c1115884b68207a09f0c5061633095da
Opcode Fuzzy Hash: ee83456450492e3014d1b214b504d3310d8421b3f37592907d5cbc0b3895af58
Instruction Fuzzy Hash: 74328E30E002588FDB54DFB9C8507AEBBF6AF88300F1491AAD149AB395DB349D42CF95

Function 077CDB64 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?), ref: 077CDC70

Strings

1, xrefs: 077CDB64

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID: 1
API String ID: 2492992576-2212294583
Opcode ID: 70962ce2efd7a789101d5228bf7c54458b68082e48914a3559971795e7c38746
Instruction ID: c6520559f73cc89e9c6cf17e389b3dca343a7522c1b9849467789655a55b6c4a
Opcode Fuzzy Hash: 70962ce2efd7a789101d5228bf7c54458b68082e48914a3559971795e7c38746
Instruction Fuzzy Hash: 7D5199B4E013589FDB20CFA9C984ADEFBF0BB49310F20846AE418AB250D7749985CF54

Function 03F10F8C Relevance: 3.1, Strings: 2, Instructions: 594COMMON

Download Yara Rule

Strings

@, xrefs: 03F1160B
(, xrefs: 03F1189C

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID: ($@
API String ID: 0-1311469180
Opcode ID: 0579d05c5eaf4b7c737c27e99c08897e8941799159d57d12555c4f818f65a15d
Instruction ID: 16244e5d68ff6db1011f8a7f55f9a560358158daa8def302c64019260e64270c
Opcode Fuzzy Hash: 0579d05c5eaf4b7c737c27e99c08897e8941799159d57d12555c4f818f65a15d
Instruction Fuzzy Hash: 2152CE74E012198FDB60CF59D984A8EFBF2BF49311F19D1A9E508AB612DB30AD81CF54

Function 03F10941 Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 03F109E7
<, xrefs: 03F10A70

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q$<
API String ID: 0-4256100571
Opcode ID: b65792f28d5f4f655f8a481ee525815b8ec09e4c8b028cd0192be3c6dfd85817
Instruction ID: d8a1d9ea91ea56d1abf6f637b428087456c34b8a6b426ad9a4194aad3f864812
Opcode Fuzzy Hash: b65792f28d5f4f655f8a481ee525815b8ec09e4c8b028cd0192be3c6dfd85817
Instruction Fuzzy Hash: E5128C74E0122A8FDB60CF69D984B9EBBF1BB49305F1480E9E409AB251DB349AC1CF51

Function 03EDD820 Relevance: 2.9, Strings: 2, Instructions: 366
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`Q^q, xrefs: 03EDDAB6
`Q^q, xrefs: 03EDDAF3

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: `Q^q$`Q^q
API String ID: 0-4048626156
Opcode ID: d08147594d64483a8c3dd63e85f4f73f365b16f854315deeda55c9f845eef809
Instruction ID: 77bd94a862a0eeee2c4b04eba06ff7182561fbc3d48901f7cf8e00e324a6d5e3
Opcode Fuzzy Hash: d08147594d64483a8c3dd63e85f4f73f365b16f854315deeda55c9f845eef809
Instruction Fuzzy Hash: 3D02B674E01219CFDB54DFA9C980A9DBBF2BF49304F2092A9D409AB355DB70AE46CF50

Function 03F19348 Relevance: 2.8, Strings: 2, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 03F193AF
@ubq, xrefs: 03F19410

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q$@ubq
API String ID: 0-1482002812
Opcode ID: d9d33394c4942d0c5f726b4af0e834449b1eb959578ff51e080d92f564880bc8
Instruction ID: d727c3d4d190f3b4dec61da87daabea2c5b6d5f808e528c0daf7972605305110
Opcode Fuzzy Hash: d9d33394c4942d0c5f726b4af0e834449b1eb959578ff51e080d92f564880bc8
Instruction Fuzzy Hash: B4C10675E01219CFDB24DFA9E990B9EFBB2BF49300F2481A9D409AB251DB749D51CF40

Function 03ED4000 Relevance: 2.7, Strings: 2, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ec=, xrefs: 03ED42D4
]R, xrefs: 03ED401B

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: ]R$ec=
API String ID: 0-3903173408
Opcode ID: 35ed2acfe80a603861f9674962992ef4ee9c11d3c6e915e3b13bafd917f7d1be
Instruction ID: d95274e5380f9073aa9ad6c9d7f4c4b51f27cf2031061819285c5bfcfd83d6ac
Opcode Fuzzy Hash: 35ed2acfe80a603861f9674962992ef4ee9c11d3c6e915e3b13bafd917f7d1be
Instruction Fuzzy Hash: F6A12F75E10209DFDB08CFA5E941A8EFBF6BB89300F14D526D016EB2A4DB349946CF41

Function 03ED3FF7 Relevance: 2.7, Strings: 2, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ec=, xrefs: 03ED42D4
]R, xrefs: 03ED401B

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: ]R$ec=
API String ID: 0-3903173408
Opcode ID: 6e9db6ee48ee16bfdd5e5db09e81a60b5bff07ac369b6614165bcf1312dda869
Instruction ID: ee68c8bcd83184272e0f25e11c4f633cf49fadaa37b7e406a1b49f69e0e52073
Opcode Fuzzy Hash: 6e9db6ee48ee16bfdd5e5db09e81a60b5bff07ac369b6614165bcf1312dda869
Instruction Fuzzy Hash: 2CA11E75E10209DFDB08CFA5E941A8EFBF6BB89300F14D52AD016AB2E4DB349946CF41

Function 03ED8208 Relevance: 2.7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

Strings

cy/o, xrefs: 03ED8256
7x/o, xrefs: 03ED835A

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: 7x/o$cy/o
API String ID: 0-2589458744
Opcode ID: 04b4c4f18f411252d017023cc4f006659e890f323fdadea0a5ab02d8eb878470
Instruction ID: 017294cc58fa016d96c4924ee073084cb92a2dc77cdce72dd3d4dd44f5876eb4
Opcode Fuzzy Hash: 04b4c4f18f411252d017023cc4f006659e890f323fdadea0a5ab02d8eb878470
Instruction Fuzzy Hash: B461E574E5520E8FCF08CFA9D482AEEFBB2AF89310F149525D115FB354D2349A428F91

Function 03ED8207 Relevance: 2.7, Strings: 2, Instructions: 159COMMON

Download Yara Rule

Strings

cy/o, xrefs: 03ED8256
7x/o, xrefs: 03ED835A

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: 7x/o$cy/o
API String ID: 0-2589458744
Opcode ID: a144e9354743042ecd52493870c72a42a07afc9c3259725d0afc41fe88b93752
Instruction ID: d36efe4a583075dc9c619953bca1bd09d076191ec9a9bba7283e968ebf46fe0e
Opcode Fuzzy Hash: a144e9354743042ecd52493870c72a42a07afc9c3259725d0afc41fe88b93752
Instruction Fuzzy Hash: 4D51D574E5520E8FCF08CFA9D982AEEFBB2AF89310F149525D115BB354D2349A428F91

Function 03EB3880 Relevance: 2.6, Strings: 2, Instructions: 145COMMON

Download Yara Rule

Strings

1J[+, xrefs: 03EB3957
tz]+, xrefs: 03EB38F5

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID: 1J[+$tz]+
API String ID: 0-24436594
Opcode ID: 8cfaaa66fd68b4a547901673042df43a47a02c13dc011dc96e278d008cad7ea1
Instruction ID: a97635bb200c04a5c9e80c7f5f83091e2d46076563a8af0cee6658471a4385f0
Opcode Fuzzy Hash: 8cfaaa66fd68b4a547901673042df43a47a02c13dc011dc96e278d008cad7ea1
Instruction Fuzzy Hash: 0751E474E0421A8FCF08CFA9D4819EEBBF2AF88240F14962AD415BB354D7349942CF54

Function 03EB387F Relevance: 2.6, Strings: 2, Instructions: 138COMMON

Download Yara Rule

Strings

1J[+, xrefs: 03EB3957
tz]+, xrefs: 03EB38F5

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID: 1J[+$tz]+
API String ID: 0-24436594
Opcode ID: 39036e327f207a75a47c00f1a6cb561bdb7e0ace349aedd7361f4e645b43dba4
Instruction ID: 3be1979be594c2957c0dcaf7a9148a73d427353181ba689c5e0d7b471f49b1aa
Opcode Fuzzy Hash: 39036e327f207a75a47c00f1a6cb561bdb7e0ace349aedd7361f4e645b43dba4
Instruction Fuzzy Hash: 3451E574E0521A9FCF08CFA9D8819EEBBF2AF88250F14962AD415BB354D7349942CF54

Function 03F19338 Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

4'^q, xrefs: 03F193AF
@ubq, xrefs: 03F19410

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q$@ubq
API String ID: 0-1482002812
Opcode ID: 250e48b44bf24229d59c423d6805722f2c28ab8a88c3e84a1fe472703d06c8b8
Instruction ID: 2b2f99e27fff512ca2b10541f3c60c8ec8cae6c6844d5945595afb1f9c37a4ef
Opcode Fuzzy Hash: 250e48b44bf24229d59c423d6805722f2c28ab8a88c3e84a1fe472703d06c8b8
Instruction Fuzzy Hash: 13512C74E02219DFCB58CFA9D890ADEFBB2BF89300F2491A9E009A7255DB345D46CF50

Function 077CDB70 Relevance: 1.6, APIs: 1, Instructions: 111COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?), ref: 077CDC70

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 40fb76e9d37bacf70263518ccf837117c37c9912d56aab45c1166447d85435aa
Instruction ID: 9425eaa6830f3f31c4d8911cecc0902d6cf9eff984c9e546c8aeb9a3b98aafce
Opcode Fuzzy Hash: 40fb76e9d37bacf70263518ccf837117c37c9912d56aab45c1166447d85435aa
Instruction Fuzzy Hash: EB5179B4E003589FDB20DFA9C984ADDFBF5BB49310F20842AE418BB250D775A985CF54

Function 03F19F78 Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 03F1A006

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 0a3b9bcf46402315f8b667b01bcc6885d678ef2e4a8407a04b376c38985e102d
Instruction ID: ae077716a7d3dfceb18d64df34673386eda73b886ff2ac4c8df30ab4495921bd
Opcode Fuzzy Hash: 0a3b9bcf46402315f8b667b01bcc6885d678ef2e4a8407a04b376c38985e102d
Instruction Fuzzy Hash: CA31A9B5D012189FCF10CFA9D984ADEFBF1BB49310F20942AE818B7210C775A945CF94

Function 077C3E10 Relevance: 1.5, Strings: 1, Instructions: 263COMMON

Download Yara Rule

Strings

4'^q, xrefs: 077C3E34

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: a8861d8bc5602ae1612e5d080aa1682e410dea0cfbb46e9215528a6984915bad
Instruction ID: 8c84357ebdafb704f76de395cc8fccdfe24d232d772de94c134d3b8314a7c06a
Opcode Fuzzy Hash: a8861d8bc5602ae1612e5d080aa1682e410dea0cfbb46e9215528a6984915bad
Instruction Fuzzy Hash: 12B19DB0B14611DFC388DF34C994A2AB7A6EB89740F10D57E841E9F3A5CB35E845CB82

Function 077C3224 Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

4'^q, xrefs: 077C3E34

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: d40161a1e11d21fb454b6c2479b453fb67a6e16a02e994380a4fe093f4f2aa01
Instruction ID: 80ef63e8f8cf01356f2c9afdee754ad73b2a1b5408c18b06f97db0b6196c5472
Opcode Fuzzy Hash: d40161a1e11d21fb454b6c2479b453fb67a6e16a02e994380a4fe093f4f2aa01
Instruction Fuzzy Hash: A2A18CB0714611DFD388DF38C994A2AB7A6EB89740F10D57E941E9F3A4CB35E845CB82

Function 03EB3F68 Relevance: 1.0, Instructions: 958COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccad68c0e2d7e1db4bafeed45325ce5a616e1757708d91f2a70dd9fac8a391f5
Instruction ID: dab3c5eef9b7543db1b1c98fa135996c2edbc9a4649ed8bc85b557eb3b69f6aa
Opcode Fuzzy Hash: ccad68c0e2d7e1db4bafeed45325ce5a616e1757708d91f2a70dd9fac8a391f5
Instruction Fuzzy Hash: 23A28574A4121A9FCB65DF68D980ADDBBF2BF49300F1091E5D409AB365EB34AE85CF40

Function 03EDEAC0 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1463dc2358b9739549864f22b324a66618a0294f0f37b0980e92e8b69c28fbd
Instruction ID: df7ec6d42cd5b081f1c5e443be13a29aefd3096033c569dba6b269470da0e832
Opcode Fuzzy Hash: b1463dc2358b9739549864f22b324a66618a0294f0f37b0980e92e8b69c28fbd
Instruction Fuzzy Hash: 68E1A475E452198FCF04CFA9C981ADEFBF2BF89304F24A525D406FB254D738A9428B64

Function 03EDEAB9 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd16db92915d1187b4dd429ed2d80bda85dc903e14158c62d2bec293dc2935fa
Instruction ID: 4408f2c6bcecc85b96a98407235adacde950c6c42d99e5628bce8d4520228d8b
Opcode Fuzzy Hash: dd16db92915d1187b4dd429ed2d80bda85dc903e14158c62d2bec293dc2935fa
Instruction Fuzzy Hash: 64D1C675E452198FCF04CFA9C981ADEFBF2BF89300F24A525D406FB254D738A9428B64

Function 03ED7D48 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44990d5ff5c2433563de322a06a03ae3209ff75ef906ce11694307ef60533fff
Instruction ID: f0ac61b68fd020a6c1f7df9fa517d5b71fd08fc210e24929b2b4dc321df23217
Opcode Fuzzy Hash: 44990d5ff5c2433563de322a06a03ae3209ff75ef906ce11694307ef60533fff
Instruction Fuzzy Hash: FDE1C775E41209EFCB14CFA9D88199DFBB2BF89300F649669E409E7354DB30AA85CF41

Function 03ED1729 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1b1082c4aa85c622c5bf2434a235155af0e2c68f3422b7a6c7e1e4390e25760
Instruction ID: 97ecfa684491537502b7d7fa63a70f5aaabcb30ef9747d12ed1bc50b519eeb02
Opcode Fuzzy Hash: d1b1082c4aa85c622c5bf2434a235155af0e2c68f3422b7a6c7e1e4390e25760
Instruction Fuzzy Hash: 26D12C34A00309DFDB54DFA5C944BADBBF2BF44308F199259D409AF2A5DB74E946CB80

Function 0D5D3084 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c96fa7f153e144972c6ad4d66f49c4dc218b0a7c4727271aef2949e59023bd0
Instruction ID: 40fcf5bacd29c5b995f24702ee2597fb8afe24fb74d55e25fb0e2ef6d79292df
Opcode Fuzzy Hash: 3c96fa7f153e144972c6ad4d66f49c4dc218b0a7c4727271aef2949e59023bd0
Instruction Fuzzy Hash: 79D14C74A10219CFDB65DF28C844BAAB7B6FF89300F1085A9D909AB260DB71DE85CF51

Function 0D5D75D0 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8242979afc2fab2763333b44d7812e68c7f206780768384e2146f5318f9b9d
Instruction ID: 9486011b4d3950ce90d35051ac1e3d9c0dd92bc7dbda1ea2320448548f391a90
Opcode Fuzzy Hash: 2b8242979afc2fab2763333b44d7812e68c7f206780768384e2146f5318f9b9d
Instruction Fuzzy Hash: 34D15C34A14719CFDB65DF28C840BAAB7B6BF89300F1085E9D809AB261DB71DE85CF51

Function 03F18B01 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e035d3adeb499eabe6ad72a5ec88a3699c29b81c8115d0a0a016d1ce2f5b153d
Instruction ID: 9e78d62950dfc723ec556dfb0fce74224137088a2e9d08e3c57302a9e0f6ff2c
Opcode Fuzzy Hash: e035d3adeb499eabe6ad72a5ec88a3699c29b81c8115d0a0a016d1ce2f5b153d
Instruction Fuzzy Hash: 5DC138B4E0510A9FCB04CFA9D5819AFFBF2BF88340F28D525D416AB744D738A8528B64

Function 03E74ABA Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6590a2270d8683cb42e5d2ed3213e4b7c81671b27ba077ca13e68cf2dd17e79d
Instruction ID: 9b242ee4cea7d065dbdabd3167a36b9162cdc04e9c5fcf493f7dcdbc3ad1f5a1
Opcode Fuzzy Hash: 6590a2270d8683cb42e5d2ed3213e4b7c81671b27ba077ca13e68cf2dd17e79d
Instruction Fuzzy Hash: 7FC17A35E002589FDF14CFA9C88079DBBF2AF89314F18D2AAD449AB295DB30D985CF51

Function 0D5D490F Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23a5526601d4f0eb3f3c562c7e7274a19ef0dcd80d10865780b91d7ffd7a5df2
Instruction ID: 0d05b85cfef92f1d4062af3a3693917c3bf6c0330149d775ed6834e88fa8a3d5
Opcode Fuzzy Hash: 23a5526601d4f0eb3f3c562c7e7274a19ef0dcd80d10865780b91d7ffd7a5df2
Instruction Fuzzy Hash: FED1E93591061ACFCB65DF58C884AD9F7B1FF99300F1586EAE949AB211D770AAC0CF90

Function 0D5D494A Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f3d7acb9c8598dee53995a5f1c7870e3a1918965404318e11615f9c3c89d537
Instruction ID: 84e675a2a2d316aaef9b1fb398e7086ae17a3e5a9d123994276394eb36a009dd
Opcode Fuzzy Hash: 0f3d7acb9c8598dee53995a5f1c7870e3a1918965404318e11615f9c3c89d537
Instruction Fuzzy Hash: 65D1F83590061ACFCB65DF58C884AD9F7B1FF99300F1586DAE949AB221D770AAC4CF90

Function 03EB3F67 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96c1ccf1c6e70e74f5283d3a3b2c0875d04ec84328a7eb064a085b93e1b34019
Instruction ID: 12c5666677abd0365522bef411fff4b4a7ae70fdc3fecbceaf5515e570735e59
Opcode Fuzzy Hash: 96c1ccf1c6e70e74f5283d3a3b2c0875d04ec84328a7eb064a085b93e1b34019
Instruction Fuzzy Hash: C2B1A374E002199FDB54DF69D984ADDBBF2BF89300F1092A9D409AB365DB34AE85CF40

Function 03EB4E1A Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ef493e6ee5fd0ebbe6791b7ca1fcb3ce6975f6e119753702ebba36e141775a4
Instruction ID: de6df423858457c54891a26fc3b8cdcf279db41a73d6888a5c45700621d4f6da
Opcode Fuzzy Hash: 1ef493e6ee5fd0ebbe6791b7ca1fcb3ce6975f6e119753702ebba36e141775a4
Instruction Fuzzy Hash: 81A17474A4122A9FCB65DF68C984ADDBBB1BF49300F1091E5D409AB365DB34AE85CF40

Function 03F11FB9 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc57b88ac2346d75ed04b0790c3e75f90b7bfa58d84679f1be57340e70b9c729
Instruction ID: 4a2609aaa8aa10ee3d7dfc9c3f659382ee8a2faae45a4c9a873a03419097c386
Opcode Fuzzy Hash: dc57b88ac2346d75ed04b0790c3e75f90b7bfa58d84679f1be57340e70b9c729
Instruction Fuzzy Hash: 2E813875E052199FCB68CF69D9407CAFBF2AF89310F04D4EAD548AB224DB309A91CF41

Function 03F11FC8 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa1ab24d767f4e852a4fbcf1e4f728bcab45a6fbcaa1f070078a5cc3b7c2746c
Instruction ID: 6034316eef1b2532d09ffbae872f7fa38fdb1683b1b6b3f40bb6249cc8d46c94
Opcode Fuzzy Hash: fa1ab24d767f4e852a4fbcf1e4f728bcab45a6fbcaa1f070078a5cc3b7c2746c
Instruction Fuzzy Hash: 20812975E052299FDB64CF69D94078EFBF2AF89310F04D4EAD548AB224DB309A91CF41

Function 0A93DD81 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3966286bb0a1f0fc786bb53cfcaed06973e4bc45f1c2b9e6d0c222070eef898
Instruction ID: cea54cb7980ad4a9101c9eb84d1a7bb600a4cde51999839b6cb699eaaa872b2d
Opcode Fuzzy Hash: a3966286bb0a1f0fc786bb53cfcaed06973e4bc45f1c2b9e6d0c222070eef898
Instruction Fuzzy Hash: E4817E35E14619DFDB10CFA4C8906AEBBF6FF48300F24882AE819AB751D735D946CB51

Function 0914D5F0 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2052172698.0000000009130000.00000040.00000800.00020000.00000000.sdmp, Offset: 09130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9130000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f334bc5ad5f021c629d73e697610ff22b85638f9aa09a535ae440159025a513c
Instruction ID: 4aecede75b5a8df3b8de5b65b588ae03eb79d161a366e72e409dd05f59607b12
Opcode Fuzzy Hash: f334bc5ad5f021c629d73e697610ff22b85638f9aa09a535ae440159025a513c
Instruction Fuzzy Hash: DD610870B082019BEB489E3CD55176ABA96FBC8744F41853A950ECF3D5CBB9EC108BD2

Function 03EB1A88 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 023fb8378868fda8ea10764a66c57346991a6d002e0062ce5bd7587e7960f1c1
Instruction ID: e6d836ba8c9636fbfa2d66a876e6e89b3ea24012dcefd7e7b39c02c995d5cb6f
Opcode Fuzzy Hash: 023fb8378868fda8ea10764a66c57346991a6d002e0062ce5bd7587e7960f1c1
Instruction Fuzzy Hash: BF61E674E0421ACFDB14CFA9C891AEEBBB2BF89210F149569D419BB340E7389942CF55

Function 03ED6F69 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eda9bdf1f5f06ca76967ec26c9b080a49b2e1de103994da8462aba93aeb549a
Instruction ID: 6ef38df3cf2b93b6a7da1c32d939d736e7530b9e201ed2295d7e7a59f2aebee5
Opcode Fuzzy Hash: 8eda9bdf1f5f06ca76967ec26c9b080a49b2e1de103994da8462aba93aeb549a
Instruction Fuzzy Hash: 64510C74E4010A9FCB04CFA8D9819EEFBB6BF89300F649665E415BB314D730AA56CF91

Function 03ED6F70 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ee5454dcbf9d30155a81eb42fce6c2f09f1c246e299c71c28812554e8495655
Instruction ID: e8b9c0c5c7c24758d07728654594cbf0990c1ccde742daaa9f66f153ed3d038e
Opcode Fuzzy Hash: 1ee5454dcbf9d30155a81eb42fce6c2f09f1c246e299c71c28812554e8495655
Instruction Fuzzy Hash: C0510C74E4010A9FCB04CFA8D9819EEFBB6BF89300F649665D415BB314D730AA56CF91

Function 0D5D8EC0 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f84e6378498a09ba0cee813b135a585d729b62401ea445b74aaf47422d913a8
Instruction ID: 834d45aecace80aa02bb9591367d994f531fb0e0c8427487f5838f2fb6069145
Opcode Fuzzy Hash: 4f84e6378498a09ba0cee813b135a585d729b62401ea445b74aaf47422d913a8
Instruction Fuzzy Hash: B7518A74E05259DFCB58CFA8D8806AEBBB6FF88300F64842AE905E7250D7359D01CBA1

Function 03EB1A80 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b25d38a70122d594ec7bbb9b9ef682b780f0ad69576bca539a42550e83b01c
Instruction ID: 1e8c1600889ce2d998f2690291e1eb9a0be76083cf2181f400891ed040479b50
Opcode Fuzzy Hash: 67b25d38a70122d594ec7bbb9b9ef682b780f0ad69576bca539a42550e83b01c
Instruction Fuzzy Hash: D4510774E0421ACFDB14CFA5C890BEEBBB2BF89210F149669D419BB340E7385942CF51

Function 03F19D74 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48819c31705ea1257daf32c659deae04de36f999af4bc2a7bc9d74f57e8e7f15
Instruction ID: 2ea6b9b7d682a9ab0e517040a242f47b787110c56786d5013709b841fb5c67ea
Opcode Fuzzy Hash: 48819c31705ea1257daf32c659deae04de36f999af4bc2a7bc9d74f57e8e7f15
Instruction Fuzzy Hash: E4510374D002199FDB24CFA9D894BDEFBB1BB09304F249129E415BB250DBB89845CF95

Function 0D5DD3C3 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5db456f70cc156907ca45315bdfa13b10a2c33ca36032658d355581d8a0cddac
Instruction ID: 3d85a6252031e602c633c14cc5bf9320ed1083adac87aaf9f4a721b902555921
Opcode Fuzzy Hash: 5db456f70cc156907ca45315bdfa13b10a2c33ca36032658d355581d8a0cddac
Instruction Fuzzy Hash: 47512A74E102589FCF58DFA8D8906AEBBB6FF88300F10842AE905EB354D775D942CB95

Function 03F18F7C Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c85710b406b5ebca676231865e3b06a2ef59d49d704e45110f1b874171cc336
Instruction ID: f470781d9b21b091217b404a3bf7d9ed8e4defe00735a846c6de2f01b92fe58e
Opcode Fuzzy Hash: 6c85710b406b5ebca676231865e3b06a2ef59d49d704e45110f1b874171cc336
Instruction Fuzzy Hash: 655101B0D002599FDB24CFA9D894B9EFBF1BB09304F24912AE415AB250DBB89845CF95

Function 03EB1CDA Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5217efa2e3d1bae7debd2b06a9c477d5c389d4b63f626b1958fed0a43bd3b78
Instruction ID: e8546d42cba7e22966a6d090c8708fd15a11022b115e1c2e6cc4dc168904f1e2
Opcode Fuzzy Hash: b5217efa2e3d1bae7debd2b06a9c477d5c389d4b63f626b1958fed0a43bd3b78
Instruction Fuzzy Hash: 4A51D674E0421ACFDB54CFA4C891AEEBBB2BF89210F149569D419BB341D7389982CF50

Function 03EB1E2F Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6fe7386d3320b6c365d2c853a1af018067b734f8b53c21ed044643391468de3
Instruction ID: 4f2322cd1e1f66bfad54bcd712e58ff31eaae4f98c02d26f7db7bb860b283465
Opcode Fuzzy Hash: c6fe7386d3320b6c365d2c853a1af018067b734f8b53c21ed044643391468de3
Instruction Fuzzy Hash: A451F5B4E0421ACFCB14CFA8C890AEEBBF2BF89214F14956AD415BB341E7389941CF14

Function 03EB1BB4 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a4c38e6e2f1d4144f200252a739772dbb377d956ee31ad2eef4352fe2b527f
Instruction ID: 5bf9625edce279f9f33911d048c3eae717553272a8ba5fd7b08f29ae5b43d1cb
Opcode Fuzzy Hash: 37a4c38e6e2f1d4144f200252a739772dbb377d956ee31ad2eef4352fe2b527f
Instruction Fuzzy Hash: 8551C0B4E1521ADFCB54CFA8D890AEEBBB2BF89210F14956AD419F7350E7389941CF10

Function 03EB1B4A Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc430b2a18cc742b0f4a1f87986a1f74c268b53ad6d3d5389cd80098533f8c24
Instruction ID: 389aeb780deb71766eb366be4a983d04973224218e06f7af27d9ceff2ac788fd
Opcode Fuzzy Hash: cc430b2a18cc742b0f4a1f87986a1f74c268b53ad6d3d5389cd80098533f8c24
Instruction Fuzzy Hash: 0951E874E0421ACFCF14CFA4C891AEEBBB2BF89211F149669D415BB344E7389942CF54

Function 0D5D8EF0 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f95f8b8b6b4eb5002a168984bd142e7403f2931b30611214e306ed9bd3b97d2d
Instruction ID: d1e3787b7da857e210d9530aff2c390f7081befcc8268a5283655bb4ef1d5dc5
Opcode Fuzzy Hash: f95f8b8b6b4eb5002a168984bd142e7403f2931b30611214e306ed9bd3b97d2d
Instruction Fuzzy Hash: 24412974E11259DBCB58DFE9D8805AEBBBABF88300F60842AE905A7350D735DD01CBA5

Function 0D5DD3D8 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1993f52e593c14037de0e45598d113c80ebeb0ed96bc8d6ae62962122fd05bc
Instruction ID: cf1169cdbff95d65d9f7ad2d78cc900daf5e92b8b9aac4f6db6195dbd15cf337
Opcode Fuzzy Hash: e1993f52e593c14037de0e45598d113c80ebeb0ed96bc8d6ae62962122fd05bc
Instruction Fuzzy Hash: 3E413A74E102589BCF58DFE8D8805BEBBB6FF88300F10842AE905E7254D775D942CB95

Function 03ED8C11 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378326d002d4e6da05b6d41a4cbfb55bd3957c8877464254c7b1f1584115cdc7
Instruction ID: 7f54ea7340487ebe54398b30b1e923252abca22d466901d86646fcd37d4068c3
Opcode Fuzzy Hash: 378326d002d4e6da05b6d41a4cbfb55bd3957c8877464254c7b1f1584115cdc7
Instruction Fuzzy Hash: E4511574E16609EFCB04DFB8E98589EFBF2FF89300F209665E016B7254D730AA51CA41

Function 03EB1B7E Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5427a9f5f7bfcc22c8e2650446a8d9ff2127e6a067ad31b7b88a6527a1c105af
Instruction ID: 06ee23de5db3336796ba3907bb9e255f403a08db0ad88fb98b0ce6cc3dd6bcd6
Opcode Fuzzy Hash: 5427a9f5f7bfcc22c8e2650446a8d9ff2127e6a067ad31b7b88a6527a1c105af
Instruction Fuzzy Hash: D751C7B4E1421ACFCF14CFA4C891AEEBBB2BF89210F149569D419BB350E7389941CF55

Function 03EB1B2F Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8ec9a3179e6897974231e26cd0c0882b7e591f45ad7d39940b9cb76786fb2d5
Instruction ID: 5d605a2c1cd20e9f3da1a93ba669062409db58d475aa0581efb6e2380c9f55e2
Opcode Fuzzy Hash: a8ec9a3179e6897974231e26cd0c0882b7e591f45ad7d39940b9cb76786fb2d5
Instruction Fuzzy Hash: 1441C5B4E1421ACFCB14CFA4C891AEEBBB2BF89210F149569D419BB350E7389941CF55

Function 072CB150 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a99130b0daa50ad37e6fe0d0b29227e35de33b3525874078f9ea74c136053ca8
Instruction ID: 33efd23583e54345b63dad47baf1672e6f3a4b32918710bb0952de2fd03c0640
Opcode Fuzzy Hash: a99130b0daa50ad37e6fe0d0b29227e35de33b3525874078f9ea74c136053ca8
Instruction Fuzzy Hash: 9241BBB4D11208DFDB20DFA9D585BDEBBF0AB09304F20902AE418BB264D7759945CF94

Function 072CB3FE Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d3d53ef21b394c6c29c929b8c35610e591885d6860bfd7a34861097a54b236
Instruction ID: d5c280d4c8dc34bf46cb0a3e9fef3df64692ff893f93741049156d2cf8050231
Opcode Fuzzy Hash: a9d3d53ef21b394c6c29c929b8c35610e591885d6860bfd7a34861097a54b236
Instruction Fuzzy Hash: 1F41A9B4D112089FDB20DFA9D585BDEFBF0AB09310F20902AE418BB264D775A985CF59

Function 072CBBEC Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29f731c14d71c9744242a1e853441d39946a82c1f07f4d4e163528415fa18910
Instruction ID: 76feed634b9107290a602bef8f663818f669a7404c247eb5b3d3ea7ea4980a1c
Opcode Fuzzy Hash: 29f731c14d71c9744242a1e853441d39946a82c1f07f4d4e163528415fa18910
Instruction Fuzzy Hash: E821A4B4D1020ADFDB14CFA9D4856EDBBB1BB59320F20E229E824B7294D7348645CF58

Function 03E70F1D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7d1951e8ba366a737a82ce0948f8bd374f0c6d0b02466d07bf6f599f5d2196
Instruction ID: 246ca147d6a5dd11f5a0fc4c51f603f3e84f9361225455372f07b4f538df251e
Opcode Fuzzy Hash: be7d1951e8ba366a737a82ce0948f8bd374f0c6d0b02466d07bf6f599f5d2196
Instruction Fuzzy Hash: D62190B4D01208DFDB08CFAAC444AEEFBB1AB4A310F14E129E824B7250D7349941CF54

Function 03E70F28 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9298ff7324097a4df879c4b4c7df835e6c2af4fab345767751a3e2564b8a42cd
Instruction ID: 0bc58edcee4f530b7b7c4e2b864c3835540b7f3e30d531ea86208f701fc4fb86
Opcode Fuzzy Hash: 9298ff7324097a4df879c4b4c7df835e6c2af4fab345767751a3e2564b8a42cd
Instruction Fuzzy Hash: 00218EB4D00208DFDB48CFAAC444AEEFBF1AB49314F14E229E824B7250D7349941CF98

Function 072CBBF8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43622699d1d0bb9e194cbab0f0433cee9af6f279569bf12bd47d5f0005a4dd46
Instruction ID: 58132b2e2f5fbed4c39cc3a4538f46602fa33193f54c89848b897f5df7988ae8
Opcode Fuzzy Hash: 43622699d1d0bb9e194cbab0f0433cee9af6f279569bf12bd47d5f0005a4dd46
Instruction Fuzzy Hash: D5219FB4D10209DFDB04CFAAD4856EEBBF1AB59310F10E22AE824B7250D7349A45CF98

Function 072CBB24 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4090a3d45dafe80197db81f010b18f24ae3159eef997d1ac2a1e5763e335cf69
Instruction ID: ff93ae517bd7882fe2c350658d0716670d4b513f545ce7d01dbf629912150d47
Opcode Fuzzy Hash: 4090a3d45dafe80197db81f010b18f24ae3159eef997d1ac2a1e5763e335cf69
Instruction Fuzzy Hash: 5B01B6B5D142099F8F04DFA9D8414EDFBF2AF5A320F14A22AE814B3350E73559518FA8

Function 072CBB30 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
Instruction ID: 0f04b25ccd3b30a497bfe733ae073ebd7fa42a6d966708e7900ba1d5dcfe53a9
Opcode Fuzzy Hash: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
Instruction Fuzzy Hash: AAF042B5D1520C9F8F04DFA9D9418EEFBF2AB5A310F10A16AE814B3314E73599518FA8

Function 03E705A0 Relevance: 2.8, Strings: 2, Instructions: 305
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 03E707E4
Hbq, xrefs: 03E7072E

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 3564a3aaa30fb075656706acd327d5e279f6a99852ebc8d4d0a15c4b6c4fa5a4
Instruction ID: c9458366d757fe796535449495980faaf17b3c9308e355ff41d8ad669c842193
Opcode Fuzzy Hash: 3564a3aaa30fb075656706acd327d5e279f6a99852ebc8d4d0a15c4b6c4fa5a4
Instruction Fuzzy Hash: 07B14870E002188FDB14DFA8C8547AEBBB6BF89304F24856AD406AB394DF749D46CF55

Function 0D5D71DC Relevance: 2.7, Strings: 2, Instructions: 204COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5D827B
Hbq, xrefs: 0D5D82A7

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 7f1300db7ed21ac20f35dd32390d64c25fdb438d9cec3b822d9920bfdcbcc407
Instruction ID: cc270ff3bc53e2989ebaf4b14b7ed2c6e2b6741ee0c904d54631299b5ed46033
Opcode Fuzzy Hash: 7f1300db7ed21ac20f35dd32390d64c25fdb438d9cec3b822d9920bfdcbcc407
Instruction Fuzzy Hash: B0719230A106499FCB09DFA8C854AEDBBB6FF98740F108169E506AB394DF349D46CB91

Function 072CC110 Relevance: 2.7, Strings: 2, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 072CD5B9
(bq, xrefs: 072CD686

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 168fabf88408f95715a90f83a2cd828230b53c41b5ec6d5013cfde573a7ce5d3
Instruction ID: 40accd1da84e3b6e7dd9d98897cf001a000929e87386b04db49f11eab5a7b10f
Opcode Fuzzy Hash: 168fabf88408f95715a90f83a2cd828230b53c41b5ec6d5013cfde573a7ce5d3
Instruction Fuzzy Hash: A861C0B4F102199FCB04DFB9D8506AEBBF5EF99310F2085AAD805E7351DA349D028BA5

Function 072CF0D0 Relevance: 2.7, Strings: 2, Instructions: 202COMMON

Download Yara Rule

Strings

Hbq, xrefs: 072CFBAB
Hbq, xrefs: 072CFC02

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: 09ad540cd4821bc690d8adc6510805dfa2d7f826cd65b8c865328fd1935dd992
Instruction ID: b522421da1756fea41ec34452190fd9d62460206e0223f218a3acd722e11d47d
Opcode Fuzzy Hash: 09ad540cd4821bc690d8adc6510805dfa2d7f826cd65b8c865328fd1935dd992
Instruction Fuzzy Hash: 447188B5E002499FCB14DFA9D494AAEBFF2FF99300F14846AD409AB350DB349906CF91

Function 0D5D84A0 Relevance: 2.6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5D85DD
_, xrefs: 0D5D84FF

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq$_
API String ID: 0-2486193040
Opcode ID: 580052147966880f8abae2b833e8101d19d3ebee488a0eb795294db76b6bf89c
Instruction ID: ac2fbc8d37f1c74e24f153963e5c1979a7bc15788ebe5764e16463b12a2eed95
Opcode Fuzzy Hash: 580052147966880f8abae2b833e8101d19d3ebee488a0eb795294db76b6bf89c
Instruction Fuzzy Hash: 7B518E31E00214DFDB69DF6DD8546AEBBB2FF84300F248569D805AB2A2DB71EC45CB90

Function 03ED7618 Relevance: 1.7, Strings: 1, Instructions: 443COMMON

Download Yara Rule

Strings

a^q, xrefs: 03ED78A3

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: 5e75a4f7a545fd265cb60241e31d5ab5c03f6069143a54d751717a76ba99cce2
Instruction ID: c706f61e160fd2fa039e5dee3dada43d429418586064bab0d20c868778a2fbc5
Opcode Fuzzy Hash: 5e75a4f7a545fd265cb60241e31d5ab5c03f6069143a54d751717a76ba99cce2
Instruction Fuzzy Hash: D312C474E01218DFCB54DFA8D890A9DBBB2FF89310F108599E809AB355DB30AD86CF51

Function 03ED760F Relevance: 1.7, Strings: 1, Instructions: 415COMMON

Download Yara Rule

Strings

a^q, xrefs: 03ED78A3

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: eeeaf4ebd7c0d5326cb366a0503f3ebf4dbc24a32b2a2842533053e3f5ea56bc
Instruction ID: 5e8c666b628cec6916c1583e01dc028bdea44196011f1f703166a746949f4fa8
Opcode Fuzzy Hash: eeeaf4ebd7c0d5326cb366a0503f3ebf4dbc24a32b2a2842533053e3f5ea56bc
Instruction Fuzzy Hash: AB12D674E01218DFCB54DFA8D890A9DBBB2FF89310F108599E809AB355DB31AD86CF51

Function 03F1B3BC Relevance: 1.7, APIs: 1, Instructions: 157COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 03F1B4B9

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: bae16fdc0845ab70521403fe036bcc6f0f83738d431002ce6611106bfcbd0bb4
Instruction ID: 5b04f728581fd4ddf6f9ef06de639552238417669af2ba9b46ad0cff8f743f95
Opcode Fuzzy Hash: bae16fdc0845ab70521403fe036bcc6f0f83738d431002ce6611106bfcbd0bb4
Instruction Fuzzy Hash: D851F671D00219DFDB20CFA9D840BDEBBF5AF49300F2480AAD549BB250DB756A89CF91

Function 0A93B0B1 Relevance: 1.6, APIs: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 0A93B1B3

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 3e4236235561090d36fd99dc92f662abae169728d91334b559c9b4339c4cfb0f
Instruction ID: 7f906df193a1158d2f6f54062224ed93e7da102294d2449a050446437de75a6d
Opcode Fuzzy Hash: 3e4236235561090d36fd99dc92f662abae169728d91334b559c9b4339c4cfb0f
Instruction Fuzzy Hash: 535167B5D012589FDB10CFE9D584ADEFBF1BB09310F24902AE918BB225D335A945CF54

Function 0A93B0B8 Relevance: 1.6, APIs: 1, Instructions: 126COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 0A93B1B3

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: fbd06ad3f229fc65a49914f657e2e4120dfa60002e2d55377f0577b2a1515354
Instruction ID: 754a85119f8f9ed1ab8e878ad039899bfdc9506e74c2e90d2328d64db492f270
Opcode Fuzzy Hash: fbd06ad3f229fc65a49914f657e2e4120dfa60002e2d55377f0577b2a1515354
Instruction Fuzzy Hash: B15156B9D002589FDB10CFE9D984ADEFBF5BB09310F24902AE918BB225D335A945CF54

Function 03F19160 Relevance: 1.6, APIs: 1, Instructions: 126COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 03F1B4B9

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 61bd15d666b2335c2068cd6709aa46ddb4574a2731c4ccb2c8ffa14d017434e9
Instruction ID: d1eb12f25bf50dc3fcdb3b5eb0f4d8800b584f163aa987085b16374ff59df16f
Opcode Fuzzy Hash: 61bd15d666b2335c2068cd6709aa46ddb4574a2731c4ccb2c8ffa14d017434e9
Instruction Fuzzy Hash: 9451C3B1D00219DFDB20DFA8C940BDEBBF5AF49304F1080AAD509BB255DB756A89CF91

Function 0A93FE00 Relevance: 1.6, APIs: 1, Instructions: 108registryCOMMON

Download Yara Rule

APIs

RegisterDragDrop.OLE32(?,?), ref: 0A93FEDF

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID: DragDropRegister
String ID:
API String ID: 1555377906-0
Opcode ID: 7e7dfad9ef1589c615ce6ae49da6ce7802fbcf644969e5fe8656e5a1f01829c5
Instruction ID: 08dd79387cb347122f7bbd057b7e6bba79622b430c4da18b89c8b216ef4835f1
Opcode Fuzzy Hash: 7e7dfad9ef1589c615ce6ae49da6ce7802fbcf644969e5fe8656e5a1f01829c5
Instruction Fuzzy Hash: 294102B4E043489FCB11CFA9C884ADEBFF5AF4A300F24846AE804AB361D7759885CF55

Function 03F11A68 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 03F11B17

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: dce9785aaefead33626ac017707c921093c62b5908e045230e7b5a94258efcb6
Instruction ID: b63bed705f0e335c0e9a6bf3a31379f0ad9e59ad16a283f47f98a9d0a6e28097
Opcode Fuzzy Hash: dce9785aaefead33626ac017707c921093c62b5908e045230e7b5a94258efcb6
Instruction Fuzzy Hash: 703198B9D04258DFCB10CFA9E884AEEFBB1AB19310F24906AE854B7310D375A945CF64

Function 077CA950 Relevance: 1.6, APIs: 1, Instructions: 97windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 077CBBFB

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 2490bef4e67e3094ef9347da3acc53808f2be3973a86c1200c6519e1706aa540
Instruction ID: a460cc9ebaf0f9ac3873344ab23ec894282dd605cb6d6e4f371b31472f2c04c9
Opcode Fuzzy Hash: 2490bef4e67e3094ef9347da3acc53808f2be3973a86c1200c6519e1706aa540
Instruction Fuzzy Hash: 9A31AAB9D04258AFCB10CF99D584ADEFBF4EB49310F20906AE818B7320D774A945CFA4

Function 03F11958 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 03F11A07

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c755f0a32ee2451dcb955bc73edd47819b6da8dfa5933ce5c4b651eaba9cec5d
Instruction ID: 4d01f3db6996f6f3e124baea1c5f4a624e95162d2de5b9cce9ee173a3ef4b937
Opcode Fuzzy Hash: c755f0a32ee2451dcb955bc73edd47819b6da8dfa5933ce5c4b651eaba9cec5d
Instruction Fuzzy Hash: F03197B9D04258DFCB10CFA9E584AEEFFB1BB19310F24902AE854B7210D375A945CF64

Function 0A93FE1C Relevance: 1.6, APIs: 1, Instructions: 94registryCOMMON

Download Yara Rule

APIs

RegisterDragDrop.OLE32(?,?), ref: 0A93FEDF

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID: DragDropRegister
String ID:
API String ID: 1555377906-0
Opcode ID: 01c9518060d1564ba3662ed613a49c2dc245613b9635325acd395bb9c390766f
Instruction ID: 0fadd56a2fa12ea00569b20f43d811dfb17bfa482a1c030202bbc87ad8112fc1
Opcode Fuzzy Hash: 01c9518060d1564ba3662ed613a49c2dc245613b9635325acd395bb9c390766f
Instruction Fuzzy Hash: 9341BBB5E002489FDB14CFA9C484ADEFFF5AF49304F24906AE814AB360DB759885CF54

Function 03F11A70 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 03F11B17

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a71329cd6b02a25aa106f763686b33a599ed1df07992d21aeb05722283caade4
Instruction ID: e9c6e05c54d545accc28abb94ec9a6aa4dda42ffaafe4e96fed872e053419674
Opcode Fuzzy Hash: a71329cd6b02a25aa106f763686b33a599ed1df07992d21aeb05722283caade4
Instruction Fuzzy Hash: F43177B9D04258DFCB10CFAAE984ADEFBB5BB19310F24902AE814B7310D775A945CF64

Function 03F11960 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 03F11A07

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 1a8c299a6779d2bdd9d183dfa7c31548a2c9b30ceb6106c723903d9ed8e81cbc
Instruction ID: ffdef75007aa288d30e7401487b08d8bdb56f830b24bebd714d9b23cb9ccd381
Opcode Fuzzy Hash: 1a8c299a6779d2bdd9d183dfa7c31548a2c9b30ceb6106c723903d9ed8e81cbc
Instruction Fuzzy Hash: 773188B9D04258DFCB10CFA9E584ADEFBF5BB19310F24902AE814B7210D775A945CF64

Function 077CA96C Relevance: 1.6, APIs: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 077CBBFB

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 676f7406477aad84810e425c348c2df956d5d11bb90d9f167002133ca34a1681
Instruction ID: cd17eaddf8b27cb27d523e9d1fa682b2edb8c3868dd71c3b644161075ee98b71
Opcode Fuzzy Hash: 676f7406477aad84810e425c348c2df956d5d11bb90d9f167002133ca34a1681
Instruction Fuzzy Hash: 703188B8D04258EFCB10CF99D584ADEFBF4AB49310F24902AE814BB320D775A945CFA4

Function 03EBA858 Relevance: 1.6, APIs: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 03EBA8F3

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d11ca6780f13ddc70997a86abbd261545b14e4d1b5219465f11e6224c844cfcb
Instruction ID: 92653526aaeec5b47056958a95322aaf4fd3cd0939b0bae3d110e211b4a0194f
Opcode Fuzzy Hash: d11ca6780f13ddc70997a86abbd261545b14e4d1b5219465f11e6224c844cfcb
Instruction Fuzzy Hash: 9B3186B9D04258DFCB10CFA9E584ADEFBF4AB09310F24906AE854B7310D375AA45CF64

Function 03EBA854 Relevance: 1.6, APIs: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 03EBA8F3

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d0fa1b1c98daf8a73d2c278696f3450b041455972b88f2c950bcf8377f1010c5
Instruction ID: 362e1bce114b64a9e38015925a834cf6c8792d455863fb94047882071cca93d0
Opcode Fuzzy Hash: d0fa1b1c98daf8a73d2c278696f3450b041455972b88f2c950bcf8377f1010c5
Instruction Fuzzy Hash: F43197B9D00258DFCB10CFA9D584ADEFBF0AB09320F24916AE824B7360C335A945CF64

Function 077CA439 Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 077CA4DE

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 793850546a64192d2da891044899e51b88edfb2903c4f6e2a58bd0a13899005b
Instruction ID: f2f5e9fe15399853e31135340e0e67e2bbff2bf86b0d9d6208ab24e28be3d035
Opcode Fuzzy Hash: 793850546a64192d2da891044899e51b88edfb2903c4f6e2a58bd0a13899005b
Instruction Fuzzy Hash: A431DDB5D01219DFCB10CFA9D844ADEFBF5BB49310F14806AE844B7210D334AA85CF54

Function 0A93FE28 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegisterDragDrop.OLE32(?,?), ref: 0A93FEDF

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID: DragDropRegister
String ID:
API String ID: 1555377906-0
Opcode ID: a0792212b34fb90768ae254500956fbbb522ba7b99a924a6a3776cd4e1550d1e
Instruction ID: afb047a8e6c5df29db49c232d3c95727bfc47acbd0e1dcced7654117224802de
Opcode Fuzzy Hash: a0792212b34fb90768ae254500956fbbb522ba7b99a924a6a3776cd4e1550d1e
Instruction Fuzzy Hash: 6D31CBB5D002489FDB14CFA9C884ADEBBF5AF49300F20906AE818AB260D7759885CF54

Function 077CBB58 Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 077CBBFB

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 6264d24ae9e57fd0954e4b25ea7a8d7781e7996ceadfe9d8cb0285ee35367404
Instruction ID: 92e623f3ebdd7c28dba25d410a6d61021590b2a50c21b38ee87db123d521b81b
Opcode Fuzzy Hash: 6264d24ae9e57fd0954e4b25ea7a8d7781e7996ceadfe9d8cb0285ee35367404
Instruction Fuzzy Hash: 003188B9D052589FCB10CFA9D584ADEFBF0AB49310F24906AE824BB320D775A945CF64

Function 0914D080 Relevance: 1.6, APIs: 1, Instructions: 85timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,?,?,?), ref: 0914D11B

Memory Dump Source

Source File: 00000000.00000002.2052172698.0000000009130000.00000040.00000800.00020000.00000000.sdmp, Offset: 09130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9130000_Titan.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 39df1c2ee53a5b739d81ea31438ca2a09008a406665fb60493612100e7db3ee3
Instruction ID: f5161d51487fdb40d4d0302db826b086411ee30b02fec6ae88950d07e1228ac7
Opcode Fuzzy Hash: 39df1c2ee53a5b739d81ea31438ca2a09008a406665fb60493612100e7db3ee3
Instruction Fuzzy Hash: 2B3198B8D002589FCF10CFA9E984ADEFBF4AB09310F24902AE818B7310D375A945CF64

Function 03F19F70 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 03F1A006

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 0ea131487553d3e5e09d715c29c6534610c2e9b80675d86482fb4c2aad62ed3b
Instruction ID: be4701fa847d680c062f37aa69e43d780c8b3c04751d7bfc84b635ffbe315668
Opcode Fuzzy Hash: 0ea131487553d3e5e09d715c29c6534610c2e9b80675d86482fb4c2aad62ed3b
Instruction Fuzzy Hash: E731AAB5D012589FCF20CFA9D984ADEFBF5BB49320F20942AE815B7210C775A945CF94

Function 077CA440 Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 077CA4DE

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 4f963ee40764eace2dcc121856d4b261f189cb530025c8b4398a4ad8a2bacf41
Instruction ID: 1363c4591c8942f811bd1540f631c68ab2028894ebb39bc9ea27dab339a69b9f
Opcode Fuzzy Hash: 4f963ee40764eace2dcc121856d4b261f189cb530025c8b4398a4ad8a2bacf41
Instruction Fuzzy Hash: 6D31B9B4D01219DFCB10CFA9D984AEEFBF5BB49310F14906AE844B7220D334AA45CF64

Function 03F1F968 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?), ref: 03F1FA02

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 661e90a80925c8d0f1dddbdbb3d581e29db0b40af12c421b0d1b332c5b6045c4
Instruction ID: ae2b6ecda9c1f095d7370dd310e4f011e2d40e411d582d50a00ba3e29d286cbc
Opcode Fuzzy Hash: 661e90a80925c8d0f1dddbdbb3d581e29db0b40af12c421b0d1b332c5b6045c4
Instruction Fuzzy Hash: 3531ABB4D002599FCB14CFAAE584ADEFBF5AB49310F14906AE818B7320D734A945CFA5

Function 03F1E688 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?), ref: 03F1FA02

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e25c6fe8b61c702219461d44ff8e0042a71fe9742e555e27697f7609874dc870
Instruction ID: 0d99928f48ec0510f3241889d5b904b60f110a4bba9dde8edaf705555031b8e6
Opcode Fuzzy Hash: e25c6fe8b61c702219461d44ff8e0042a71fe9742e555e27697f7609874dc870
Instruction Fuzzy Hash: BB31ACB4D04259DFCB14CFAAE484ADEFBF5AB49310F14906AE818B7320D374A945CFA4

Function 077C70CC Relevance: 1.6, APIs: 1, Instructions: 72comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?,?,?,?,?,077C7763), ref: 077C780D

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 8410f0f09170384231065a31b4fbb1357231151214a7726b37ce79b3dc3f1324
Instruction ID: c0a36e93b54a942d00cca7761d30ee0fe12b5e715476c80897c3412025078776
Opcode Fuzzy Hash: 8410f0f09170384231065a31b4fbb1357231151214a7726b37ce79b3dc3f1324
Instruction Fuzzy Hash: 173187B8D012189FCB14CFA9D584ADEFBF4EB09360F10946AE918B7310D775A941CFA4

Function 03EBE058 Relevance: 1.6, APIs: 1, Instructions: 70windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 03EBE0DB

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 1ae228e9b9ff9f7b53f46c9521c36e7aade440a6318dbc03d50a7260bc30eb92
Instruction ID: e7b29b212d318204cc969fbe66e06fa0e2d02c1389db02ad2e3937febc4656e2
Opcode Fuzzy Hash: 1ae228e9b9ff9f7b53f46c9521c36e7aade440a6318dbc03d50a7260bc30eb92
Instruction Fuzzy Hash: 3431ACB9D00219DFCB10CFA9D584ADEFBF1AB49324F24906AE818B7310D775A941CFA5

Function 077C7796 Relevance: 1.6, APIs: 1, Instructions: 70comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?,?,?,?,?,077C7763), ref: 077C780D

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 4848571dafb00e502fe6aa29d0b711ec8cc251e8c6c6067d6290876574609a5c
Instruction ID: cb2d3d5b331070c23a2f3e43bc710ddc1c4e9df2a4de53c99c04f76a81232072
Opcode Fuzzy Hash: 4848571dafb00e502fe6aa29d0b711ec8cc251e8c6c6067d6290876574609a5c
Instruction Fuzzy Hash: B12198B8D012189FCB14CFA9D584ADEFBF4BB09310F10946AE914B7310D775A941CFA5

Function 03EBE060 Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 03EBE0DB

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 04ba7caad3baa1d8bd990082fa01cd55e3fa655351218d378ca8119821adc439
Instruction ID: 5b17c4bf9b68c363efa1a7e7e5eaa7944b16abbf5521910aec32ebcc61d45713
Opcode Fuzzy Hash: 04ba7caad3baa1d8bd990082fa01cd55e3fa655351218d378ca8119821adc439
Instruction Fuzzy Hash: FD21AAB8D002199FCB10CFA9D584ADEFBF5AB49324F24906AE818B7310D335A941CFA5

Function 0D5D3008 Relevance: 1.5, Strings: 1, Instructions: 268COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5D6057

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: fb6d32e418fe93bb1c4ac02d591444c2d18e7bfcf9c301dbe4023f2867190a4b
Instruction ID: 0f74c697a16933d4affacac1d0178ab95ed4281708da145f7bdbf75a6ca1f11b
Opcode Fuzzy Hash: fb6d32e418fe93bb1c4ac02d591444c2d18e7bfcf9c301dbe4023f2867190a4b
Instruction Fuzzy Hash: CDA1ABB5E00219AFCF15CFA8D9809EEBBF1BB49310F24952AE918B7320D731A951CF54

Function 03E7A008 Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

(bq, xrefs: 03E7A1A5

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 392597562effe3fd831dcf0ec3bb26777a3cbf54dfd187ca1375e5c5b406b8de
Instruction ID: a36715a97c2f4ca5ae0f4241feed9c7c141a182e559101998d12422c77a477ac
Opcode Fuzzy Hash: 392597562effe3fd831dcf0ec3bb26777a3cbf54dfd187ca1375e5c5b406b8de
Instruction Fuzzy Hash: B671BE316002049FEB25EF69C854BAEBBB6EFC8310F148A39E4169B394DF759C85CB51

Function 0D5D71CC Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5D7E9F

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 874eb8d65b936c9b5f1fa4b63063e09556ff8cd4748240e6c8da75da039b8c90
Instruction ID: 2360c99ae78ad5beb1b5a663425c47fc585dce853313fbddd7866620600764ae
Opcode Fuzzy Hash: 874eb8d65b936c9b5f1fa4b63063e09556ff8cd4748240e6c8da75da039b8c90
Instruction Fuzzy Hash: 4D511875E002189FCB54DFA9D844AAEBBF6FB88350F14842AE819E7354DB349D01CFA5

Function 0D5D2F6C Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5D68CF

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 2e35ba688ec7960463edd7d1145c4f877350daafec8507cd77f4ff6281281593
Instruction ID: a26dd1e3f1bdff28fb66e174cf3c58987e388605f5349bac56dd62b486357e95
Opcode Fuzzy Hash: 2e35ba688ec7960463edd7d1145c4f877350daafec8507cd77f4ff6281281593
Instruction Fuzzy Hash: B65146B5E012189FCB54DFADD444AAEBBF5FF88310F14842AE909A7344DB349942CBA5

Function 03ED6BE0 Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

PH^q, xrefs: 03ED6DAB

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: a733fce2de822364bc93d77b4847e54887567bf6e5b61abd02f35f5016147cff
Instruction ID: 002bc32a2308063c24693bda566206ca84b677d68ae06064339fe1de8927fb50
Opcode Fuzzy Hash: a733fce2de822364bc93d77b4847e54887567bf6e5b61abd02f35f5016147cff
Instruction Fuzzy Hash: 0C611C34A00218CFCF18EF68D854AADB7B6FF48314F545668D506AB364DB35EC46CBA1

Function 0D5D2CDC Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5D3861

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: efbd41124c4891db987098c4b6c933235b797bb0f17395b701be73408599c63c
Instruction ID: a0f315302bd0d979d4ae54c23f664381b9bd24319d4abb689e898e4d7764355d
Opcode Fuzzy Hash: efbd41124c4891db987098c4b6c933235b797bb0f17395b701be73408599c63c
Instruction Fuzzy Hash: FC51F3B5E002589FCB14DFA9D844AEEBBF5FF89310F20852AE815B7350D730A901CBA5

Function 03E70534 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

(bq, xrefs: 03E70557

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: d25e370d16cbe94871a6869f0bfc2270c26e7af142787caf914171743901eb10
Instruction ID: b1e39c269e6e512d8521274c8252d586aa5b73213b3db3307e58b55fc0980712
Opcode Fuzzy Hash: d25e370d16cbe94871a6869f0bfc2270c26e7af142787caf914171743901eb10
Instruction Fuzzy Hash: B651F530A012099FDB18EBB8C4546AEFBB7EF85300F188629D506DB2E1EF749C46CB51

Function 072CC148 Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

(bq, xrefs: 072CD842

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: dffac8edd48eb444072c526d770041a2fb0bafa870d5ee7ba8500b0963b724d1
Instruction ID: c528681318d2e172ef64eeb45fa426f120555b4fae75bb5f818e86115a88ada3
Opcode Fuzzy Hash: dffac8edd48eb444072c526d770041a2fb0bafa870d5ee7ba8500b0963b724d1
Instruction Fuzzy Hash: 8241D2B0B251419FC308AFB9D55525ABB92FBD5300F548A7ED00ACB758CF34E8468F82

Function 03ED6BDF Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

PH^q, xrefs: 03ED6DAB

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 1f38b2cc1e5567e7b67a7f3615cf378bb1d00b1ee099d5db1dc7eaf9e6a3a981
Instruction ID: bd04e4ce2e1aad884c2736ba436398e999757fc94e6c7117c0e967186ba2a5f9
Opcode Fuzzy Hash: 1f38b2cc1e5567e7b67a7f3615cf378bb1d00b1ee099d5db1dc7eaf9e6a3a981
Instruction Fuzzy Hash: B0510B34A00218CFDF18EF64D954AADB7B6FF49308F545268D502BB3A5DB39AC41CBA1

Function 0D5D0B00 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5D0B3A

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: f8e812dc23390a8af594fdc93933462c276817784f6e0046f5a4fed21ba4b373
Instruction ID: bb133ef72897d4cfe8a59bf1b8ff71340d60140a946ea5099e61e4563f90884f
Opcode Fuzzy Hash: f8e812dc23390a8af594fdc93933462c276817784f6e0046f5a4fed21ba4b373
Instruction Fuzzy Hash: 16411774E012589FCB24CFA9D444AEEFBF5FB88310F14846AE809A7350D734A905CFA4

Function 0D5DA698 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5DA7A7

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 516c19e0e801dbf859a98efd02061ded97c470e6fef85b448b727748a14fedeb
Instruction ID: c13410883b6239c7eb6e850552fc361d0bc8c9fcdd60d64821852956a543ff9b
Opcode Fuzzy Hash: 516c19e0e801dbf859a98efd02061ded97c470e6fef85b448b727748a14fedeb
Instruction Fuzzy Hash: 2A41B231A042058FCB6A9F7CC4146AE7BBAFB99304F14C46AE906DB261DB75CC45CBA1

Function 0D5D8340 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

_, xrefs: 0D5D83B9

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-1729890271
Opcode ID: 5080d2c5dc4cbf53cd4c3fb11924d5c0822e823772e102ed22ba4b7252d2211c
Instruction ID: 0bef7d34fe2d3b1b297e3a2c90cf0b2cc4fa05a968ffd52a098db6f28dbed0e3
Opcode Fuzzy Hash: 5080d2c5dc4cbf53cd4c3fb11924d5c0822e823772e102ed22ba4b7252d2211c
Instruction Fuzzy Hash: 1A412972D007099FCB15DFA9C840599FBF1FF49310B25865AE859BB311EB71AA81CF80

Function 072C1E60 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

LR^q, xrefs: 072C1EF9

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: df0a536634831649f2d51fb858e3ef87622af0f025ff6bf52a0aa6ca29d406f4
Instruction ID: 13c252844f4290706a3fefd223e19f09c5fb5f91e481b5b28e1360132f7abf26
Opcode Fuzzy Hash: df0a536634831649f2d51fb858e3ef87622af0f025ff6bf52a0aa6ca29d406f4
Instruction Fuzzy Hash: 9131E3B5B202099FCB14DF29D844AAEB7BAFB88710F14425DE605D7391DF30AC11CB91

Function 0D5D8368 Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

_, xrefs: 0D5D83B9

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-1729890271
Opcode ID: d7abcd73b93477153bd9b57559af7382f47e2a5e2f2f47fac25e5d9914d43bd8
Instruction ID: a065664541ea1290c4c214d5d2d4ef75ba4ba836acbd2fe0e9d4a1fe2d2d76c4
Opcode Fuzzy Hash: d7abcd73b93477153bd9b57559af7382f47e2a5e2f2f47fac25e5d9914d43bd8
Instruction Fuzzy Hash: 0741F372D0070A9BCB54CFA9C44459DFBF5FF88310B25866AE819BB315EB71A985CF80

Function 072C282C Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

Hbq, xrefs: 072C3BE0

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 78d5700d45849c382105169f5a54e5b446511929628a890699b4dc068b3e42b0
Instruction ID: c934d2e8e35b717b17b012191bbbe4b57c073f1c8576a2cb0bbe0656eb3675fb
Opcode Fuzzy Hash: 78d5700d45849c382105169f5a54e5b446511929628a890699b4dc068b3e42b0
Instruction Fuzzy Hash: 9921C1743106118FC658EF39C454A2EB3EAEFD5B11B15896ED406CB361CF74DC058B56

Function 03E72488 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

*;'], xrefs: 03E724D3

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: *;']
API String ID: 0-166331675
Opcode ID: 0e74e1d3e84ae66a1e44c46d2e825a996d697eb523d693d8f89529b07d84849b
Instruction ID: 005545347a6176fcceedbacaaa66cf8f67789bc0100f8523c794894b1c8f3c75
Opcode Fuzzy Hash: 0e74e1d3e84ae66a1e44c46d2e825a996d697eb523d693d8f89529b07d84849b
Instruction Fuzzy Hash: CB2126B4E01209EFCF44DFA9D5515EEBBB1EF46310F20E5AAD904AB211E7305A42DF51

Function 03F1A070 Relevance: 1.3, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 03F1A0F6

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: fc0f5deed0d6bef358e1cd1b4febec56d34269c7774f18ffae1ec2b372984bfd
Instruction ID: 8179eb519b612842dcbd107e21ec735e200c7166cc8e95200b06a87799c521a3
Opcode Fuzzy Hash: fc0f5deed0d6bef358e1cd1b4febec56d34269c7774f18ffae1ec2b372984bfd
Instruction Fuzzy Hash: 6E31DDB9D052589FCF10CFA9E984ADEFBF4AB09310F24906AE814B7310C335A945CFA5

Function 03F18F88 Relevance: 1.3, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 03F1A0F6

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: c0bcd7c84c510e5154e80016cc6157d02ccc3b5a3cf08dc1a2ad6591d6739097
Instruction ID: 3d4fa4ad0f6e8aa2f29701aefa4adf787116f152c123b80d7475bf0ef3a8902b
Opcode Fuzzy Hash: c0bcd7c84c510e5154e80016cc6157d02ccc3b5a3cf08dc1a2ad6591d6739097
Instruction Fuzzy Hash: D0319DB5D052189FCF10CFA9E584ADEFBF4AB09310F24906AE818B7310D375A945CFA5

Function 03E72498 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

*;'], xrefs: 03E724D3

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: *;']
API String ID: 0-166331675
Opcode ID: 410b101c24205191f2022cceaede9ff188e53dd92ffb05b4bfe81cf5d690002a
Instruction ID: 9802cc7ce631f17c71229526e125f15ec54b88b74fd0079d987b59ce1232a700
Opcode Fuzzy Hash: 410b101c24205191f2022cceaede9ff188e53dd92ffb05b4bfe81cf5d690002a
Instruction Fuzzy Hash: 3F2110B4E41209EFCF48DFA9D5415AEBBB1FB49700F20A5AAD904A7210E7309A41CF91

Function 0D5D7538 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

(bq, xrefs: 0D5DBF3A

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 34041fa285ffc1daf60f7222eb79cd22873d2b870876326a66067805b574ee50
Instruction ID: 90176c8468295b9a2fb0e15474cc332f417005cb045c8862760b7e9eb1008169
Opcode Fuzzy Hash: 34041fa285ffc1daf60f7222eb79cd22873d2b870876326a66067805b574ee50
Instruction Fuzzy Hash: 2C0189717082196FC75A5F6D882087F7BABFBC6240301842BE901C7385CE30CC0287B2

Function 03E79CF8 Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

Hbq, xrefs: 03E79D2B

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 4bee92fb8fefce0828ae922119f724701ae21e231a9ce70c68ee1c072b11ca70
Instruction ID: cd772b961858b3d973b0ef92bfbe91d3fd24c2bc4a5698e2f149dce802be603c
Opcode Fuzzy Hash: 4bee92fb8fefce0828ae922119f724701ae21e231a9ce70c68ee1c072b11ca70
Instruction Fuzzy Hash: 52F0F4317002544FC3149F3A985455FFFABEFC5260754887EE95A87391DE36DC028B94

Function 03E704A2 Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

Te^q, xrefs: 03E704E3

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: d0c98c0119411c997b9569ffdffe47a3b2d1addd14292646f8977604848dcacc
Instruction ID: ba4bed176ebc2a53b17006181e82930fbbde3c708574ee7a673925df44afbedb
Opcode Fuzzy Hash: d0c98c0119411c997b9569ffdffe47a3b2d1addd14292646f8977604848dcacc
Instruction Fuzzy Hash: 2C0131757001008FC744EF7DD994A6EB7EBAFC8610724856DE246CB369CE35EC098B50

Function 03E704A8 Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

Te^q, xrefs: 03E704E3

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 2cc961d89e53ea96934041b0151b1925a60ca378dcc0ce673252ef748d5e7783
Instruction ID: d30af536cb59543658d300207a70216e18aba8f3d1458fca34ac2bb36a56a23f
Opcode Fuzzy Hash: 2cc961d89e53ea96934041b0151b1925a60ca378dcc0ce673252ef748d5e7783
Instruction Fuzzy Hash: DB0119757401008FCB04EF69D998A6AB7E7AFC8610724856DE20ACB369CE35EC098B50

Function 03E765F1 Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a27fd4c4dd9ee9381594f2f51c43ed18fdd0aca6e244875bd6213284d7f89e
Instruction ID: 95cca0b6f4ab44a2cf0f7ec47aa981029431ebe432e1de74579f3e83977e17e1
Opcode Fuzzy Hash: c5a27fd4c4dd9ee9381594f2f51c43ed18fdd0aca6e244875bd6213284d7f89e
Instruction Fuzzy Hash: C442E030D10A19CFCF15EFA8C8446DCBBB1BF49304F5186A9D5497B265EB30AA99CF81

Function 072C52C0 Relevance: .5, Instructions: 508COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a73b183cf6e5777a5999c7482cfa22916e631761d03427841717027ddf4f526c
Instruction ID: eaa25bf2a15f158b1dc2e3801061060f88683ab726b64aaa602b0914202aee39
Opcode Fuzzy Hash: a73b183cf6e5777a5999c7482cfa22916e631761d03427841717027ddf4f526c
Instruction Fuzzy Hash: 592272F4E30206CFCB14DF96D589AAEBBB2EB65310F34825AD4119B258CB74F891CB51

Function 072C29C0 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ccdf50ba46b39a95430b24315633dfdc800939c2187965a172221a0661498f5
Instruction ID: 5277c65b42fbe9392a38059edd424652b0146b7052c7442dfb334795bacf35a0
Opcode Fuzzy Hash: 3ccdf50ba46b39a95430b24315633dfdc800939c2187965a172221a0661498f5
Instruction Fuzzy Hash: 86D11AB1A1021ACFDB14DF64C884B9DBBB2FF55304F1141A9E909BB261CBB1AD85CF90

Function 0D5D745C Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3c30c25abcf606ac69457bdb2e2bdc8462aefb42f30686f6051b1c96fa7fe52
Instruction ID: d6b200b101f14d51512be7311ea5daa8631e5a4c5c26fa86823dfc7fa4a0eebc
Opcode Fuzzy Hash: d3c30c25abcf606ac69457bdb2e2bdc8462aefb42f30686f6051b1c96fa7fe52
Instruction Fuzzy Hash: 20E11935900619DFCF55CF64C840ADAB7B2FF49304F15C59AE908AB221E772DA96CF90

Function 03E7A8D8 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24cfa494fb52691125a52d368cc778247d762620dd27db22628485a173c20865
Instruction ID: 344773079ee58db33cb2ba5719d01ef97f4f637faed7c192be2c797a2c756a71
Opcode Fuzzy Hash: 24cfa494fb52691125a52d368cc778247d762620dd27db22628485a173c20865
Instruction Fuzzy Hash: 3871E670F04106DFCB16AF64D5481BEBFB5EB40244B566AB9D482A7399E630D8708BC2

Function 03E7A6E4 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e2863b31280ce1233725fa7871af418682707cc1fa63e9339d197db824f4c9d
Instruction ID: 4c9615243406e12164fe092c39d1b714565de08365ecd4fbeaf2e8fbaca47415
Opcode Fuzzy Hash: 3e2863b31280ce1233725fa7871af418682707cc1fa63e9339d197db824f4c9d
Instruction Fuzzy Hash: F3C14F34A11218DFDB54DFA9D844E9DBBB2FF85314F1452A9E412AB3A1CB31DC81CB51

Function 072C7580 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fb12b9e206410764d301cac4606961f65522b06a80c2efd3e7f91a8ad429f11
Instruction ID: 6e7c30e35065def0d03877d5109bef101d3e4c682bb6b56e20b57aa676d8760e
Opcode Fuzzy Hash: 9fb12b9e206410764d301cac4606961f65522b06a80c2efd3e7f91a8ad429f11
Instruction Fuzzy Hash: E7A11BB4A2031ACFCB05EBA4C954A9DB7B6FFA9300F24826DD509AB364DF309D41CB51

Function 0D5DA003 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60de516a28d9c6f5aa7fe83f68254d9ecd86967275f31a058249d5022f37e019
Instruction ID: 711e73d6953197a9b954a898284c5f841feb1f300f8f16820c113ed08102c76e
Opcode Fuzzy Hash: 60de516a28d9c6f5aa7fe83f68254d9ecd86967275f31a058249d5022f37e019
Instruction Fuzzy Hash: EAC14D35A4061ACFCB65DF68C844EA9B7B1FF99300F1581E9E909AB261EB31DD80DF50

Function 03E7F720 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a0748f86af6ab1650e0017073f493cb13e85264f115dfa0eb22da48e0a4ff9c
Instruction ID: 4a04a711d9d6bd36bdd5996acffd99601352c320da6362b36c6bc5771dd53846
Opcode Fuzzy Hash: 8a0748f86af6ab1650e0017073f493cb13e85264f115dfa0eb22da48e0a4ff9c
Instruction Fuzzy Hash: 97713374714210CBDA19E72C86981BD61A7ABC5A14B2CF76BC4078B798DF78DC438783

Function 03E7EC80 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a736f044c608b84c34dc17f91e9a634c6485a9f29a891f2f0e5ad6235cdc88cf
Instruction ID: 9ca5ebb48e32aff87224b91f836bb2b356413e1387f8b1747600b01a0f556f7a
Opcode Fuzzy Hash: a736f044c608b84c34dc17f91e9a634c6485a9f29a891f2f0e5ad6235cdc88cf
Instruction Fuzzy Hash: B2910C34B10228CFDF18EB64C854AEDB3B6BF89745F1552A8E502AB3A1DB35DC41CB61

Function 072C0022 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c07125e965ae141a508b2029e24fd7c9d58cc138e035ffbdca0b6000570d4949
Instruction ID: 3f05b903c7f9ee89613d8c040a66232af0fa62b798038084552fffc745e60da1
Opcode Fuzzy Hash: c07125e965ae141a508b2029e24fd7c9d58cc138e035ffbdca0b6000570d4949
Instruction Fuzzy Hash: 3381A9B03206428FDB65EF38DD51A6A77F6FF45204F05066DE412CB690EB74E940CBA2

Function 03E7E820 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 765c6d881b1e6d45334bfaf792053e3174c5ca907f1ae59e73eba173ecef0a2b
Instruction ID: 5c50f879f2349288be9b531e54730fa92878a37b1c1c08d3664e168e9fbbfd02
Opcode Fuzzy Hash: 765c6d881b1e6d45334bfaf792053e3174c5ca907f1ae59e73eba173ecef0a2b
Instruction Fuzzy Hash: B4A11B34A11218DFDB14DFA9D884E9DB7B6FF89314F1562A8E411AB3A1CB31EC81CB50

Function 03E7A740 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c5be9eab0c31998fd191b8dbecb4049b88f87708f54ac32980663d2169b257
Instruction ID: 5110c930b68135ba2fd3b18059618f5b4cd9851bd8f7a44148f6771cb749cc67
Opcode Fuzzy Hash: a5c5be9eab0c31998fd191b8dbecb4049b88f87708f54ac32980663d2169b257
Instruction Fuzzy Hash: 8781CD70A00205DFDB16EF68C5486AEBBB2EF85308F1951B9E406AB3A5DB31CC55CB91

Function 072C0040 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ad5290d83a51893790d8e21ffeb0931c59444c6f1126dc558c16bb722cf2b87
Instruction ID: 011976346f4d6b7520d9e3074801a721733814b77b1b45269bd76ac9a845cb36
Opcode Fuzzy Hash: 9ad5290d83a51893790d8e21ffeb0931c59444c6f1126dc558c16bb722cf2b87
Instruction Fuzzy Hash: 0E8167B0320A428FDB68EF38DD51A6AB3E6FF44304F050628E416CB690EB74E950CB91

Function 03E7BF61 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b7a102ee152ddb797d8fc3fe818c24d8df21490a3192746bd43c45d6ed46935
Instruction ID: 6cc0924abdf76510fbe525ce8b9b6167e80417c540d715a11aafdf5977254d76
Opcode Fuzzy Hash: 8b7a102ee152ddb797d8fc3fe818c24d8df21490a3192746bd43c45d6ed46935
Instruction Fuzzy Hash: 3CB1D675910619CFCB10EF68C840AD8FBB5FF49304F05C699E949BB211EB30AA89CF90

Function 03E73C72 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd6c7f24ec6187d071dce3b668fce21c1284ca52cb4ec746f9b42f8b4a4c374
Instruction ID: b91e9a9c03122d122473c2e7aed1630656a17854c7a73a3dcc2b2e7b12155257
Opcode Fuzzy Hash: efd6c7f24ec6187d071dce3b668fce21c1284ca52cb4ec746f9b42f8b4a4c374
Instruction Fuzzy Hash: 8D918D35E00219DFCF14CF99D884AEDFBB2FF84314F18966AE515AB255DB30A881DB90

Function 03ED879C Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b6ecadb1be3bffcbbb6cc2148da05c7bae3a749cb6395779d7d74b07a86aac
Instruction ID: f9cb75dc0e48d56e84c6510bf1248d158e24cc05220cdc1e533448bec0c350ea
Opcode Fuzzy Hash: c2b6ecadb1be3bffcbbb6cc2148da05c7bae3a749cb6395779d7d74b07a86aac
Instruction Fuzzy Hash: 71913D75A102059FCB41DFA8C9448AEBBF6FF8C314B059669EA05DB360EB31DD51CB90

Function 03E7F011 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40aee009a84478ec4158f30e2fd4022b351f7b37e7501dfebb50e78b5414b965
Instruction ID: 4ec078d6eb3ef1a77cc1fe30f28955d04c53747137099df9ab50ce93ead5a6c7
Opcode Fuzzy Hash: 40aee009a84478ec4158f30e2fd4022b351f7b37e7501dfebb50e78b5414b965
Instruction Fuzzy Hash: D1814138A10255CFDB19EB64CC95AAD77B6FF84348F085268E402AB3A1DF35EC42DB51

Function 03E7F020 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 967e4794817c545570b5184605c39c0eb01e5192f08b3cbdbb6442f28510a213
Instruction ID: bf136eaa9131b1ad5bc6e99faef06f7deeb770b3f6826449347a6377b007925b
Opcode Fuzzy Hash: 967e4794817c545570b5184605c39c0eb01e5192f08b3cbdbb6442f28510a213
Instruction Fuzzy Hash: 6D813138A10254CFDB18EB64CC55AAD73B6FF88348F085268E502AB3A1DF35EC46DB51

Function 072C29B0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f8e1d7fb1bb038f5823b0be41c86589b4bdba8d136da5e10e9cc06496014d6
Instruction ID: 38548d640f44b0bf87c9e39210e5bf92ba3333875302325e2e408e057fb6d04c
Opcode Fuzzy Hash: 22f8e1d7fb1bb038f5823b0be41c86589b4bdba8d136da5e10e9cc06496014d6
Instruction Fuzzy Hash: 449126B0910219CFCB24DF69C884BAEBBF2FF59314F1441A9D509A7261CB74AA85CF50

Function 03E73810 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4df2c547612c9f3bcec365b4d67dd3f4d334f5b6749cdcafcadbe82b9d565581
Instruction ID: 555d2cc2ee66d02a7843b55d5579c7a7a890dafd4e6d5e8aff4b9321b9c47929
Opcode Fuzzy Hash: 4df2c547612c9f3bcec365b4d67dd3f4d334f5b6749cdcafcadbe82b9d565581
Instruction Fuzzy Hash: 7C91F679A0060A9FDB50CFA8C980ADEB7F6FF48314F048669E925E7354D730E951DB90

Function 0D5D4278 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 182483546e3014520c0eb92a8edf8ef804c77fc146cbe6253d292318d44f6dc8
Instruction ID: 9fb9a34bd46c204e44aca01bad8c34e89c3bf7cdb6ef14ba8e0e0dc1873a7af2
Opcode Fuzzy Hash: 182483546e3014520c0eb92a8edf8ef804c77fc146cbe6253d292318d44f6dc8
Instruction Fuzzy Hash: 5981FA74A00609DFCB59DF6CC454AAEBBF1BF88311F148569D80ADB350DB31E981CB50

Function 03E7CDB0 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e85b0199095997cbaf4a7a5d8a95e6268aa06adf68a59bc4784c598711dbafcf
Instruction ID: 2922268b68bf28c92913315b15c98397479f09d4e67fbad82ae35cd45e282c4c
Opcode Fuzzy Hash: e85b0199095997cbaf4a7a5d8a95e6268aa06adf68a59bc4784c598711dbafcf
Instruction Fuzzy Hash: 2F81A330A10609DFCB15EF68D8486EDBBF9FF44304F256269E045AB2A4EB30D965CB81

Function 03E73C80 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2094ed7132de8f0b06bead9900eda892ef825947956aefa06869022494ed3d95
Instruction ID: a097d89560057742353638584a78491469d7e8532bf8302dca055e30e2a4182b
Opcode Fuzzy Hash: 2094ed7132de8f0b06bead9900eda892ef825947956aefa06869022494ed3d95
Instruction Fuzzy Hash: 8A811735E01619DFCB54CFA9D8809EDFBB2FF88314F189629E515AB254DB31E880DB90

Function 03EDA157 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb8e00957e82f97112cab7c175d3818657d0c07949310f97f10633650311fd3
Instruction ID: 37943499862787bcfe466a26b656ec1d020d48eee7305e0266ff4d0c941dcdff
Opcode Fuzzy Hash: 8bb8e00957e82f97112cab7c175d3818657d0c07949310f97f10633650311fd3
Instruction Fuzzy Hash: 89712C74A102059FCB41DF68C9849AEBBFAFF8C314B199269E905DB360EB31DD41CB50

Function 03ED4D40 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e3c30134ac23f735d382ac34cb50892fdca9480f0500f41c0dcc02c5338159b
Instruction ID: 53a3763619e719676619f2e6fda32cd0a3ca3c01d4d15c516e1289c756904ada
Opcode Fuzzy Hash: 1e3c30134ac23f735d382ac34cb50892fdca9480f0500f41c0dcc02c5338159b
Instruction Fuzzy Hash: 3771D338B10205DBDB04DF7AE8516AE7BB6BBD8214B249235E51ADB3D4DF349D42CB80

Function 03ED4D30 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77df1145c776fc0de21c20cde629a1547b5182235d4fb03de78013b7ba453073
Instruction ID: 87bf26787c72480242d427af352805daf8902f116fc2c007915950d221c3abbd
Opcode Fuzzy Hash: 77df1145c776fc0de21c20cde629a1547b5182235d4fb03de78013b7ba453073
Instruction Fuzzy Hash: 0071D438B10205DFDB04DF76E8916AE7BB6BBD8214B249225D51ADB3D4DF309D42CB80

Function 03E71A9C Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4e12fd3cf82747b59c2e40f6f66bb9c3b3e17d14842ca678ed427be611d19dc
Instruction ID: b05482c4210c1919af6b19984a1235403ad4ab8404f8454fea6d645fe9119a74
Opcode Fuzzy Hash: a4e12fd3cf82747b59c2e40f6f66bb9c3b3e17d14842ca678ed427be611d19dc
Instruction Fuzzy Hash: 63519730A05208DFEB11DFA5D958AADFFB2FF85300F264199D401BB296CB3099A5CF41

Function 03E78A68 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85e845070fa28d7f82d7ff315f4e5c8a1ca6df48562870c5eb35e3d66bb6afbf
Instruction ID: 80a57907f7f718e0252bf93936254128a03ec0f819b2d231b772666323450b45
Opcode Fuzzy Hash: 85e845070fa28d7f82d7ff315f4e5c8a1ca6df48562870c5eb35e3d66bb6afbf
Instruction Fuzzy Hash: C581F674A00344CFCB08DFA8C588998BBB2FF59304F1585A9D909AF36ADB71E945CF40

Function 072C7560 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 262c1e563432f2e5525642890c4af5798df7350219cceeefc228fb52719662cf
Instruction ID: b1b27105c95332eaf6ca7b41d3533abaf6c8fa97c4434a48ae349125b110696b
Opcode Fuzzy Hash: 262c1e563432f2e5525642890c4af5798df7350219cceeefc228fb52719662cf
Instruction Fuzzy Hash: F96138B0A2031ACFCB05EFA4C9449DDBBF6BFA9300F254269D405AB264EB30AD45CF51

Function 03ED5307 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12561e29db6c6cf317d3caa711a5d886bbccf485ac6e776ee6cfaa216d3889c4
Instruction ID: b84eb7651639769ca43641fe979930fee224781bc37158d938783b159bcfd68b
Opcode Fuzzy Hash: 12561e29db6c6cf317d3caa711a5d886bbccf485ac6e776ee6cfaa216d3889c4
Instruction Fuzzy Hash: 01614078715204AFE715DB60E891E2F3B73EBC5604F2080A9E5198B3E5CF31AC52DB81

Function 072C0870 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377ea053877c9d9f1e0a8887a70de4867bceb8993b70982ec9fd94ffc7ea6d58
Instruction ID: 94a739c5344174b29d23737a186726f30005038a89e72dd15108f83f29fe15d5
Opcode Fuzzy Hash: 377ea053877c9d9f1e0a8887a70de4867bceb8993b70982ec9fd94ffc7ea6d58
Instruction Fuzzy Hash: 986147B0620B02DFE764DF3AD95071AB7E6FF88640F044A6DD18AC7A50DB70E945CB91

Function 03ED0850 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d28b2147842345ae1bf1617053e978925eda93b2e93f6a6940458cb6f58ac4da
Instruction ID: 12c252990cb0caac6b77e2c6f77d2a28c126bfe8633b4c63e2f799a4edbaf658
Opcode Fuzzy Hash: d28b2147842345ae1bf1617053e978925eda93b2e93f6a6940458cb6f58ac4da
Instruction Fuzzy Hash: C3612935A003098FDB14DBA9D894ADEBBB6FF88314F089569D505AB361EB349C46CF90

Function 03ED1300 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96b16c352928375bfcccd75e8e32f8408dd904a7424f614687a7ee4442a8c9bb
Instruction ID: 656ec004b3ab0b9721223183f50eff82c615e5320d19569ab2f84d106a432c05
Opcode Fuzzy Hash: 96b16c352928375bfcccd75e8e32f8408dd904a7424f614687a7ee4442a8c9bb
Instruction Fuzzy Hash: 0B617D346006058FDB58EB68E950A9EB7F6FF44308F04866DE806DB394DB75F982CB91

Function 03ED9E68 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f135be200372663dce1ec7f0b60268325dffa847344db562f2239209fda67ec8
Instruction ID: ec9929ee1431a226b359a626d01b7d7707ce9a1a9f64914d99beafd95e336796
Opcode Fuzzy Hash: f135be200372663dce1ec7f0b60268325dffa847344db562f2239209fda67ec8
Instruction Fuzzy Hash: C471B575A002189FCB54CFA8D9849ADBBF5FF48714B24816AE919EB361D732ED42CF40

Function 03ED12F0 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde391eefe4fe0f7b23da0bc3bfb173e180f35f2d6fa3574fcd5e65234a8d1bb
Instruction ID: bdcb618b3887d1400d32a0334ce1e52c09ffde5af375a8d80c5bc21148dc0641
Opcode Fuzzy Hash: dde391eefe4fe0f7b23da0bc3bfb173e180f35f2d6fa3574fcd5e65234a8d1bb
Instruction Fuzzy Hash: 4A618D346006458FDB68DF28E890A9AB7F2FF45308F08566DE846DB351DB35E942CB91

Function 03E78A57 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 408d9da66856fa311b2cb1ab69951de80ec07e51dedef4b9515da6a6c9524545
Instruction ID: 4b9534881b9574af6a526130991fb1711991775905bb3f5511659f96fca6f611
Opcode Fuzzy Hash: 408d9da66856fa311b2cb1ab69951de80ec07e51dedef4b9515da6a6c9524545
Instruction Fuzzy Hash: 5C712774A01344CFCB09DFA8C598998BBB2FF59304F1589A9D805AF36ADB72E945CF40

Function 072C4270 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1266cf991389b6bbe27acb43c6a660079470a31c8d10e264bc74828b4af9f61
Instruction ID: c829dc9b61f478fe35d3df6a01c075f966eaa2656e1046fc8dd9be396ba529e6
Opcode Fuzzy Hash: f1266cf991389b6bbe27acb43c6a660079470a31c8d10e264bc74828b4af9f61
Instruction Fuzzy Hash: DD5166B0A10346CFCB24EF68D554B9EBBF2BF88310F20426DE50A9B251CB30AD41CB90

Function 03E74422 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef8873aa428f255714fbf3230810208ed3791bf0078a6f3ade5cf2666e55631f
Instruction ID: 661abf6dbc4a12f30c6d5fb6c8fb6927202fc028bd462fad32318831d118d931
Opcode Fuzzy Hash: ef8873aa428f255714fbf3230810208ed3791bf0078a6f3ade5cf2666e55631f
Instruction Fuzzy Hash: 7251AD74B006168FDB14DF29D841AAAB7F2FF89354F088669E419DB394EB34E841DF50

Function 0D5D7FF9 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73812a08641408ea88b43531a115eb7f4f311ca8c5a67c787526f1fbf45664b6
Instruction ID: 85dd23f0f979e3c7f350c17e53efdfe841dd839eba24d0135767e542b120e650
Opcode Fuzzy Hash: 73812a08641408ea88b43531a115eb7f4f311ca8c5a67c787526f1fbf45664b6
Instruction Fuzzy Hash: 40519375A10509DFCB09DFA4C854AEDBBB6FF88740F108129E906AB364DF34D946CB91

Function 0D5D3018 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2365cae5b80bb2b7953f97c5a688d3166458a4eb3d8b353df8e4de8fd6f12db
Instruction ID: ef22759f5dbb4f1442bba27e29d2d7dd36d5f5792eae9d46c5d9862b42d3ec65
Opcode Fuzzy Hash: f2365cae5b80bb2b7953f97c5a688d3166458a4eb3d8b353df8e4de8fd6f12db
Instruction Fuzzy Hash: 035178B9D042189FCF11CFA9D984ADEBBF5BB09310F14A06AE918B7310D735A951CF54

Function 03ED0C98 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0a6a1c0e25911a1a6731f6bf186e5277fbd6a050b110cd2599ba30937795bd5
Instruction ID: 8acf81a18dcf517fb147c27f08fa6eacb93c6b042d9448ff8ed6a55fa496a87d
Opcode Fuzzy Hash: d0a6a1c0e25911a1a6731f6bf186e5277fbd6a050b110cd2599ba30937795bd5
Instruction Fuzzy Hash: C2419265B042159FEB74EAA98D417BF21AFCBC4714F28923BA005C7285CE7DCD4393A1

Function 03E71DB0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c54b43517b7555db95ea7b1bb6c52f38c826e09fdb1b8d39803fd07352d730e8
Instruction ID: 475bca5eec64f7afa8d186bda913a49057420038b2e0d169262b5655589ba257
Opcode Fuzzy Hash: c54b43517b7555db95ea7b1bb6c52f38c826e09fdb1b8d39803fd07352d730e8
Instruction Fuzzy Hash: 80515B70A10218CFCB14DFA8C484ADDBBB2FF89304F148269E805BB351DB30A845CFA1

Function 03E74430 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1263316a7db48db8f06017b76716ad50ae5e24837456af53f85fcb516153e399
Instruction ID: 8117e54ca4ab663a31f4ffb819a395d1dc7fe2c17c9460d202f594f681d63602
Opcode Fuzzy Hash: 1263316a7db48db8f06017b76716ad50ae5e24837456af53f85fcb516153e399
Instruction Fuzzy Hash: ED519F74B006158FDB14EB29C851AAEB7F2FF88354B088669E41ADB394EB34EC41DF50

Function 03EDD81F Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e33a083ed841c474cf504b19ed9aece0efbe06967dcc32d2a886f829ebd4e847
Instruction ID: c8e323922a8b9103892d7a2600c4819d5efbeb04db4fbec11ab189a6e597d36b
Opcode Fuzzy Hash: e33a083ed841c474cf504b19ed9aece0efbe06967dcc32d2a886f829ebd4e847
Instruction Fuzzy Hash: FC61E474901219CFDB54CF68C984BDEB7B2BF49304F2492A9D409AB364D770AE86CF50

Function 03E71DC0 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2475e1a0d5ed0caaaa480662c7fc079af40ce63371a4d7e3a4238bc6f733183c
Instruction ID: 96d2a07f0e832f92aca45177969a2f6d331545dc9a70385837dc2d2de811d850
Opcode Fuzzy Hash: 2475e1a0d5ed0caaaa480662c7fc079af40ce63371a4d7e3a4238bc6f733183c
Instruction Fuzzy Hash: C7513A74E10218CFCB14DFA8D484ADDB7B6FF89304F148269E805BB361DB30A845CBA1

Function 0D5D1690 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a714654fb6fc9e9f7e2b4f963700aa1e20512418e1d3cccf24c7fcd917d157fa
Instruction ID: 79b71ddc8d5d0515805a1bdf0eeac5b2ad7f326e24faafbab77b5ee57c3d2c98
Opcode Fuzzy Hash: a714654fb6fc9e9f7e2b4f963700aa1e20512418e1d3cccf24c7fcd917d157fa
Instruction Fuzzy Hash: 5D511A74A006189FCB54DFA8D884AAEBBF6FF48310F148529E91AEB391DB71DC45CB50

Function 03E7081C Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e479b557573ddafde7ac7a0c7c7b7c891a28a33996fef923820475598f4bab17
Instruction ID: 757362c9676f91ee46b90341b7fe3e0877870beebecf2770db399735534bd780
Opcode Fuzzy Hash: e479b557573ddafde7ac7a0c7c7b7c891a28a33996fef923820475598f4bab17
Instruction Fuzzy Hash: 6151F0B4D00258CFDB20CFA9C880BDEBBB1BF49304F20916AE418BB250DB759989CF55

Function 03E77BF0 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e925c69a672738ca8efdf93b2e56c401b58eb884d1b5ae1ec1c598ad0851864
Instruction ID: cdfbd9e46f6a7a43e8b182dda02503a3aefa964501d06611207663ea5f546c10
Opcode Fuzzy Hash: 5e925c69a672738ca8efdf93b2e56c401b58eb884d1b5ae1ec1c598ad0851864
Instruction Fuzzy Hash: B0510535A0060ACFCB14EFA8C8909ADF7B5FF89250B149669D506BB315EB34E985CB90

Function 03E70368 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdcd12707e6a8f808e81a46abef0100804a5261a90929a1639044b319807faee
Instruction ID: 65db9fe2ec29b3cd779bbfe729d31172b70dbcda5d54583ca529fa22df385d8f
Opcode Fuzzy Hash: cdcd12707e6a8f808e81a46abef0100804a5261a90929a1639044b319807faee
Instruction Fuzzy Hash: 1451F270D00258CFDB24CFA9C844BDEFBB1BB49304F20916AE418BB250DB759989CF95

Function 03ED5AA3 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec1c2886e98b250d82868b9a8abc991cf06a28f40fcc4316122d5ba9a119acf
Instruction ID: 8b0ad2a08eb8dc0eec2928164765a649b26bb4fc50e51507e62678352b9713e6
Opcode Fuzzy Hash: aec1c2886e98b250d82868b9a8abc991cf06a28f40fcc4316122d5ba9a119acf
Instruction Fuzzy Hash: 10519E34A02604DFDB24DB54D994BAEB7B2FB85304F289268E505AB395CB30ED42CB51

Function 072CB6C4 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d601880e789df73e772305c275de13446fe57f508a6ce1fcefc6996b264cf0fb
Instruction ID: 1b1a462d04c9ded6dad0ed31d5b3472ea31f601275b2977955e93adae58168d8
Opcode Fuzzy Hash: d601880e789df73e772305c275de13446fe57f508a6ce1fcefc6996b264cf0fb
Instruction Fuzzy Hash: 8451E3B1D00219DFDF20CFA9C980ADEBBB5BF59304F20916AD409BB211DB75AA45CF94

Function 072C6068 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8099e82521621535161ab291b48dc3c876c0b807060749356649c09e1a032bff
Instruction ID: 050577ac4a61a5b97c0d3e0dfe38cb9585690a05eba4b517f070c3c0d3aa3627
Opcode Fuzzy Hash: 8099e82521621535161ab291b48dc3c876c0b807060749356649c09e1a032bff
Instruction Fuzzy Hash: 755154B4E002598FCB14DFA9C444A9EBFF2FF49310F1480AAE445AB361DB35A945CFA5

Function 03E7C4E0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 826c6d414f4974d931d2d84db591a144bdd9520956fc99aca3a8520eb976a170
Instruction ID: f6f62bb145e7b6f83754ad4c67e39caa1728df653afb58747ace15eaa12bb825
Opcode Fuzzy Hash: 826c6d414f4974d931d2d84db591a144bdd9520956fc99aca3a8520eb976a170
Instruction Fuzzy Hash: A4516775900219DFCB14DF94D9889EDFBB5FF48310F298259E805AB254D770AA85CB90

Function 072CB6D0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79f5728f75d718102ea1857ddb3ce03fea3b9bdac061ef497ef9b69dab6e0c1c
Instruction ID: 104b21dca3c2fc80603129a110071ebf827290d94dbf25c9f71500059f0ebf2e
Opcode Fuzzy Hash: 79f5728f75d718102ea1857ddb3ce03fea3b9bdac061ef497ef9b69dab6e0c1c
Instruction Fuzzy Hash: B451E2B1D00219DFDF20CFA9C940ADEBBB5BF49304F20956AD408BB211DB71AA45CF94

Function 0D5DF48C Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7bd4a9ea5e814493ebf67674b3d3163dd70dcfa6c6c3176d81376f69955145
Instruction ID: 71c87db84f3910b17338a0982b01f965ae13ae3e462815b9ebd7139785cb57d8
Opcode Fuzzy Hash: 8d7bd4a9ea5e814493ebf67674b3d3163dd70dcfa6c6c3176d81376f69955145
Instruction Fuzzy Hash: D951CDB4D042589FCF14CFAAD980AEDBBF1BF49304F24942AE818BB250DB749985CF54

Function 0D5DF498 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec0c9fee33cc3dba4a9a53bd3edf8d4ec712b4ec958ec12b7e4c4ddf662a76d2
Instruction ID: ac91922e9d9c86dd4974129558221a7e66f56b29f052d80c53c637f734983aa7
Opcode Fuzzy Hash: ec0c9fee33cc3dba4a9a53bd3edf8d4ec712b4ec958ec12b7e4c4ddf662a76d2
Instruction Fuzzy Hash: C741BEB4D042589FDF14CFAAD580AEEBBF1BF49304F24942AE818BB250DB749985CF54

Function 0D5D1680 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c462f734b6d1ba7713468f2876c8a5deb8bb3cb4e4cd8ceaafd1bb804b5b95c
Instruction ID: 42092bbd72a0bde25b1f2f8162502351ca28d9c8139a214d7f0c4ed06b7b91bf
Opcode Fuzzy Hash: 4c462f734b6d1ba7713468f2876c8a5deb8bb3cb4e4cd8ceaafd1bb804b5b95c
Instruction Fuzzy Hash: 44510975E007189FCB64DFA8D880AAEBBF6FF48310F144529E91AE7351EB359845CB50

Function 03EDB9E8 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567321802f7b6053aa6334da6108dd06bf44a93582b6ba797386de76374a0400
Instruction ID: bad764576ff58865cc132a03820cdb186f976d4878c07b31504391d3a2a711bd
Opcode Fuzzy Hash: 567321802f7b6053aa6334da6108dd06bf44a93582b6ba797386de76374a0400
Instruction Fuzzy Hash: DC515730E4110B9FCF04CFA8D5819EEBBB2AF89300F649666D005BB358D7389A42CF91

Function 03E783B8 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ad82970853350e37d92d63650c302c39c12df3834f50ee2a9ac1a23ffca9d6
Instruction ID: 09367e699d19fbd7f348eb2dc7b4bff75d468ecacdb603f7aa96c6375b92d838
Opcode Fuzzy Hash: 79ad82970853350e37d92d63650c302c39c12df3834f50ee2a9ac1a23ffca9d6
Instruction Fuzzy Hash: C641A074A00205DFCB28DF68E55AAAEB7F6FF94305B184669D406E7250EF71D840CB91

Function 072C2979 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd51285bc32b7184d1973ce2627ed68ad27e40479d4f405e3979ca5ca1044d14
Instruction ID: 6b64844bf56330ce7ae469ef7378daa3e75a53d0a6a0ffccb322495ada86da5c
Opcode Fuzzy Hash: fd51285bc32b7184d1973ce2627ed68ad27e40479d4f405e3979ca5ca1044d14
Instruction Fuzzy Hash: 595149B0A10216CFCB24EF64C884B99BBB2FF59304F1541ADD509AB262CB74AD85CF51

Function 03E77DF8 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fda661699b8d33722ff58b716736a5aaadb23621a5d5a27f77b2adb14d707d3b
Instruction ID: 530f774eb65f44651b5b249a81b7aa2ccb03c34619c7aad45b484334ac97deff
Opcode Fuzzy Hash: fda661699b8d33722ff58b716736a5aaadb23621a5d5a27f77b2adb14d707d3b
Instruction Fuzzy Hash: 2C518535E10609DFCB00EFA8D8848EDF7B5FF89304F10865AE505AB325EB71A959CB91

Function 03ED5CE0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec670f9242da12439f916db0a603cb66b3721425380bc9dbc18e1551f085405d
Instruction ID: 2724607904f2788213495c6db6827ce648864a901cb1e7bee284a76fe4669427
Opcode Fuzzy Hash: ec670f9242da12439f916db0a603cb66b3721425380bc9dbc18e1551f085405d
Instruction Fuzzy Hash: 6541BB31A00205CFDB20DF59C5487AEBBF5FF89718F1846A9D405E72E4C7789A82CBA0

Function 03E74838 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c0bf75c94dd8f4e7fce9011a1288b197363a9e55281878acf5c63b96a9ff79e
Instruction ID: 443ddd088c2b1af145b097dcd633bb7bef9a5e3f84eac4fe6a7ce12a5e2bb93d
Opcode Fuzzy Hash: 6c0bf75c94dd8f4e7fce9011a1288b197363a9e55281878acf5c63b96a9ff79e
Instruction Fuzzy Hash: DC416335A042498FDB54EBAAC850AEDBBF5EF49314F08A269D505B7390DB31DD41CF60

Function 03ED73B4 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b9a8dbf0520822ba14cd102add444cdc156de97527d626e6060266c1b07b2e9
Instruction ID: b1632ce3857d42ab4f8d37fc8734e29b68ba6c33f67fdff286a8504348badd11
Opcode Fuzzy Hash: 9b9a8dbf0520822ba14cd102add444cdc156de97527d626e6060266c1b07b2e9
Instruction Fuzzy Hash: 41414A30E4110B9FCF04CFA9D5819EEBBB6EF89300F559666D015BB358D738AA428F91

Function 03E77BE0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14d2362b9229fac9ed2e937fc2b718558a6429dfda867385a276e1a5bc4b07b1
Instruction ID: 0c63db060a4fe63e50c44855658501256c889f7f08a49ab5745672a4cc43e024
Opcode Fuzzy Hash: 14d2362b9229fac9ed2e937fc2b718558a6429dfda867385a276e1a5bc4b07b1
Instruction Fuzzy Hash: EF413B35A0060ACFCB10DFA8C8905BDFBB5FF89354B1496A9D506EB315EB34E985CB90

Function 072C71F8 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d8d574f4532c46334fc5fd5ad42d1de8d5e18f7b1040223d9334a6d911053d
Instruction ID: 97a5374de692cfd27e4219edb3a6fbcca7836852289cbc20b54a11cd0802160d
Opcode Fuzzy Hash: b2d8d574f4532c46334fc5fd5ad42d1de8d5e18f7b1040223d9334a6d911053d
Instruction Fuzzy Hash: 52414AB1B2052797CB06BB7984101BE76E7EFF4700B64822ED502A7380DF34DE014B96

Function 0D5D1B82 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe4eb60863c689d21a19a65dfb27d762ca80917130d7916d89510ad8f6943800
Instruction ID: f98a12a8d6ce5df3db91e2bcfd793ac840b1c148b13dc87dbed7dc25f02f7fa0
Opcode Fuzzy Hash: fe4eb60863c689d21a19a65dfb27d762ca80917130d7916d89510ad8f6943800
Instruction Fuzzy Hash: A251C235D0066ACFDB219FA4C894A98FB71FF88300F11C6CAE55977265EB30AA95CF50

Function 03E75DA0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1c50f796f25015c8ee34c0c89ecb53cb53a68c42a5f300c23a5de12f6a181dc
Instruction ID: d48aaa76771baa0aba6a90a0b50993fa680534cacd0598c1d9557c73afb0dd58
Opcode Fuzzy Hash: d1c50f796f25015c8ee34c0c89ecb53cb53a68c42a5f300c23a5de12f6a181dc
Instruction Fuzzy Hash: AB41C370E049169FCB42EF69C8596EABBF1FB44348F542A25D502FB298FA34C9118E90

Function 072C782C Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f6a087c009a6ee4bc6b92bf4beb12ea11c7162d04783d2cd7b40549f3eae082
Instruction ID: 20efe74e8e73d383287362d32c170deead3228893512dcf1d58efe83d2de2a73
Opcode Fuzzy Hash: 5f6a087c009a6ee4bc6b92bf4beb12ea11c7162d04783d2cd7b40549f3eae082
Instruction Fuzzy Hash: A441EBB4A20306DBDB44EBA4CA51BADB7B6EF95300F204269D509AB394DF31EE41CF51

Function 03EDBA4F Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3298475b01db24ef48f1a001d8406ba4678415c2faa140ecf00021342affc473
Instruction ID: 5301979c5c26b1fa596bcec732a5e17d258a016c61affcc1b284d39c578450e5
Opcode Fuzzy Hash: 3298475b01db24ef48f1a001d8406ba4678415c2faa140ecf00021342affc473
Instruction Fuzzy Hash: CB412930E4110B9FCF04CFA9D5819EEBBB6AF89300F649666D415BB354D738AA42CF91

Function 03ED0C88 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce9635486e45d9e47660b872d0f81776f1d6686b1629fb6c55aa3aca9ee1e1e7
Instruction ID: 3129fbdac5f5e778fda7a2031b5cf85402a32088a9c7f1ef25e450a4fd79558f
Opcode Fuzzy Hash: ce9635486e45d9e47660b872d0f81776f1d6686b1629fb6c55aa3aca9ee1e1e7
Instruction Fuzzy Hash: F831A761B04215DFDB70EA59CD417BF61AADBC4314F2C523B9405D7285DA7ACE8383E2

Function 03E763E0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ee83466f30ce67dc1c748d0d2b96013d4af3e14b6e57220131132251bb2517
Instruction ID: c0312ab61f7088e14801a67b44e1308c0e4def79874af8e636c18a3b48aa3353
Opcode Fuzzy Hash: 99ee83466f30ce67dc1c748d0d2b96013d4af3e14b6e57220131132251bb2517
Instruction Fuzzy Hash: E341F570E04A169FCB02FF65C8496EABBF1FF44248F542665D946BB298FB3489118F90

Function 03E7CBA1 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c518c64e2b1243018ed879e6801cd21f40424baef08818c2e533a66b3baff663
Instruction ID: 9bd958036a41b3cd7b82ee3c47997980a86f91fb39a0b698c4488766eaf4fc8f
Opcode Fuzzy Hash: c518c64e2b1243018ed879e6801cd21f40424baef08818c2e533a66b3baff663
Instruction Fuzzy Hash: 15418E34A006099FDB04DFA8D450AADBBF6AF89314F299269E401FB3A0DB70ED41CB50

Function 03E71990 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff82bdeb82978a2457baf29d1c07bd59d85dae6e220495a2b6e6945d3c88a2b8
Instruction ID: 4cb52a896786f57910e10f5ac1cf2a071476c4919160bd7a4746573af5c6ebf4
Opcode Fuzzy Hash: ff82bdeb82978a2457baf29d1c07bd59d85dae6e220495a2b6e6945d3c88a2b8
Instruction Fuzzy Hash: 9C416274A002498FDB44EFA9C950BEDBBB5FF48314F08A269D546BB394DB309841CF61

Function 03E7A5C8 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f38fbda6fbbce7be136db88a5fc3e55109cc2b0a68f3d74ab0540b88f848346
Instruction ID: ae235b958aead03d3f3ad4441e40afc0043f2b88fae4c2e62f8f90da57ef68af
Opcode Fuzzy Hash: 3f38fbda6fbbce7be136db88a5fc3e55109cc2b0a68f3d74ab0540b88f848346
Instruction Fuzzy Hash: 8C415F34A106089FDB04DFA8D850AADBBF6EF89714F259669E501FB3A0DB70ED41CB50

Function 072C2920 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ead43e25ffd47b102b98a63a0e8eb7177941a3e0a571f6c486b29f3e375cdb
Instruction ID: 863d925f68c06d0b54ee2092382ecdf083d12bf9ee8f27cdfbdf5a91065b8215
Opcode Fuzzy Hash: 61ead43e25ffd47b102b98a63a0e8eb7177941a3e0a571f6c486b29f3e375cdb
Instruction Fuzzy Hash: 4341AEB0A20255DFDB15DF69C964AAEBBF1FF98304F1141A9E401EB3A0CB71D840CB51

Function 03ED09A0 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caae38002629ef10122ae66928a3854e8df7749ebcd8969c336e3e81ea06013b
Instruction ID: 2c6bd2a2a5af8786c2dab5841bba7a4483ff67a2c2f54773224812469cc8a53f
Opcode Fuzzy Hash: caae38002629ef10122ae66928a3854e8df7749ebcd8969c336e3e81ea06013b
Instruction Fuzzy Hash: B9510630A003098FDB14DFA9C454A9DBBF2BF84318F189669D50AEB365EB74AC46CF41

Function 03ED4508 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36a57b8c3049f1da95598ac1bbb34d1196eb7cf9d4a48f92e4b72291d72e8ca
Instruction ID: 20ab360e54757d6d8c3e193e7f4fe0505f535db89af25b2b5190e206063ee109
Opcode Fuzzy Hash: f36a57b8c3049f1da95598ac1bbb34d1196eb7cf9d4a48f92e4b72291d72e8ca
Instruction Fuzzy Hash: 07417C39B10108CFDB04DB69D9917AAB7B6AB8C204F149175D42AEB3D4DE35EC42CF91

Function 072C40E8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ffc4cc4e728e3134a9b7c1a6efee2511bd244e3b9ffb580c4b51fa949a1b66
Instruction ID: a9c4e5b4c65b9dfe8e709bcce03685ed9f34033e3fd9421ce1619b7b9228b80e
Opcode Fuzzy Hash: 61ffc4cc4e728e3134a9b7c1a6efee2511bd244e3b9ffb580c4b51fa949a1b66
Instruction Fuzzy Hash: 6341BFB4A20256DFDB19DF64C8A4AAE7BF1FF58300F1142ACE401AB3A1CB71D841CB51

Function 0D5D2E64 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0d9dbcd214e702a3b56940c19ae663974f5c48273759db4e25937c474e21052
Instruction ID: e6d9763a8cbe32092b936027637a784ea4e0d9e4b82ce59aa8e87d2c11457d14
Opcode Fuzzy Hash: f0d9dbcd214e702a3b56940c19ae663974f5c48273759db4e25937c474e21052
Instruction Fuzzy Hash: E6413B75E10109EFCB58CF98E884AAEF7B6FB88310F11846AEA15E7360DB319D018B50

Function 03ED44FF Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78a6789fd290b89ec536124329716d9f09c751b6605ea4743a2bc503df4a5c35
Instruction ID: af45de046da83f9edba3c0c904e93142ba25dcf94c352e020db6dfffc80ea813
Opcode Fuzzy Hash: 78a6789fd290b89ec536124329716d9f09c751b6605ea4743a2bc503df4a5c35
Instruction Fuzzy Hash: 45416B39B10108CFDB04DF69D892AAAB7B6AB8C204F145165D42AEB3D4DE35AC42CF91

Function 072CC0BC Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc7a11dbea9841a4839b72cf351f8bde8788dd2b4014dc7b9530205050cdb83f
Instruction ID: 30f34fd876b9a8de5b46195db13a5b20c97820b55bcbd9034e2467b5f9de7282
Opcode Fuzzy Hash: dc7a11dbea9841a4839b72cf351f8bde8788dd2b4014dc7b9530205050cdb83f
Instruction Fuzzy Hash: 0741E3B0B24501DBC304EFB9E549259BA92FBD4300F84867AD00ACF768CF74E8568F85

Function 072CD479 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: accab15db49c2da3bf6af175fcc1553fd696280c3da227a10f59e563210025ef
Instruction ID: e1229b70d0e7a4df67bae368b0d78ae083d5d588df875b3a3c092706b8d85b85
Opcode Fuzzy Hash: accab15db49c2da3bf6af175fcc1553fd696280c3da227a10f59e563210025ef
Instruction Fuzzy Hash: 7C4159B9D002599FCB10CFA9D584ADEFBF1BB59310F24902AE918BB310D335A945CF65

Function 0D5D4E66 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19e0eaad9fc30d8eb5aaa669afbc38bdbbdae7cf12724efb38c3e5f0250266ff
Instruction ID: 1a431550598c2bf9feebb2a358e73b51bec0ee69ebbeeadffffc821fe64f2750
Opcode Fuzzy Hash: 19e0eaad9fc30d8eb5aaa669afbc38bdbbdae7cf12724efb38c3e5f0250266ff
Instruction Fuzzy Hash: 01415B75E10109EFCB58CF98E884AADFBB6FB88300F11846AE910A7360DB319D01CB50

Function 072CC104 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13da9886d04642ff8a11b0935a7c1faa1130117add9b644e52ef57b4ff574ea6
Instruction ID: 4a00a49981da96083eeff497dc683e6ea6d7fcdb06eda52db8e2e69fcf888c36
Opcode Fuzzy Hash: 13da9886d04642ff8a11b0935a7c1faa1130117add9b644e52ef57b4ff574ea6
Instruction Fuzzy Hash: A34179B9E102589FCB10CFA9D584ADEFBF1AB19310F20902AE918BB310D375A945CF64

Function 03ED0FF0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44c77c301435ed12efac7a3cfe9255de8f823abcb9604913034c3ae6a08b7c1e
Instruction ID: 2cca8b9914b43d616f2dc35c496697cd6bd01f84ce9db24535fb4a4478bfcbe5
Opcode Fuzzy Hash: 44c77c301435ed12efac7a3cfe9255de8f823abcb9604913034c3ae6a08b7c1e
Instruction Fuzzy Hash: AF316F31E0020A8FCF14DF69D8416BEF7B5EF88314F04966AD619E3241E730A986CB90

Function 03ED0A5B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5a2e15eb4aa2c44cc8f665e948fc8c8dac5ef3f8c3b681bad69dc7aff95a85a
Instruction ID: 1e64072bd2b921e5c3158dfb5f7c956db9052b34a24c1453a3bdb4b58e7d5e96
Opcode Fuzzy Hash: b5a2e15eb4aa2c44cc8f665e948fc8c8dac5ef3f8c3b681bad69dc7aff95a85a
Instruction Fuzzy Hash: 6C411730A007098FCB14DFA9C454A9DBBF2BF85318F189669D50AEB365EB74AC46CF41

Function 03E7FCE8 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10800c557a01625e3f87e995e8bc4373bd2f69c85161c5dc9a2a69ac5bed1391
Instruction ID: 253a8dc9d10edbfe8eab7c4eeaf9bce8f2bf1de4d8f0f05acff91b298e132eac
Opcode Fuzzy Hash: 10800c557a01625e3f87e995e8bc4373bd2f69c85161c5dc9a2a69ac5bed1391
Instruction Fuzzy Hash: 34413A75900659DFCB14CF98C448BDABBF4FF48314F148599D619AB361D734A841CFA0

Function 03E72CC0 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cc2d3eb5f0f12755c64cd9b3d8f1b7be73f76cfaf7b7d311eafaffad3f2528b
Instruction ID: f5a42b6a05a86892834ed2721ef03b909196a7abf1e62a46e1345758b8de46b3
Opcode Fuzzy Hash: 6cc2d3eb5f0f12755c64cd9b3d8f1b7be73f76cfaf7b7d311eafaffad3f2528b
Instruction Fuzzy Hash: 7C318B30B04154AFC706BB65D4142DABFF6EB82350F255D9AD3429F285EE30CD128BD5

Function 03E70B44 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47b3994ba8499430f95145efdf4763baab48fd3e0bce60ffb033d2352d04e249
Instruction ID: 55f9c7d4dbe8fc1319d20e5237963d96b8c5d45ebb88ee0f3a6221a9ca7e2c28
Opcode Fuzzy Hash: 47b3994ba8499430f95145efdf4763baab48fd3e0bce60ffb033d2352d04e249
Instruction Fuzzy Hash: 2A41EEB4D00248DFDB10DFA9C984BDEFBB6EF48304F24942AE415AB2A4CB759946CF54

Function 03E75B20 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b8acca2abf5c5c4bd704be002befc941e126e85b024e6a72f3a137f55f2c28e
Instruction ID: f012a64956920509b6d613e7d192d7a454a07788cc2fbbd47ef11befb0ff6b83
Opcode Fuzzy Hash: 0b8acca2abf5c5c4bd704be002befc941e126e85b024e6a72f3a137f55f2c28e
Instruction Fuzzy Hash: FF413370A05218DFEB21DFA5D9989ADFFB2FF48300F264658D441BB296CB3198A1CF40

Function 0D5D2CEC Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e83322de7eefa1e2808fbf6b127db83f0d01992e2c9031ec0ab2cbc8f9f4853
Instruction ID: 2a64a38673e9b624c70fe841103f411a2a210a8a3f0e742879199e5847e5fc4f
Opcode Fuzzy Hash: 3e83322de7eefa1e2808fbf6b127db83f0d01992e2c9031ec0ab2cbc8f9f4853
Instruction Fuzzy Hash: 5E4178B9D012589FCB10CFA9D584ADEBBF5BB09310F24942AE819BB310D335A945CFA5

Function 03ED46D8 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d333e5ca1dc30be59c45c5e130fe4581a891e3c8c6099031dd3a044e9bf41edc
Instruction ID: eaea21b2224d9ee95a4e1d53eab2254870bdfdc589d6ec75f2c522c365621782
Opcode Fuzzy Hash: d333e5ca1dc30be59c45c5e130fe4581a891e3c8c6099031dd3a044e9bf41edc
Instruction Fuzzy Hash: 0E319039B101119FDB08EB36A9557AE77A3ABC9251F188225E90AC77C4EF349D12CB81

Function 03E78150 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42025afa47c50478d68f5e03182d67acfc01a66b3f33606bb01820b6d32c38f4
Instruction ID: 611ceaf2f1a91aee711497262dcc2bc34138e30fd6cc57870edbd57ba0fa85eb
Opcode Fuzzy Hash: 42025afa47c50478d68f5e03182d67acfc01a66b3f33606bb01820b6d32c38f4
Instruction Fuzzy Hash: 65318D71A00618DFCF14EFA9D8499ADBBB6FF98310F14826AE501A7364DB319C45CF90

Function 072C1A70 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdb067b7be9d3c7d497a333bedcb98037f7904aa63531dee54565706c06fa217
Instruction ID: dcbd843915fb2de6144ba93579380d478aa28b43dc6ce17dbde4cb1b364a2e7c
Opcode Fuzzy Hash: bdb067b7be9d3c7d497a333bedcb98037f7904aa63531dee54565706c06fa217
Instruction Fuzzy Hash: 3C3163F0320B068F9B74EF39C95263A72F6AF90251B180B2DD466CB791EB64E815CB51

Function 03E70B50 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fde0405812a7e2f7a30b1422760e2b2d56359d8533fc1443e6cadd931a77ec46
Instruction ID: 9b457cbb9041ccc1a228873974d4183a4c8f0171fda335b55ee8c4de2f7a72ed
Opcode Fuzzy Hash: fde0405812a7e2f7a30b1422760e2b2d56359d8533fc1443e6cadd931a77ec46
Instruction Fuzzy Hash: 4841DCB4D002489FDB14DFE9C984BDEFBB5AB48304F20902AE415AB294CB759985CF54

Function 072CB1D1 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5f28258ba2b82bcf9225bf62eab6898d2d2fe1d2f9c9cd955657adaf75a11c
Instruction ID: 35a3a1456b5e8cc77c56398aa3179706920b9868f82e7a6f6e81766337d854bd
Opcode Fuzzy Hash: 2d5f28258ba2b82bcf9225bf62eab6898d2d2fe1d2f9c9cd955657adaf75a11c
Instruction Fuzzy Hash: 7A2106B29093E55FC703EB7C5CA14EF7FB6DE86160305429BD094CB2A2DA348D08C3A6

Function 072C0ABB Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fada259df99f27c6068b95a72b774104056e022a9e036b444c784cd8fb22418b
Instruction ID: 344d1924fa17a226a000f79c3bf17189164248b342ea93e93375007188dec14c
Opcode Fuzzy Hash: fada259df99f27c6068b95a72b774104056e022a9e036b444c784cd8fb22418b
Instruction Fuzzy Hash: 584197B4D00259DFCB10CFAAD884ADEFBF1BB59314F14902AE818B7220D374A945CF54

Function 072C0544 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 833d8f31e0e78c85191952feb9b8af2678d7cef42fa01562a6ea3b2be9356b18
Instruction ID: 42b98c6f17515ab5a541becce2eeac5ca4c1bc6358061f6541990bacd09d5e91
Opcode Fuzzy Hash: 833d8f31e0e78c85191952feb9b8af2678d7cef42fa01562a6ea3b2be9356b18
Instruction Fuzzy Hash: 304199B4D10259DFCB20CFAAD884A9EFBF1BB49314F14902AE814B7320D375A945CF58

Function 03ED46E8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a58ceaf5416c086235fd753a689b17cb5b2f40834d1013a90be0565cc76444e
Instruction ID: 0766af2350e21f26f1cedfa2714bbc23dd38a27abaa9d3dd3c4a907f4be9ffe3
Opcode Fuzzy Hash: 4a58ceaf5416c086235fd753a689b17cb5b2f40834d1013a90be0565cc76444e
Instruction Fuzzy Hash: 7531813DB101119BDB08DB2AA81476E7BA7ABC9251F188225E50AC77C4DF309D52CB81

Function 072CF108 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8a627f73dc6f1d26c14dca0fc5e3abe98411f0143ec19ed48c12c71c4d8300b
Instruction ID: 8d53f5faf6a5f3eaac06e8d1ffe36d6a11846bbef5b42a6e9edd0cdefbe8311c
Opcode Fuzzy Hash: c8a627f73dc6f1d26c14dca0fc5e3abe98411f0143ec19ed48c12c71c4d8300b
Instruction Fuzzy Hash: 694198B5D102599FCB10CFAAD584A9EFBF5BB09310F24802AE818BB324D374A945CF95

Function 0D5D5F5A Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bbff2920429971009e12ab0efcf5af2b9359ae26ebedf7a6d67bc38a0a16912
Instruction ID: 58d79eeeada9d2cd770fca838214760ebda384799cb1b4f82099d47556f1c44b
Opcode Fuzzy Hash: 7bbff2920429971009e12ab0efcf5af2b9359ae26ebedf7a6d67bc38a0a16912
Instruction Fuzzy Hash: 00312AB2E00209AFCF55DFA8D8408EEBBF6FF8D310B14412AF914A7210D7319911DBA0

Function 072CED88 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ac859f3acbcab22e4dd875264b324e2f382eb7946312b65642b55d631b6d2eb
Instruction ID: 1dd6385df1ea8fb95b6ae3e1889d493eb28200230b708691e255bd8e194a2282
Opcode Fuzzy Hash: 7ac859f3acbcab22e4dd875264b324e2f382eb7946312b65642b55d631b6d2eb
Instruction Fuzzy Hash: 6031E2B5F24500DFD704CB68D945BAEBBE9FB89300F05816AE509DB3A1E774ED018B91

Function 072C0CA0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1c6d3815ac0b84f25c5671d4a2efd52a02a22a9573ddbb3b88dbb666b8b153f
Instruction ID: 88c895ab8a29d02d00f470e2b8c535355d4a3049b43808df55e8f2a25ea729d7
Opcode Fuzzy Hash: b1c6d3815ac0b84f25c5671d4a2efd52a02a22a9573ddbb3b88dbb666b8b153f
Instruction Fuzzy Hash: 14319E75614616CFCB20CF08C8809AAB7BAFF95710B1AC7A9D4168B28AD330FD45CBD4

Function 072C1A60 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5f16f876390a9fe2b6f2d7b51b105ea27ee8e90db8c984a139da67f79208ceb
Instruction ID: 56c73e15138809a4b1bf7c4e06137a9c52d24c4e46d35f566d0abc185a731538
Opcode Fuzzy Hash: c5f16f876390a9fe2b6f2d7b51b105ea27ee8e90db8c984a139da67f79208ceb
Instruction Fuzzy Hash: 79218FF032170B8FAB75EE35895263A76E6AFD1281B18072DD852CB252FB60D811CB91

Function 0D5D7214 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0afbe8dde94fbcc27c858fde95cdd5dec568503b2b20f59cd170b6cc25e1a160
Instruction ID: 392522aabc7ed1e1fcc805d3f6d005797e6463459a09afcea1123e30c1dce331
Opcode Fuzzy Hash: 0afbe8dde94fbcc27c858fde95cdd5dec568503b2b20f59cd170b6cc25e1a160
Instruction Fuzzy Hash: 773177B9D002589FCB20CFA9D984A9EFBF4BB09310F10942AE815BB310D375A945CF65

Function 0D5D7EF0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f805aef95dfb3c571ccc27f6d00bc54ce64b338dbd4441e3b75a83083f427a60
Instruction ID: 397a544f8290c74851e8b1e43cb0c28a3a1fe085757d2a11c7c88c884911efb7
Opcode Fuzzy Hash: f805aef95dfb3c571ccc27f6d00bc54ce64b338dbd4441e3b75a83083f427a60
Instruction Fuzzy Hash: E73174B8D00258DFCB20CFA9D984A9EFBF4BB09310F14942AE819B7310D335A945CFA5

Function 03ED2710 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3aeefdaa12b89c1c38d2bcac09dfa96d9c4e149ca445359905e2dba3ac65bf6
Instruction ID: 6c6193c6f0fe1b0c1f3755e12c8493abcd829d7baa74dc1cbbd7d79d5d9ab188
Opcode Fuzzy Hash: a3aeefdaa12b89c1c38d2bcac09dfa96d9c4e149ca445359905e2dba3ac65bf6
Instruction Fuzzy Hash: 6E31C230700204CFCB24DF68C850A6EB7FAEF88214B285AA9D605CF365DB31DC06CB61

Function 03ED1580 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0b3ceee47f43dcf36b5150e9e02a65727352ab6d539450e1eb556c307b3ccce
Instruction ID: 6c162bdc42e729592b2cc79993fcb0044c03288f636eb3c634b5d00e479674ae
Opcode Fuzzy Hash: b0b3ceee47f43dcf36b5150e9e02a65727352ab6d539450e1eb556c307b3ccce
Instruction Fuzzy Hash: 4D31FEB9E002189FCF50DFA9E880ADEFBF1AB48310F14906AE814B7310D775A945CFA5

Function 03E75860 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8cb08e004b50341efe66398060bd2f7c3a84dff3c2300d2b408ebd202859529
Instruction ID: 046c1a7412a6bf81c944ba154c2f4adfd12c000f0e8b1e10640de961d7b5e278
Opcode Fuzzy Hash: f8cb08e004b50341efe66398060bd2f7c3a84dff3c2300d2b408ebd202859529
Instruction Fuzzy Hash: C6315E35A002088FDB14DFA8C944AEDB7F1EF4A314F1446AAD515EB3A1DB359E40CF50

Function 03ED2708 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08680765f5f0e54ad6544724d23fac8f609457af51003b79a464ef31856a34a6
Instruction ID: aae480de9877959ee9136c73549a3d2edda6c45a910198cf88247e53e7a163e1
Opcode Fuzzy Hash: 08680765f5f0e54ad6544724d23fac8f609457af51003b79a464ef31856a34a6
Instruction Fuzzy Hash: CE31A034700201CFCB25DF68C890A6EB7B6EF89215B685AADD605CF365DB31DD06CB60

Function 03E79FF9 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03ea9694d2ebcc0db128f93afc15b8420447e5e372fa9ffa5f823a566ef7dc52
Instruction ID: 9ff3dab7c276b74a39d2406f83469802e454899fbf153946e26793821050df59
Opcode Fuzzy Hash: 03ea9694d2ebcc0db128f93afc15b8420447e5e372fa9ffa5f823a566ef7dc52
Instruction Fuzzy Hash: 0B31BE71A01204AFDB14EF69C854BAEBBF6EF88300F14892DE505AB391DB75DD40CB50

Function 072C6210 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe6029b2dbf0873250b299e836d5446e7929b76fd757aec46e5483bfa9ae1ab
Instruction ID: 6127304d00b8f103a960c78e005e9f87db6585eb906014eecf6480c48b67097f
Opcode Fuzzy Hash: bbe6029b2dbf0873250b299e836d5446e7929b76fd757aec46e5483bfa9ae1ab
Instruction Fuzzy Hash: 98317AB0714626CFC720EF2AD4848AABBF6FF98611751456EE946CB721CB31EC41CB52

Function 072CED98 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a673e339d72787c97e895054497a125cca5866b9421926e283020ee768ef74c
Instruction ID: 101d8ec84b4c0fffb0d05180cf81b9b6311cb71d8f23f107f4da568ec9651966
Opcode Fuzzy Hash: 3a673e339d72787c97e895054497a125cca5866b9421926e283020ee768ef74c
Instruction Fuzzy Hash: C831C1B5F20501DBDB04CB68D945BAEFBEAFB99300F05816AE509DB3A0D774ED018B81

Function 03E76288 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ec9f139a7bba7a475fa782d089f3075d4bce09b1e9f80d849e89594d521baec
Instruction ID: 8406836cebc04aed70034f137dd62a65c116598c35616e86202a4f7829e0b0a7
Opcode Fuzzy Hash: 9ec9f139a7bba7a475fa782d089f3075d4bce09b1e9f80d849e89594d521baec
Instruction Fuzzy Hash: 7E31B230914708CFCB01EF68C954ADEBBB2FF8A300F44866DD4556B260EF35A948CBA1

Function 072C2268 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847694427c9b34b79546c79db708bd2ce3cf0776405fa57cf001d49e969e453f
Instruction ID: 0581dd533a72512b5e35be2d97d7890f4b76ed9dbd97f57bc50eaca75ff1b077
Opcode Fuzzy Hash: 847694427c9b34b79546c79db708bd2ce3cf0776405fa57cf001d49e969e453f
Instruction Fuzzy Hash: 802104B1B106069FEB14EAB590143AFBAD2FB81310F44492CC25A9B685EF7488458BE7

Function 072C50CC Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff7c0f638cf528ff7c719793d98dcdce61f50203253380a55300aeab9aa2ba23
Instruction ID: 04d59128361b90f1cc6bf22d61489b8215e40584e794bd39d04120c51fa81b03
Opcode Fuzzy Hash: ff7c0f638cf528ff7c719793d98dcdce61f50203253380a55300aeab9aa2ba23
Instruction Fuzzy Hash: 18316570720A22CFC720EF1AD48496AB7F6FF88711B51452EE946CB721CB32EC418B52

Function 0D5D3040 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f4976202099a66c8fd77d2002bde408745c2abbeb74b608efb042e227e8514
Instruction ID: d19bf3b7c11447fb1bacec43be8ca899283e82d842affcbbdd9430bbef212dbb
Opcode Fuzzy Hash: b0f4976202099a66c8fd77d2002bde408745c2abbeb74b608efb042e227e8514
Instruction Fuzzy Hash: D53177B9D012589FCB20CFA9D584A9EFBF4BB48310F20942AE818B7314D375A945CFA4

Function 072CB5C3 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccca8fbff57e438f13daecb7f76de2bc982584a690ccf361fdbdd2f35090dc53
Instruction ID: ca027bc2479eaccf0db3c8a7f1c95ef6adee71301025ff430f963522b047cb6f
Opcode Fuzzy Hash: ccca8fbff57e438f13daecb7f76de2bc982584a690ccf361fdbdd2f35090dc53
Instruction Fuzzy Hash: 5F21F2B5A002018FC710DF78D8044EABBE2EF84301B1489AED10ADB761EB75DC098F91

Function 03E78387 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceed29b7765cff67cb80d5e9ca0fda671f03159b3782706cc964d9248cd2984d
Instruction ID: 9867796cb79dc548f76032f2f5aed4dbcc3cb62a130ed18fad393fee75013ec0
Opcode Fuzzy Hash: ceed29b7765cff67cb80d5e9ca0fda671f03159b3782706cc964d9248cd2984d
Instruction Fuzzy Hash: 8131E270A05201DFCB24CF74E95EBAEBBF6BFA4304F185269D402DB251EB709901CB91

Function 03E73361 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 914a561f874cf8a05fa835860c8c05a8ea7f7cf782223a243abbfd238982706b
Instruction ID: d33a0f74ff48511544cc406b0a38d571a48e6c1624481fa5cbb1946f34891719
Opcode Fuzzy Hash: 914a561f874cf8a05fa835860c8c05a8ea7f7cf782223a243abbfd238982706b
Instruction Fuzzy Hash: 1B210B777106008FEB34CA25D88157EB7FAEBC4314F284169D14693754DA34ED41D7A1

Function 072C0CB0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b09656ebb576d63fde5f75fba1766274871eafbd0dc4e9f8d2d26ebcca63fa4
Instruction ID: 118830ea468fd9fa8de409d8389ff6801b2b869295edd13adf39590194c77eca
Opcode Fuzzy Hash: 5b09656ebb576d63fde5f75fba1766274871eafbd0dc4e9f8d2d26ebcca63fa4
Instruction Fuzzy Hash: A2319E31610616CFC724CF08C8809AAB7BAFF94710F1ACA69D4169B289D730FD45CBD4

Function 072C5F40 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d04b7b127dc3c8699e086b2ec6e753776c3edf5f9ed92e21173ce0106298ab87
Instruction ID: d746f0dba84ebbcaf6f6ec84011a06d1fac98b18478852021740c9d7c3cf0d6d
Opcode Fuzzy Hash: d04b7b127dc3c8699e086b2ec6e753776c3edf5f9ed92e21173ce0106298ab87
Instruction Fuzzy Hash: 8F316FB1E1024A9FCB10DFA9C8409EFBBB9FF89200B248619E414F3200D734A955CBA1

Function 0D5D6950 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c52b0a55aa9c5361b7d35012a4b313c5ed2fc269d69d5acbf2d719cb9b50f663
Instruction ID: cfc5a5c5844a23029edf303f33d13faeb1fdc79f64430dba0297bc75cfe2a233
Opcode Fuzzy Hash: c52b0a55aa9c5361b7d35012a4b313c5ed2fc269d69d5acbf2d719cb9b50f663
Instruction Fuzzy Hash: D53167B9D012589FCB10CFA9D584A9EBBF4BB48310F24942AE818B7314D335A985CF64

Function 03ED43D0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ea33a1ecf671d09739fff7cfe61efd9d9b96e46f45b7edb688be7d637887141
Instruction ID: 69ad4e31496c787d7e7ee62dea9536c9df694ea849f8c3a919bdf99bd474ddc4
Opcode Fuzzy Hash: 3ea33a1ecf671d09739fff7cfe61efd9d9b96e46f45b7edb688be7d637887141
Instruction Fuzzy Hash: C531ED3461010A8FCF05DF28D9C1A8E7BB5FF44314B109761E8199F2AEDB70E98ACB91

Function 03ED3AC0 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4cb6e2ada7136cadd5e4aa70537c2133c57be2d44e222442085c19331542bb3
Instruction ID: 4ac50b77427417dd15fa35315f946695ee36c73536b6305bf3d34c0c886b1539
Opcode Fuzzy Hash: d4cb6e2ada7136cadd5e4aa70537c2133c57be2d44e222442085c19331542bb3
Instruction Fuzzy Hash: 49210339B002049FEB14DF79E8147AE7BA6EB89314F1881BAD505DB3C0DB329C46C791

Function 03ED3ABF Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede51b7efcbdbe090d38c4e0a7ec4adf1dba84113cd3ef475e5521010bc74bec
Instruction ID: 2a343308df215c45d14a4670671cb76e41f9fb1bc7e14fd876e62ced9f79e255
Opcode Fuzzy Hash: ede51b7efcbdbe090d38c4e0a7ec4adf1dba84113cd3ef475e5521010bc74bec
Instruction Fuzzy Hash: B121F139B011049FEB14CF79E8557AE7BA2EB88314F1881BAD505DB3C0DB329C46CB91

Function 03E71A8C Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fa76bb172d76eee12199bc7a1ab88bd0de0e4dff52f128e40a8cfbeba42dfdf
Instruction ID: aaac6d4f579b4f02f91e08640f16abe4aa158754f088d42156c156397d4c3a5b
Opcode Fuzzy Hash: 1fa76bb172d76eee12199bc7a1ab88bd0de0e4dff52f128e40a8cfbeba42dfdf
Instruction Fuzzy Hash: F421AF31E04216DBCB15FB68C8C41EABBB1EF46240B546B7AC546A72C8FB31D9518B91

Function 03E77F79 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cdc5467ce78ccec5b6badc7e69799023e9a52e5560129d4d230aaa5e685f0df
Instruction ID: a7f51533f1c7598efce70c17fc659ee4590357854a1c16829389e5333c93e3f8
Opcode Fuzzy Hash: 8cdc5467ce78ccec5b6badc7e69799023e9a52e5560129d4d230aaa5e685f0df
Instruction Fuzzy Hash: A9318431A10649DFCB05EFA8C8548EDBBB5FF89300F018699E5057B235FB30A949CB91

Function 03ED875C Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5044b3cb80ba0a1122043c5aa0a84e9dd76083517719179aacd53139d04174a2
Instruction ID: 20de55b1c0c9c70ebccceba3d0747f2ab8c3714c87d67a6ab41abd67933f3dea
Opcode Fuzzy Hash: 5044b3cb80ba0a1122043c5aa0a84e9dd76083517719179aacd53139d04174a2
Instruction Fuzzy Hash: 88312A30A00209DFDB14DF98C985BEEBBF1AF48308F245569E405FB256CB759D42CB91

Function 072C4FBC Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 869e4e93864b6906f3323acff50811a01b026541355533092efd7f00892f8e67
Instruction ID: 9da6725689b599f5affdc1e8fda46ea93d16ede4d346ee913a321ec649e2cb97
Opcode Fuzzy Hash: 869e4e93864b6906f3323acff50811a01b026541355533092efd7f00892f8e67
Instruction Fuzzy Hash: 0E213EB5E1060A9F8B50EFA9CC409EFF7B9FF99200B244619E515B3200DB34A955CBA1

Function 072CB250 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87de75e1121660f7acdd83874c45bde65d2c393b5d38324b3eff0a917e01d4ac
Instruction ID: ba60082bcc0439b345336377879e55465d8bd6d73213137fd34222bc607fd513
Opcode Fuzzy Hash: 87de75e1121660f7acdd83874c45bde65d2c393b5d38324b3eff0a917e01d4ac
Instruction Fuzzy Hash: 7421DCB0A0034A8FCB16DB7998595BF7BB7EFC42607148A6AD425C7391EF348C058761

Function 072C7A50 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caf9714e388bc23c12d8040087d371b7964fdd31de8c2123badad886ac5d65ad
Instruction ID: cffcfae5cd88ae1f70b2f8d0dd7658fa0b273b3d0ae6b59e6da352f334bcddae
Opcode Fuzzy Hash: caf9714e388bc23c12d8040087d371b7964fdd31de8c2123badad886ac5d65ad
Instruction Fuzzy Hash: 992135B57202139BCB15EB75D9506AEBBEBEFE4300B24422ED50197340DF34DA058BA2

Function 0D5D8658 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bde1337e23f2034958a94a9b525462923f37ad8aebeb3541494342c888364341
Instruction ID: 4cf2d91b2e3c3e575c3aca49347e65d6fec636c141b68546b529c498eb1e8869
Opcode Fuzzy Hash: bde1337e23f2034958a94a9b525462923f37ad8aebeb3541494342c888364341
Instruction Fuzzy Hash: 17316435A01208EFDB68DF98E894E9DBB76FF88314F558565F9059B351CB31AC80CB50

Function 072CC0D4 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8afef489de62921b0ea76ee5e6a275f115bc1715d9035cb905bdc0a3e2524584
Instruction ID: 00133dff02f83651f20226992dd9482de590a062a1c7ea2130ee76acf77a8212
Opcode Fuzzy Hash: 8afef489de62921b0ea76ee5e6a275f115bc1715d9035cb905bdc0a3e2524584
Instruction Fuzzy Hash: B531B9B8E11219DFCB10CFA9D984A9EFBF4BB59310F10912AE804B7310D374A945CFA5

Function 072C3C2B Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3130c7d224a5eb47b525e8ae208cba36830ae83d0558d55329fffbc86775d304
Instruction ID: d2f92ef40c76b7879a6c4438e20fc57687f28dcd52cb0e88182335efc961397b
Opcode Fuzzy Hash: 3130c7d224a5eb47b525e8ae208cba36830ae83d0558d55329fffbc86775d304
Instruction Fuzzy Hash: C021ACB03106129FD718DB29D850B2E77E6FF88600F11866EE005CB3A1CB34ED428BA6

Function 0D5D8648 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2429a6e1fe06bbf5db5c384fe21d1eda76c80d96e83d89d32e8b02cce852e520
Instruction ID: d77dcaa1b05e52d71cb2631a75835fb8f8e4a241fcc869456b142b939a1383fc
Opcode Fuzzy Hash: 2429a6e1fe06bbf5db5c384fe21d1eda76c80d96e83d89d32e8b02cce852e520
Instruction Fuzzy Hash: 34319435A01208EFDB68DF68E884DADBBB6FF89314F158569F9059B351CB31AC41CB50

Function 03ED8A68 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ec5dd309c584dc2f32721a12440db7d30b96b7e832cdf98cc7b0658b4bd6ae6
Instruction ID: 61d81be6c5a822e65e4519dea4eabbecb09135cc35d62f46df22d500ce99a413
Opcode Fuzzy Hash: 7ec5dd309c584dc2f32721a12440db7d30b96b7e832cdf98cc7b0658b4bd6ae6
Instruction Fuzzy Hash: DB3187B9D052189FCB10CFA9D884ADEFBF0BB09320F20916AE829B7350D374A945CF54

Function 03E73370 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4123651329a8289c7decf002cbb37782a25b7df2ebb283a188b38c1c21aa4408
Instruction ID: c908395fbcd914c50a0bddf3a3c3a0a803d22445c544079d50674941237e664c
Opcode Fuzzy Hash: 4123651329a8289c7decf002cbb37782a25b7df2ebb283a188b38c1c21aa4408
Instruction Fuzzy Hash: 8521043A7106108FEB38CA25D88197EB7FAEBC4314F28816AD146D3764DA34ED80D7A1

Function 072CD741 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aaf7574f68fabae889bc1c6f40c444ac72ccb8b00b9a93a3e2a1b6cfed21afe
Instruction ID: 6e97a0c0e809e65b1080066d0275383abb32fb4a046f37ac176ca5b4da62ed94
Opcode Fuzzy Hash: 5aaf7574f68fabae889bc1c6f40c444ac72ccb8b00b9a93a3e2a1b6cfed21afe
Instruction Fuzzy Hash: 3D3198B9D112199FCB10CFA9D984A9EFBF4FB49310F10912AE804B7310D374A945CFA5

Function 03ED8A70 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbfc78e6f672e1966bb3445b59b6f720d64185bca8b9acd2488b1104a91c2c26
Instruction ID: d31deb053be29607bdfcfa9bc1c08ab6628771d461d58085a08f7ef261f27d10
Opcode Fuzzy Hash: bbfc78e6f672e1966bb3445b59b6f720d64185bca8b9acd2488b1104a91c2c26
Instruction Fuzzy Hash: B93166B9D052189FCB10CFA9D984ADEFBF4BB49314F20916AE818B7310D375A945CFA4

Function 072CC13C Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ec7c8fa0fee1893782acb95617bb606eae38bbbf815abe1216db7dd8f82d10
Instruction ID: 0a2d3de70cae961c8176c4016a7d7d0a9d6c6d8bf9b3f1fa83f00d26b0a731aa
Opcode Fuzzy Hash: 60ec7c8fa0fee1893782acb95617bb606eae38bbbf815abe1216db7dd8f82d10
Instruction Fuzzy Hash: 973197B8E112189FCB10CFA9D984A9EFBF4BB59310F10912AE804B7310D374A945CFA4

Function 072CC0F4 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97f82766646bb6eb6a7b5205ffd7c64bbb8eb4d21b23b24194b3a7d6d54347df
Instruction ID: bb0c0fa4e18ed5888fdf9bf5d53cb93354c60212383c33606e6d4193ff042c1f
Opcode Fuzzy Hash: 97f82766646bb6eb6a7b5205ffd7c64bbb8eb4d21b23b24194b3a7d6d54347df
Instruction Fuzzy Hash: AC213B32A14209AFCB05DB79EC014EEBB76EFC5310B40857BE505DB151DB30A905CBA1

Function 03E749D0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c83a10c49c407b7bdc49fc74a7c3d2081eb190c27f1814c1c1c9780d7ba19656
Instruction ID: 0bce168725f4c378a550a1a57f544b4f7a087215f4dc36ef9bf4b1edddab3a70
Opcode Fuzzy Hash: c83a10c49c407b7bdc49fc74a7c3d2081eb190c27f1814c1c1c9780d7ba19656
Instruction Fuzzy Hash: A621F135A002058BDB04DF6DD8806AAFBF6EF88310B249565D404AB285EB31E944CBE0

Function 03E725A1 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14ba3c841755a182ca8ee94c3855bcac9a646498ae7ed88f6beef3504ae57d65
Instruction ID: f6bbb57a6ddc93ba3c134dd5bb95fa53ceabc012f97888682c36cc963940ef85
Opcode Fuzzy Hash: 14ba3c841755a182ca8ee94c3855bcac9a646498ae7ed88f6beef3504ae57d65
Instruction Fuzzy Hash: 523144B4D0220AEFCF54CFA8D9445AEBBF1AF46310F24E5AAD914AB251E7304A01DF80

Function 03E799E0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1686c6c8a4af5740fc6f2bcb1c93e1e3a38353a3714edd09ece352f60446eb31
Instruction ID: f8ceded5af9cc224459b53b50827aef1b426174047a07a500cf703fae6687277
Opcode Fuzzy Hash: 1686c6c8a4af5740fc6f2bcb1c93e1e3a38353a3714edd09ece352f60446eb31
Instruction Fuzzy Hash: 6221CF31B01215DFDB00EFA4E544BAAB7FAFF48356F085529EA19CB242DB30D845CBA0

Function 03E77568 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ebffd6841241c11e0c0f944c70f8a9d550c21875bc86c28b99df74fb65f711d
Instruction ID: 57c4150400f80a7803f83d230f695d826ab45891f5444c83f72f15a590a2277a
Opcode Fuzzy Hash: 1ebffd6841241c11e0c0f944c70f8a9d550c21875bc86c28b99df74fb65f711d
Instruction Fuzzy Hash: 30215C31E006198FCF51EBA8D4446BEBBB5EF88254F04826AD919E7250EB709945CB91

Function 03E7FCD8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc7e71ef1deb6716f92ca43e2d668515e50d48d7cf8fdbeceba00339d9ac2a0b
Instruction ID: 2a740ed608e3f473563dfc62972e5d1c8811ad10f9721ecabf1c589cf3381f5a
Opcode Fuzzy Hash: bc7e71ef1deb6716f92ca43e2d668515e50d48d7cf8fdbeceba00339d9ac2a0b
Instruction Fuzzy Hash: 283169B4A00659DFCB10CFA8C588BDABBF4FF09314F148999D619AB361D731A840CFA0

Function 072C06FB Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fcef4f8699017e17b047e4a075df612589545142e8b9a2ff4e2a7689e44835d
Instruction ID: c0dc835ac3ebb5e395060bf0458492a1002767d22624dd4be653c41107ef33e4
Opcode Fuzzy Hash: 8fcef4f8699017e17b047e4a075df612589545142e8b9a2ff4e2a7689e44835d
Instruction Fuzzy Hash: C121C1B0220741DFE72ACF28C8457157BE1FB41308F144A5DC1528F261C7B6E48ACBD5

Function 072C2BB5 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fed833adea07e6e138b8d1f771bc8a1c48622e9fdf45333aeaaa6f68124097f
Instruction ID: 4e0cda2e817a287cb0a7845b38ea0219597d6a2d7fb71dd66ff20f667612eccf
Opcode Fuzzy Hash: 8fed833adea07e6e138b8d1f771bc8a1c48622e9fdf45333aeaaa6f68124097f
Instruction Fuzzy Hash: B5313C70610215CFD714EF64C994B99B7B2FF44304F1145ACC11A6B7A6CB74AD85CF51

Function 072CFA0B Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a51c6c0ed4156fc13fba0ce9758973dcad7751d8d3f89581ab1e3f36eb192d
Instruction ID: 4dd9230668c61b58c80c64d66fe693c95e9e0778f28a21bccb763674df9ae30d
Opcode Fuzzy Hash: 42a51c6c0ed4156fc13fba0ce9758973dcad7751d8d3f89581ab1e3f36eb192d
Instruction Fuzzy Hash: 141192331153865FCB16DB74481067B7FB6CF46204F0881AFE549CB193CA79C846D7A1

Function 0D5DC3A0 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee24dcd17ade251cf021cf010b5bea5892c0df65088d8f64ea3cf9d8665b5787
Instruction ID: f0b07799f15cdd6387c20f4135349a19301af2f4bed75edda839a584883b4223
Opcode Fuzzy Hash: ee24dcd17ade251cf021cf010b5bea5892c0df65088d8f64ea3cf9d8665b5787
Instruction Fuzzy Hash: A221A431904209DBDF55EF68D844AEEB775FF88310F10C62AE91A67250EB70EA54CBA1

Function 072C3C38 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f0fc63e8eceece361ec47d59ffec30803b8205a2bc81eeaef24cf4b2c2af47c
Instruction ID: a7a5aad5568dff4aa850c9cc80ccd3c0a2eac4f2563ef0e77d353aad1a90f750
Opcode Fuzzy Hash: 8f0fc63e8eceece361ec47d59ffec30803b8205a2bc81eeaef24cf4b2c2af47c
Instruction Fuzzy Hash: 6F218EB03106129FD718DB29D844B2E77EAFF88610F11862DE106CB3A1CF75ED428BA5

Function 024ED1EC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2011884287.00000000024ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 024ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24ed000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71d0cc720b6f351494368ffa851f898a06f8900abcc9acedcda7cb28aa821633
Instruction ID: 3283f51ad721e98e336eac0a02ac8d656381db842b71960b9de85e12bf8def00
Opcode Fuzzy Hash: 71d0cc720b6f351494368ffa851f898a06f8900abcc9acedcda7cb28aa821633
Instruction Fuzzy Hash: 3921F275944200DFEF04DF54D9C4B26BBA9FB88315F20C6AAD80A4F356C376D846CAA1

Function 024ED01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2011884287.00000000024ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 024ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24ed000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d740fe9790bcbf448248e2e1a65de047af3c313a65afb35b20b10d0fca634483
Instruction ID: 3bc0470e183c783069e8ad10b0859a79983d4d433182f53200a86d0c323b3d20
Opcode Fuzzy Hash: d740fe9790bcbf448248e2e1a65de047af3c313a65afb35b20b10d0fca634483
Instruction Fuzzy Hash: 2821F271A04200DFEF14DF14D984B26BBA9FB84319F28C56AD94B4B356C33AD447CA61

Function 03ED3748 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e8a4b7bef2f623276f178cd8effbac1ee03cd1353cf8327a7e5ba0759ed0d14
Instruction ID: 55f75ff161079b32d8623d91ac34a639b263d20825f9a6a91c284ff5ef3c39e9
Opcode Fuzzy Hash: 5e8a4b7bef2f623276f178cd8effbac1ee03cd1353cf8327a7e5ba0759ed0d14
Instruction Fuzzy Hash: 4631A7B9D042199FCB10CFAAD884ADEFBF4BB09310F14906AE814B7310D375AA45CFA5

Function 03ED3747 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1244b31fdd37ff1e91cc5629c9a0b9bd21b47303131a99a33437b8c2d117ba0b
Instruction ID: f885386ddf72cdb5b4a5e278764b057d3d945d8cb2cb8bd9c8996a88ee89d651
Opcode Fuzzy Hash: 1244b31fdd37ff1e91cc5629c9a0b9bd21b47303131a99a33437b8c2d117ba0b
Instruction Fuzzy Hash: 063196B9D002199FCB10CFA9E884AEEFBF0BB49310F14916AE814B7310C375AA45CF65

Function 03ED1588 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4ea4aeb43eff89f4aeec72bd1abdcbb1fa492be2ffcccc4eed79885905a0860
Instruction ID: 05ec1c167f275ae243ea1748235c7e9e2a9977a9c14b7d0a3bec39a6b89d5767
Opcode Fuzzy Hash: c4ea4aeb43eff89f4aeec72bd1abdcbb1fa492be2ffcccc4eed79885905a0860
Instruction Fuzzy Hash: 3131A9B9D002189FCB10CFAAD584ADEFBF4BB49310F14906AE818B7320D375A945CFA5

Function 03E749C0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db5142745cc793098fab388fa1ba2ab8f323669dce988d3da6dfd4a6e5ce3765
Instruction ID: 01d747ee262b58b4a33888ec10694a5378205ce65468ef27a32bf59a4124d00f
Opcode Fuzzy Hash: db5142745cc793098fab388fa1ba2ab8f323669dce988d3da6dfd4a6e5ce3765
Instruction Fuzzy Hash: 54212935A002058FDB04DF7DC8406AAFBF6EF84310F2459A5D445AB295EB31ED45CBE0

Function 0D5DE168 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61e0e07313e9f8238eaa7e973bf0541c2bc183286392b44a2b45e1fe467e289
Instruction ID: adcd285e792736c8f7212a83bdb38b9cec43e7bcf0fe9014bad77c58f1242733
Opcode Fuzzy Hash: b61e0e07313e9f8238eaa7e973bf0541c2bc183286392b44a2b45e1fe467e289
Instruction Fuzzy Hash: 59311C30A14619CFCB65EB28C898AADB7B1FF99300F5186D9D54D67260EF309E81CF50

Function 03E725B0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42edceb570dbb0ab3e9426c50f580ed9704dd7b5d5f3b170925377b69ee45f6a
Instruction ID: c65c854ec542eb8b89f5a68e75b5e1eb0ec5ae150e7e94ee4738325ea8f15aef
Opcode Fuzzy Hash: 42edceb570dbb0ab3e9426c50f580ed9704dd7b5d5f3b170925377b69ee45f6a
Instruction Fuzzy Hash: 5F21F0B4E02209EFCB54DFA9D5455AEBBB2EB49310F20E5AAD905A7210D7305A41CF90

Function 072C0768 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ae1e13a7960f44de3513f2c4532a4717d43b30254083c7cad2be0615d09d152
Instruction ID: 2670519cb31b6ee3f151a345952d9bd99c6f802cc3a5274ccc2298739c8471dc
Opcode Fuzzy Hash: 2ae1e13a7960f44de3513f2c4532a4717d43b30254083c7cad2be0615d09d152
Instruction Fuzzy Hash: 8721BFB0620741DFE726CF28C515715BBE1FB41308F144A6DC1968F2A1C7B6E49ACBD5

Function 072CEF09 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b767ca49fdc0d54cacbc874ee944fd866f0aa6c4c1d21fca6d2dbe4de019148
Instruction ID: 8c273d2d269016313ffda83214c2f4297dfb36c6d069c6990df28d0f1c4a45d1
Opcode Fuzzy Hash: 1b767ca49fdc0d54cacbc874ee944fd866f0aa6c4c1d21fca6d2dbe4de019148
Instruction Fuzzy Hash: 1521CF76A002068FCB00DF64C444AAABBFAFF49710F1581AAE606CB361DB31ED05CF90

Function 0D5D18D8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d794751f7d1177d1f88539adfb98d96f03951345be2eb7dad8ba2c24ce51dcb9
Instruction ID: f6701af6e924eec51a3380a7d082fff8609b0e59cbd8a4dff86e8b697b502e2c
Opcode Fuzzy Hash: d794751f7d1177d1f88539adfb98d96f03951345be2eb7dad8ba2c24ce51dcb9
Instruction Fuzzy Hash: 6A21AA31A157148BE768CF28C840B99B766FB80300F0085BAD50D97690DA34DEC9CF65

Function 03E723A8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 969eb30380ad60c586f834c7656cf281c68a8ba61009bb4e17865c25f2b43736
Instruction ID: 59b4a9e481cdff65201e039fa0a72700c876c40d2ab252d366e427d8e5e09887
Opcode Fuzzy Hash: 969eb30380ad60c586f834c7656cf281c68a8ba61009bb4e17865c25f2b43736
Instruction Fuzzy Hash: CC2116B4E05209EFCF48CFA9D5415ADBBB1AF4A300F1099AAD814AB351E7304A41DB50

Function 03E72A92 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f504c1dda7d0461950793c8556a5f01ea72c9992dbde8010e015d00dbd9d272
Instruction ID: b2727d1b9dfda59944972fa3345a6e070c936e4803905d9746825ec46ad3757e
Opcode Fuzzy Hash: 4f504c1dda7d0461950793c8556a5f01ea72c9992dbde8010e015d00dbd9d272
Instruction Fuzzy Hash: 562148B4E05209EFCB48DFA9D4456ADBBF1FF49300F1099AAD904AB251D7304A41CF51

Function 072C0738 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a5307eb7cd93b781150f90e58279ed7acbb46191838289bffd1fa9b0c66de9
Instruction ID: f41fe5f193859fc4680f6b492a931218cd01e4c2140baf93fbe301e658ad937d
Opcode Fuzzy Hash: c0a5307eb7cd93b781150f90e58279ed7acbb46191838289bffd1fa9b0c66de9
Instruction Fuzzy Hash: 3001C871B213269FCB59F679141813E6697EFD5310B18897E960BDB385ED30CC028797

Function 072CB15C Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02f42b80f5388740dcd44642a59cd5b865a4c370d285b9eb8559158a99d69afc
Instruction ID: 0166515cfae42c5dca8b28e44edecdc3cb81d5ced480fca6099bf82331ae94df
Opcode Fuzzy Hash: 02f42b80f5388740dcd44642a59cd5b865a4c370d285b9eb8559158a99d69afc
Instruction Fuzzy Hash: 9731BBB8D102589FCB10CFA9D584ADEFBF4EB08310F20806AE914B7310D374A945CFA5

Function 072CBDDB Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8074529ae80198e4b13a694a83602ea7fa6fd28b86938a03f4d7e884cca1bf33
Instruction ID: 23a7a3d449675f5e37b20af95a41bd247ada001fd738f14dd3896e1959b64749
Opcode Fuzzy Hash: 8074529ae80198e4b13a694a83602ea7fa6fd28b86938a03f4d7e884cca1bf33
Instruction Fuzzy Hash: 0C31ACB9D102589FCB10CFA9D584ADEFBF4EB08320F24846AE914B7311D375A945CFA5

Function 0D5DBC5B Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 048910b589e7130fbe5d485c2e9a0e33cd8b09c4b3a7fe5ddbf7c6f98bd0804e
Instruction ID: 5ff5b0bf0e07ab58c9f2d286b928862ba66b82005af90d15ab1114c922b98efc
Opcode Fuzzy Hash: 048910b589e7130fbe5d485c2e9a0e33cd8b09c4b3a7fe5ddbf7c6f98bd0804e
Instruction Fuzzy Hash: 8531963590065ADBCB65CF58C880BA9B7B1FF58300F1586EAE90DA7211E732AAC1DF40

Function 0D5DBC42 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04828da3ace612ec4587b9f12df5b1bf7a4d636eea251194eb3b8bd11b1c4221
Instruction ID: 8974ef90ec59e976dbe79e511ce210271b55fc460ff42a426bc2db39048ac45b
Opcode Fuzzy Hash: 04828da3ace612ec4587b9f12df5b1bf7a4d636eea251194eb3b8bd11b1c4221
Instruction Fuzzy Hash: 4731D63190061ADACB65CF58C940BA9B7B1FF48300F1186EAE90DA7211EB31AA81DF50

Function 0D5DA688 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f91b6204293d38c423018e24bb19753178a649ef3e85f17d88bfd89ceb9ab985
Instruction ID: e40f3a973f7affcb136d37ac340aa674ad9ad37de32e88725be036ee8cddd124
Opcode Fuzzy Hash: f91b6204293d38c423018e24bb19753178a649ef3e85f17d88bfd89ceb9ab985
Instruction Fuzzy Hash: 81216D35A002099FCB15AFACC454AEEBBF2BF8C304F14C569E915AB261DF369D44CB90

Function 03ED0A6F Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fbe9d0918a4b01f272291f3cf71a4ba2149639cc55cffcf8d80751824f58c28
Instruction ID: cb669b09c76db4fd798ce6cc1afa5178c2bb86d7f316805af3ec9159a746c5a2
Opcode Fuzzy Hash: 0fbe9d0918a4b01f272291f3cf71a4ba2149639cc55cffcf8d80751824f58c28
Instruction Fuzzy Hash: B8219C30A00709CFCB14DFA4C454A9EBFB2AF85318F188659C519EB394DB349C46CF41

Function 03E72AA0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7cf4342d1578d66835b3f0cc9fbce93b80a8fa66843eda531231f8a2e538b72
Instruction ID: 05e207067e51a84f1ee5baeb04d9deb04b55f2ae9417f6a523f360b0e2a68365
Opcode Fuzzy Hash: c7cf4342d1578d66835b3f0cc9fbce93b80a8fa66843eda531231f8a2e538b72
Instruction Fuzzy Hash: E321E3B4E01209EFCB58DFA9D549AAEBBF1FF49300F2095AAD904AB354D7305A41CF91

Function 072C0778 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 822fa56ffa2ea1a0b2ada2a6d39b39c7f13f135627ed24f3236d17ab2cbb41c8
Instruction ID: 51cd79f39c2d619cc8524340466341bf5439dfa31d80ca693890a5c919190360
Opcode Fuzzy Hash: 822fa56ffa2ea1a0b2ada2a6d39b39c7f13f135627ed24f3236d17ab2cbb41c8
Instruction Fuzzy Hash: 662178B0610B41DFE72ACF28C406715BBE1FB41308F144B6DD1658B691C7B6E49ACBC1

Function 0D5D37C0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 972a434142e7f61a2e51ae0eccea03753711cea8ff66f2ae837cd6ba77260ba1
Instruction ID: 6221f92d8dc234ec49100b8070b760f2555ec60e7f7befeac3aef6a73a40ed6e
Opcode Fuzzy Hash: 972a434142e7f61a2e51ae0eccea03753711cea8ff66f2ae837cd6ba77260ba1
Instruction Fuzzy Hash: 19116D72A04249AFCB59DF9CDC008BFBBBAFF84210B14452AED1497261DB71AE1197B1

Function 03E799D0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99998d88860f5b4f0584055ea5ee6cec19a0d40c35a50731ea05a88cb73db1a0
Instruction ID: 7cfbe912dfc16d752c8c8380c2010d533d5aacd00735ce10b9f206f25abc7acb
Opcode Fuzzy Hash: 99998d88860f5b4f0584055ea5ee6cec19a0d40c35a50731ea05a88cb73db1a0
Instruction Fuzzy Hash: 0521BE307012459FCB00DF69E558A6ABBFAFF46311F085569E919CB392EB70D844CBA1

Function 072CD3A8 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39fefd401c5f16ee25894543eca355fb5f9de7d1e205f6defaf5d9ea6068ea69
Instruction ID: 269bc4421051408574a8f8519369e86a1538ce147df7a103319c26ff1c833eed
Opcode Fuzzy Hash: 39fefd401c5f16ee25894543eca355fb5f9de7d1e205f6defaf5d9ea6068ea69
Instruction Fuzzy Hash: 05110832E00209AFDB04DF6AEC409EEBBBAEFC5320F01C166E518DB110D7306915CBA0

Function 03E723B8 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 036863090d8186d779b8a50fc0b7015f5011af596d77552a7a84b715b6a6ab8f
Instruction ID: be88db361e47f9734672adab9471896eae995299c0245b55e873fe82af29b99f
Opcode Fuzzy Hash: 036863090d8186d779b8a50fc0b7015f5011af596d77552a7a84b715b6a6ab8f
Instruction Fuzzy Hash: FE21C4B4E01209EFCF48DFA9D545AAEFBB1EB49310F20D5AAD914A7310E7305A41CF91

Function 03E71A7C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f748ebd3ee7b3168f7b5087ef7aec626669cb11715de4a853e840dcaac6950
Instruction ID: a50b5ea639ebc526c8c21f5c92a44750e0caa3b0e97a18aae6d86c2ca52fcf60
Opcode Fuzzy Hash: c9f748ebd3ee7b3168f7b5087ef7aec626669cb11715de4a853e840dcaac6950
Instruction Fuzzy Hash: 1811E772F0020AEBCB12AB54D9441EDBFB0EB42360B745DA6C09AB32C4E23086308B94

Function 072C3B33 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d44430ab1259946aa8c1c0f7e6c7ded37fa48d94e2fb7828158af3a49975dda5
Instruction ID: 176ba79b8cb1722ad690ff71b93becfd29798d3c97767ad4fa9c742ac06d2cd2
Opcode Fuzzy Hash: d44430ab1259946aa8c1c0f7e6c7ded37fa48d94e2fb7828158af3a49975dda5
Instruction Fuzzy Hash: 101193B43207118FC714EF29C454A2A73EAAF95A10B198A9EE445CB362CF74EC45CB62

Function 0D5D6830 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f82125fc6c7c8c943eefb430510030019585a2222ae17c5f6b816f78e42cf1d
Instruction ID: 7a8590d16c32e6c182b9b983884e409b8d0f7036693a1bd35b947b8c84b1d798
Opcode Fuzzy Hash: 0f82125fc6c7c8c943eefb430510030019585a2222ae17c5f6b816f78e42cf1d
Instruction Fuzzy Hash: 881123B3A093544FD3268F6D8C5056EBFB5AFC65203098AABC824CB2D2D234D8028371

Function 03E762D0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 103b8bf802e340c6a34aabe928efdf8969a2368d53dfa672ce22f3e6a744839b
Instruction ID: ff8c3fdde25836f5fbc8600f9e50935f284e63cd5957f9f316dd8ca009193d01
Opcode Fuzzy Hash: 103b8bf802e340c6a34aabe928efdf8969a2368d53dfa672ce22f3e6a744839b
Instruction Fuzzy Hash: EB213A30910B08DFCB15FF68C9556EEBBB1AF89304F40866DD4567B254EF70A948CB91

Function 024ED006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2011884287.00000000024ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 024ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24ed000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a719c0fe30306a7942852f5ab8be86147db7d55afebc193373cc8489780e93
Instruction ID: 5bf90702b50bea13d49a75debf609ff90068872f94b82093bc401633fae93c2a
Opcode Fuzzy Hash: e8a719c0fe30306a7942852f5ab8be86147db7d55afebc193373cc8489780e93
Instruction Fuzzy Hash: 26215075509380CFDB16CF24D994716BF71EB46218F28C5DBD8498F6A7C33A940ACB62

Function 03E746B8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e7a812ae77dee0e3b1dfd05fd58ab8053fae1e4052a18a7e3316b151dc9aa34
Instruction ID: d2ad7afd850c8b99b19fc0a01412f032dbba7138696808654b23eff5ed8c05b0
Opcode Fuzzy Hash: 2e7a812ae77dee0e3b1dfd05fd58ab8053fae1e4052a18a7e3316b151dc9aa34
Instruction Fuzzy Hash: 54212C74B002059FC714DF6DC4848AAFBF6EF8A210B2485AAD909D7362DB31E9068B91

Function 072CEF18 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0aed0664d6aeb5d40d5f31616b42d2994264ca5fabb5a1f09f358e2a74c05bf
Instruction ID: 5eff586c28ef214bed48418399c305b6cc682d64fef96993184d73a076877009
Opcode Fuzzy Hash: c0aed0664d6aeb5d40d5f31616b42d2994264ca5fabb5a1f09f358e2a74c05bf
Instruction Fuzzy Hash: 112190757002069FCB01DF65C444EAABBFAEF49711F05816AE506CB361DB31ED15CB90

Function 072C4C48 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cbf8e33f5c1d1394f9831ed12b5348a406eda900d1a2435ac76399d34161b1c
Instruction ID: d2d52ce97659076e0ce3bbd9e69e395e205e81e5a6e360dc1b332267141d11cf
Opcode Fuzzy Hash: 3cbf8e33f5c1d1394f9831ed12b5348a406eda900d1a2435ac76399d34161b1c
Instruction Fuzzy Hash: 20114270621781CBD324F631D9A47277BA6EF95315F60473DD41A8B7A0CB36E842CB01

Function 03E71980 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d48e19b2ae8b4a6736c94c48f8954b921f0d3fe107d64d1ce0e49c452bddd3ca
Instruction ID: dc8625584e53e0ca6418919d1a221c9dc63d8495d8157bfd220508c19f659d04
Opcode Fuzzy Hash: d48e19b2ae8b4a6736c94c48f8954b921f0d3fe107d64d1ce0e49c452bddd3ca
Instruction Fuzzy Hash: 2C113074B102158FC714DF6DD4848AAFBF9FF89310B20856AD509D7321DB31ED068B91

Function 0D5D18C9 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1defaf70cfc9228407a007253d08e88d1d0be47b62b657b0f230be25332ba308
Instruction ID: b351f3f937a29eb7369cfeb61434a80886ddac33a41677445db6e9adb3351b20
Opcode Fuzzy Hash: 1defaf70cfc9228407a007253d08e88d1d0be47b62b657b0f230be25332ba308
Instruction Fuzzy Hash: B111B6306157548BE7A8DF28CC80B9A7776BB81200F0085BED80DA7391DA34DEC9CF65

Function 0D5D2CD0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4edf465bfd26a67451b4919d7985b48bc208b714b9ed5076957cfb5248fef217
Instruction ID: db1f5777cf7c2e257e6de86e14304cf96bbd6afe0a4a7dece266a1f8456911b4
Opcode Fuzzy Hash: 4edf465bfd26a67451b4919d7985b48bc208b714b9ed5076957cfb5248fef217
Instruction Fuzzy Hash: 2C01C471A141196F8B15DFACDC408FFBBBAFFC8210B104626ED2497264DA70DE0187B5

Function 0D5D86AC Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b8d49ec34f635760a021255d4d41d0d7b9cd0be4deb53331321d55c49c21d83
Instruction ID: 389c4c316794bb7652eaed38e81c43396d77d451ae987d4e41ba64a8d2e00c9b
Opcode Fuzzy Hash: 9b8d49ec34f635760a021255d4d41d0d7b9cd0be4deb53331321d55c49c21d83
Instruction Fuzzy Hash: 2421F935A01209EFCB58EBA8E484DADBB72FF84315F1585A4F9055B361CB31EC85CBA0

Function 03ED58D0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c3236a59a4961a1d07fab21d743ef3b3afa51069ba55ffc37d7068608d36d6d
Instruction ID: dba569c6edda4ac889dfde1266f4f08e4f7c0a8a5f485a88b246aeb147bfa6df
Opcode Fuzzy Hash: 5c3236a59a4961a1d07fab21d743ef3b3afa51069ba55ffc37d7068608d36d6d
Instruction Fuzzy Hash: AD117071E006169FCB10DBA8C800AFEBBF5EF88320F14867AD519D7640E33999128BD0

Function 03E74758 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddb2ec3cdf48aa53e7f4e59ff517ab395023156457f2645a2cbf074914c6e348
Instruction ID: 7dc6cdc98d5684579fafede09abbe86599b31793523832ad3f676a81dda66128
Opcode Fuzzy Hash: ddb2ec3cdf48aa53e7f4e59ff517ab395023156457f2645a2cbf074914c6e348
Instruction Fuzzy Hash: 57117C757042049FC705DBA9D4508EEBBF9EF8A21471481AAD549DB352DE32A8068B92

Function 024ED1E7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2011884287.00000000024ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 024ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24ed000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 9a58e985835267c87d462eddcb413f1970f85cdfdb38ec2fcd2f0259f2bf78ba
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 43119D79904280DFDB05CF54D5C4B16BFA2FB88318F24C6AAD84A4F756C33AD44ACBA1

Function 03ED06D8 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15f7ddf38b589c6390092c828889bccf58cd45d974844210280201a4e4dfc3a3
Instruction ID: ce7fdb1d97ac0e7ef91d606396b8d38ad282451146571d41e0005166f9163585
Opcode Fuzzy Hash: 15f7ddf38b589c6390092c828889bccf58cd45d974844210280201a4e4dfc3a3
Instruction Fuzzy Hash: 9301F5317082585FC715DF6D98508AE7FB6EFCA72071841AEF449CB2A1CE319C42C7A1

Function 03E74008 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b40fca8ee21b0b95c40062a45a585d6dd33662d0cf4ec36f9a608b760b00ba21
Instruction ID: bb150f15a45263d38ffc300d531a72ce2547c346aa3d97380cbc62969401ad41
Opcode Fuzzy Hash: b40fca8ee21b0b95c40062a45a585d6dd33662d0cf4ec36f9a608b760b00ba21
Instruction Fuzzy Hash: 0B11D6726012468FDB15DBA8D8507EEBBF9AF46348F18427ED149D7341DB309A06C7D1

Function 072C5EC0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c620c4823f8492e46a922fc2d0a333e0001d88c467114d12d690926e73136c52
Instruction ID: 23c2d1e8519bd4dba08f9d8c3b60ad2bf85c8ddb48bb888dd829f65f07aa54f0
Opcode Fuzzy Hash: c620c4823f8492e46a922fc2d0a333e0001d88c467114d12d690926e73136c52
Instruction Fuzzy Hash: CF11E1B06283808FD31ADB29D8909057BB5EF4720432941DEE081CF2B2C735EC46C791

Function 03E71A6F Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b208bf687809bbbd6e4f316ee314bd9aeec08e9bf010f6e4a1dfba64261a7e90
Instruction ID: cd32b171fd89c232674f04870be6332dc006ffacb1a58ecf80f37405e8d96c09
Opcode Fuzzy Hash: b208bf687809bbbd6e4f316ee314bd9aeec08e9bf010f6e4a1dfba64261a7e90
Instruction Fuzzy Hash: 0F012B76F04306AFC712E724DC541E9BFB0DB872607286A67C16AE73D4E63085144B94

Function 03E77DE9 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 623293ff2a1f2eb934cb197112b2d7aa0d93d73ad74d76e6cdfea493b840ee15
Instruction ID: 1c92bc6f1a28bdfafd4fb4b91ffba0f4bc23a9d876a84a5d3babfc0924be6934
Opcode Fuzzy Hash: 623293ff2a1f2eb934cb197112b2d7aa0d93d73ad74d76e6cdfea493b840ee15
Instruction Fuzzy Hash: 2D01D432B102186FCB11AA68E8044DABB79EB82220F0445BFE545DB251DE72A85987D1

Function 03EDA050 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d26cb3acee1f1491113f455858d09c43adbb42b74aee8d175a0dc2c15a9a433f
Instruction ID: 57a685b0afd23a47b3e04e03493df68625a353df7ca63570127bd50a7c0d7fb3
Opcode Fuzzy Hash: d26cb3acee1f1491113f455858d09c43adbb42b74aee8d175a0dc2c15a9a433f
Instruction Fuzzy Hash: FC010475E102199F8B50DBA9CC409EFF7F5FFC9210B24462AE515F3300D77469558BA1

Function 03E72CB0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2135caa77a630810da174b5156b9abb4ab2eee5e421568e50541daa4e87c759
Instruction ID: 3b03c21888b8ea30c5d6b79e15d33dcc8d3b9a1cc41b7c25210edf4329848326
Opcode Fuzzy Hash: b2135caa77a630810da174b5156b9abb4ab2eee5e421568e50541daa4e87c759
Instruction Fuzzy Hash: 9801A7B1A08116FFC717FF81E5445D4BFB4EB0229073AAF92D385AD19AF13185608BD5

Function 072C2470 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b1d5075942a9a1ac45df52360a4660ae8915f1ea53634372a0eb86570818ce1
Instruction ID: bb9702e904ba3b0b39af3f8699d1c9512bb07643bb76fb8565b476f9ead1ac44
Opcode Fuzzy Hash: 0b1d5075942a9a1ac45df52360a4660ae8915f1ea53634372a0eb86570818ce1
Instruction Fuzzy Hash: 7A01A1B0A1425ADBDB25DB68C8147AEBAF6BF89310F04062DD441BB290DF7899408BE1

Function 072C43DE Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36be7652ac173051f608b587669ebd01706447d73320613f76dc1b9b5eb03254
Instruction ID: f2e784d154dd3085c5f570fa5e5bd5ab52ee48f73e57eba0122e0d321c56584c
Opcode Fuzzy Hash: 36be7652ac173051f608b587669ebd01706447d73320613f76dc1b9b5eb03254
Instruction Fuzzy Hash: F4114579A0020ACFCB40EF94D98489DFBB6FF88310B248259EA19AF314D730AD45CF80

Function 0D5D1953 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0b60c18c92007ec5f5e40fdd00d336b31c2cc154367571a1548da891d660cd4
Instruction ID: c269fa2236cc8b8c26dc56416bb1ae27b10ad1abac290dda48a54430dc01bfc8
Opcode Fuzzy Hash: e0b60c18c92007ec5f5e40fdd00d336b31c2cc154367571a1548da891d660cd4
Instruction Fuzzy Hash: 8A113034A156158BEB589F28DC80F9D7732FB84300F1089BAD90AA7254DA34DEC5CF55

Function 0D5D1A4C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b41d7c36cc73a858860b5cd47ec3f699147602a705870c511b7476bd5d1054a
Instruction ID: dcde369083c14040414db6e2928724432ccedf466de6d4979eae1372066b6a5d
Opcode Fuzzy Hash: 8b41d7c36cc73a858860b5cd47ec3f699147602a705870c511b7476bd5d1054a
Instruction Fuzzy Hash: CD11A530B1571586E7A89F2CDC80B5D7266B794210F008A7AC90DD72D0DA34DEC58F65

Function 03E7D027 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e221555c80ffe7ec629b0ef45cbf0709b68a658921541ad9c854a3471c5bd5c
Instruction ID: 6b684e12bcd7922f544d8b22f1ae5072d7022772e47ba651fbb55977ab798edb
Opcode Fuzzy Hash: 9e221555c80ffe7ec629b0ef45cbf0709b68a658921541ad9c854a3471c5bd5c
Instruction Fuzzy Hash: DF115A70D0020A8FDB04EFA8D8126AEBBB1EF44344F108629D915FB395DB7899418BD5

Function 072C0C38 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48fbcddca14e6d68e3a123bae78158fb47f4d2bd8766bfb4cf9c5aabca17a6d4
Instruction ID: 701ca57c7365e3daa76a445808a3476ba9d5e7c6631f94e04c8de8854abe097f
Opcode Fuzzy Hash: 48fbcddca14e6d68e3a123bae78158fb47f4d2bd8766bfb4cf9c5aabca17a6d4
Instruction Fuzzy Hash: 1001D6B4714242DFCB65DF78C840A6A7BF5EF5A210B2545AEE009CB362D631ED41CB50

Function 03E75988 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd977ba9e2015985ef4180b5ac193c52c743a1b7f91286aa4b88aae1181d7fe
Instruction ID: f13a865c021de5455f411eeb055947dbc813443aeca1f75963ca3c59fa7040dd
Opcode Fuzzy Hash: acd977ba9e2015985ef4180b5ac193c52c743a1b7f91286aa4b88aae1181d7fe
Instruction Fuzzy Hash: 6C012636F043016BC712A725C8053DA7FF0DB83274F38AAAAC4AAA33C4F23185164BC4

Function 072C4068 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a83a0dde60c5858b9b177679ec66d089ab2fde675dfada42ab788970f94c777b
Instruction ID: 54a6493c39f6f55ba8da4689bed6fba315736a1fcbb5737b1e63369f38403b6d
Opcode Fuzzy Hash: a83a0dde60c5858b9b177679ec66d089ab2fde675dfada42ab788970f94c777b
Instruction Fuzzy Hash: 7C01CC74B202868FEB05EF74C424B9A7BF5BF06304F0081AED484CB262CB309A85CB50

Function 0D5D0AD0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adbbe5c5862de1fff5313d3c46b57dc255d6552f56a5955b333f58a43b8111f6
Instruction ID: 02cdbb29fc747e3dd440bf191eed5c1c67e521aa815d6941b879a37595abf8f4
Opcode Fuzzy Hash: adbbe5c5862de1fff5313d3c46b57dc255d6552f56a5955b333f58a43b8111f6
Instruction Fuzzy Hash: 6EF0F6727192802FD716466C9C649B73FACDFC7208B2900AFE448CB392E5619D0A87B0

Function 024DD76D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2011847472.00000000024DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 024DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24dd000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7072223cb7c9a81694e5bd84239d0e0d3314363480a10526f9492e35f8e044da
Instruction ID: ea2f611f714ef9bf0e3d423d06ef87f062b38ae9d120657c1ea669d6db5d11f3
Opcode Fuzzy Hash: 7072223cb7c9a81694e5bd84239d0e0d3314363480a10526f9492e35f8e044da
Instruction Fuzzy Hash: 2801D632908744DAE7108E29DD94B67FFD8EF45324F18C4ABED094A286C779D881CAB1

Function 03E7F3E0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd31515c948e793541bd0291576e6d346b5bd7fc45d0c005ce108613c7a19357
Instruction ID: 7a978b3abdbd43576f3f3996a6105d63bfcf6272733dfb1aa713491fa82f4d3f
Opcode Fuzzy Hash: bd31515c948e793541bd0291576e6d346b5bd7fc45d0c005ce108613c7a19357
Instruction Fuzzy Hash: 43F0963631021047C529E2AD61182BEE2DADBC1776F1C192BE70EC6A51DF549C878696

Function 03E72698 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cead72bc76200e8652e7fae0a9066b774e353390bd7774d0f3fc03f6f4acf43
Instruction ID: 44620f0d3091fe42de16b92629c03458d98a3eeaca5a7669f3457aa936445d52
Opcode Fuzzy Hash: 8cead72bc76200e8652e7fae0a9066b774e353390bd7774d0f3fc03f6f4acf43
Instruction Fuzzy Hash: 540126347042428FC309DB7DD81857A7BABEFD6210B1886BAD605C7321DE60CC408762

Function 072C0748 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 383893d3d4251ea690b11767ddf7e45813809734f3ab926e6d48d6df08565c6f
Instruction ID: 915b3509d785eef7989e48a08f8f297185166db0b62cd99cc0c55790796f25da
Opcode Fuzzy Hash: 383893d3d4251ea690b11767ddf7e45813809734f3ab926e6d48d6df08565c6f
Instruction Fuzzy Hash: ED01B878A2024A9FDB04EF78C854BAABBF9FF04304F0085ADD445CB252DB70DA84CB80

Function 072CFAB9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46157114ec28a39496b13d82f686ca38182b24a7ea63145aa6ca91a540a805c0
Instruction ID: 42d5ca139ece536495d1c8330483fb6ab7a8198637e3dafcba34538e45b6375c
Opcode Fuzzy Hash: 46157114ec28a39496b13d82f686ca38182b24a7ea63145aa6ca91a540a805c0
Instruction Fuzzy Hash: 60018F7214D382AED302932495103A6BFA19F56208F3891EFE44C8E453C667884A8392

Function 0D5D7DF7 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f282042f5d0dcdf7fc0cd84a143e916c7d10e589d393a1fd65f0128a3a42af9
Instruction ID: 7f00bfc214f520eec2c9210aab76fa96fc3aa699f3872d4f7b54f9cd231ea2df
Opcode Fuzzy Hash: 8f282042f5d0dcdf7fc0cd84a143e916c7d10e589d393a1fd65f0128a3a42af9
Instruction Fuzzy Hash: 17F0F4727082085FC754EAAD9C409BFBBFAFFC9250B19896EE808D3201DB309C0087A0

Function 03E7D038 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aa88b8d270338c307f05840c1d40438333911691611959f2a06ead0b582604d
Instruction ID: a83f342c610a61a643a074571b2449ff4046c95b6a0b1d25a35e955639809286
Opcode Fuzzy Hash: 2aa88b8d270338c307f05840c1d40438333911691611959f2a06ead0b582604d
Instruction Fuzzy Hash: 48018C70D0020A8FDB04EFA8D8027AFBBB2EF48304F009629D915B7394DB7899418BD1

Function 03E76570 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5563123613960819e5fa60a04efad32441764efa66295d88b91bcb6c40cdb1b9
Instruction ID: 7670ba19c13df30909d145a3305081260e846f26990aa57dec71f9ffc1d86ab3
Opcode Fuzzy Hash: 5563123613960819e5fa60a04efad32441764efa66295d88b91bcb6c40cdb1b9
Instruction Fuzzy Hash: 3801F132A1020A9BCB10DF74D8848DDFB76FF8A308F158A2DE1412B211EB70A199CB90

Function 072C2480 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 737694ebff2df77a64551ae10437c3f3ae57cf7f0b463451a6c9ca85fd4409ed
Instruction ID: 63323ceea513400ce218d85eaf70d79772b9b3ccd8d2caabd8f7959ad2c1bd9a
Opcode Fuzzy Hash: 737694ebff2df77a64551ae10437c3f3ae57cf7f0b463451a6c9ca85fd4409ed
Instruction Fuzzy Hash: DD01B1B0A14269CBDF24DB68C8147EEBAF2BF89310F04062DD441B7280DF785944CBA1

Function 072C3A20 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96b84f73b4234f44e2ecb9eca28761455deba6fc010d39272b76429d331eb480
Instruction ID: 9f5dd7c288a35bde461666f3f33d869de86fa8217b6b3c5b05376eefe202e45c
Opcode Fuzzy Hash: 96b84f73b4234f44e2ecb9eca28761455deba6fc010d39272b76429d331eb480
Instruction Fuzzy Hash: 74F028B2B243125B8716E179440457E779BDFD5210B088A7ECA09C7252ED20C80143A3

Function 03E726A8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baf88c59717f267f4e5d8df9747f37f57b623da5e8fc5d0e4560135b5464f9a5
Instruction ID: 5646ca0a8a359f92d048fc43c0ecc547414b00d71e51fbac9e5e9c0e1aa6d114
Opcode Fuzzy Hash: baf88c59717f267f4e5d8df9747f37f57b623da5e8fc5d0e4560135b5464f9a5
Instruction Fuzzy Hash: B6F0F6347102068FC34CD67DD908A7B76ABEBD5221B18CA7AD605C7324DEB1CC4047A1

Function 0D5D8494 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ae83c0973906ed6fdf9f27786183f72e7a4adb537148164057a7684e945b2b8
Instruction ID: 52afbd29ca63741e2b4795d6f565d0d80ffdd0604388cc4f9d4d6740cd135287
Opcode Fuzzy Hash: 0ae83c0973906ed6fdf9f27786183f72e7a4adb537148164057a7684e945b2b8
Instruction Fuzzy Hash: 60F0C231B00228EBCF24DA98DC85BEEB7B6FB88300F104539D905DB291DB71AC02CB80

Function 0D5D5F0F Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfbaa46e0aeb1264dcfe2042d1be9a785af307a3c2374c702c68329fc4f2ff9
Instruction ID: 61465e9ed8af5000b46aeaa865a5a492bdb62a41f8d9442e4955242b93b29baf
Opcode Fuzzy Hash: 7cfbaa46e0aeb1264dcfe2042d1be9a785af307a3c2374c702c68329fc4f2ff9
Instruction Fuzzy Hash: 3DF03C77504158AFDF218E89DC41EEA7F68FF9A364F064052FE0897251D231E861DBA0

Function 0D5D7151 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57595699a1c4ecba33e30b274f3730e42cfcbbf6a3dfce092de4190d0b86769c
Instruction ID: 5b5b4891d66a0cad4258712063486410aa2ce85ba16ff0b82878ca1dd0986b63
Opcode Fuzzy Hash: 57595699a1c4ecba33e30b274f3730e42cfcbbf6a3dfce092de4190d0b86769c
Instruction Fuzzy Hash: DEF0C0327081501FC75D697C5C1022B7B9BABCB110B18457FCD0AC7351CD30CC1742A0

Function 0D5DB96D Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a2c7c7e38f3118f87df582171cc0fcfc09ac18f8dfada2f51049c410503bd63
Instruction ID: 703ec3372e26b2093966d2e488bc90460c4f0ff3dcf5b03699a285ea54b4bb62
Opcode Fuzzy Hash: 0a2c7c7e38f3118f87df582171cc0fcfc09ac18f8dfada2f51049c410503bd63
Instruction Fuzzy Hash: B911F631C00619CECB15DF64C980AD9B7B1FF99300F11869AE64D6B261EB70AAD1CF40

Function 03EDA0D0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 047b52536e16d062afe326db9b2e0d3fb9016cc0f5be1476d7a1b5246e6669a8
Instruction ID: f3e9dd49542c5292d430077312b685f922da8e04dceb52c9f5f149e482566dc4
Opcode Fuzzy Hash: 047b52536e16d062afe326db9b2e0d3fb9016cc0f5be1476d7a1b5246e6669a8
Instruction Fuzzy Hash: 390175359106089FCB01EFA8C845C9DBBF5EF89310B05855AE5499B221E770D594DB80

Function 0D5DBEE2 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d39f58af059c893c903f8ffe8c698b8b8b49f056f7989092dfc927f0bf81d43
Instruction ID: afcc5e8ef272f0e5b88d3f3f7a9235d2dc5c2bbdb7f2921c9fc45f12169d9b0f
Opcode Fuzzy Hash: 8d39f58af059c893c903f8ffe8c698b8b8b49f056f7989092dfc927f0bf81d43
Instruction Fuzzy Hash: 39F0CD727082096FCB299E9DEC90CBF7BBAEFC8220704451AF90587361CA71EC1197B0

Function 03E74921 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f6db08ade9a00c7e952a222e9342966034e719d9bd80db7541e1598ea902f6
Instruction ID: 6e56f3885bfa4a41c8a10b5d351afb5994ff7bebae5b09460ddc6733f0a23bca
Opcode Fuzzy Hash: e2f6db08ade9a00c7e952a222e9342966034e719d9bd80db7541e1598ea902f6
Instruction Fuzzy Hash: B10181397042059BDB04EBA4C440BEEBBBAFF48314F049168D546BB391CA35D842CF21

Function 072CF004 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ccff2bd7fef07b4d8b4f1f3ab6232cce5517d3f33fbd0f0d3bcca121359f67
Instruction ID: 96562decf69b258c1964e3c6d6d06abe0671ceb31715a05555667e5eaba43597
Opcode Fuzzy Hash: 09ccff2bd7fef07b4d8b4f1f3ab6232cce5517d3f33fbd0f0d3bcca121359f67
Instruction Fuzzy Hash: B7F024B33102446BCB11AEA99890EBF7F9BDBC8310B04852AFA06C7356CD35CC1197E2

Function 0D5DCD07 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210bd41db6ff63dac16f0a97fb885ca523c0eff4e547d7eebd040e2887ee4416
Instruction ID: 9284dbf4dbd8e6b91b3f9e50f44beea77b5727f6a438a92fa2a379d1371232fc
Opcode Fuzzy Hash: 210bd41db6ff63dac16f0a97fb885ca523c0eff4e547d7eebd040e2887ee4416
Instruction Fuzzy Hash: 62F02435B082904FD76C657D9C5032A3A5BABCA210B19447AC909CB392C925CC06C7A0

Function 0D5D5678 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ced8255fc51c939592394c7c44dd02840f2df6bfc17c39cdb9e7097a7a7ad9e3
Instruction ID: 65967c6c439d7312a19c87e7ff02c11b9bb31c2c6a0b0b7770e9a74528f276be
Opcode Fuzzy Hash: ced8255fc51c939592394c7c44dd02840f2df6bfc17c39cdb9e7097a7a7ad9e3
Instruction Fuzzy Hash: B6012D30A40706DACB24EB68C8507A9B375BF85300F50C6ADE54DAB651EF70AAC5CB51

Function 0D5DBB6E Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dac31d2ea8e9e5d94e03dad73e68f31c5ff71e681d1a77e8e3e7a7705c6716b
Instruction ID: 2c3686bbbc8263e5fdeed9dfe02779f50b429fba705abab783deb7b90b32c8c4
Opcode Fuzzy Hash: 0dac31d2ea8e9e5d94e03dad73e68f31c5ff71e681d1a77e8e3e7a7705c6716b
Instruction Fuzzy Hash: 5E11E331D1071ACACB15DFA8C840699B7B2FF99300F11C79AE54D6B221EB70AAC1CF81

Function 03E76580 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edee6ce470d40713ec16db1edc6fe3efc3cccd2a69ad6a96ba86e640f9b2b85c
Instruction ID: 4f4e1340a2c869c3d1d97cb715c6af96f8fa9dc19dea3ee23cb56ae1b4e379b5
Opcode Fuzzy Hash: edee6ce470d40713ec16db1edc6fe3efc3cccd2a69ad6a96ba86e640f9b2b85c
Instruction Fuzzy Hash: F701863291060ADBCF10DF65D8448DDFB76FFD9304F118729E14567210EB70A599CB90

Function 072C2518 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81e6b6f28d8290890d53746287e37e013f70e6df6487433a7fe7d677d896b3d0
Instruction ID: 623ec9b1bddd674d3b70a86c83a2799102c5b00c913108240ba165ebe41ab96c
Opcode Fuzzy Hash: 81e6b6f28d8290890d53746287e37e013f70e6df6487433a7fe7d677d896b3d0
Instruction Fuzzy Hash: 2DF096213492908FD74AE778DC2466D3FA66F97600F0540EBD149CB7A3CD65DC0587D2

Function 072CBCBF Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85237422b94e34d92df3762c32c13f18838bb2978650679d5b7658b1c6ff0c40
Instruction ID: 4f25b544040ff052c56270b732d1aa6962fa9ab7a8f00124aeaf9243ec581eb5
Opcode Fuzzy Hash: 85237422b94e34d92df3762c32c13f18838bb2978650679d5b7658b1c6ff0c40
Instruction Fuzzy Hash: EEF054757042155FD3448B6ED884E67BBEAEFC9370715827AE448D7351DA308C058B60

Function 0D5D1860 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db5d7eedeb34342eee7a853b67911a64524a224d2f72bf0d4d5c7d354cbe7b08
Instruction ID: c03ef3f677822177d64d42e87a6ae23d92aa4f614f49d5113e2d7a360cbb2015
Opcode Fuzzy Hash: db5d7eedeb34342eee7a853b67911a64524a224d2f72bf0d4d5c7d354cbe7b08
Instruction Fuzzy Hash: 9AF06230B007049FC769D759D910E6AB79AEFC1225B60C97EC80987354DF71DC468FA1

Function 03EDA0D8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea9d51d110aaa65701230cff9d34bb3dba4076ecd85757c43be89f84447f84ab
Instruction ID: 2ec89bd27ddb350447c906de93a9740e0627853e9c960b56618e108d528b0a19
Opcode Fuzzy Hash: ea9d51d110aaa65701230cff9d34bb3dba4076ecd85757c43be89f84447f84ab
Instruction Fuzzy Hash: 210162369106089FCB01FBACD805C99BBF5EF89310F05C65AE649AB231EB70D594DB81

Function 03E79800 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8822217c410d92935f0fcebefb9418b1ef49773c790fd242b79650874d8f8205
Instruction ID: ebf0d199b243720650a2994c7c5b806ce8da1ae94fb0c613301131ee4e86a79c
Opcode Fuzzy Hash: 8822217c410d92935f0fcebefb9418b1ef49773c790fd242b79650874d8f8205
Instruction Fuzzy Hash: 87F096767003009FD3149F79E404A967FA5EBD5361B14803BE149CB341DA31C805CBA0

Function 03E73448 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36135c20ee9faf9864ca2386c252fc510de5e5f80d3c76b18bec2c47193299c6
Instruction ID: 2e31f49e8c9b4f94b88d8fb652c98cd38e3d2fb8f973e1aff4bd76d300fc6e07
Opcode Fuzzy Hash: 36135c20ee9faf9864ca2386c252fc510de5e5f80d3c76b18bec2c47193299c6
Instruction Fuzzy Hash: 7CF06271A106189FCB10EFA9D884C8EFBF8EFC6250710465BE54597221EA30A959CBA2

Function 072C0C48 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c63a986cbbc1d5554d5d01f9175ed312358b4f5577cb02c6c025e358ef2cc82
Instruction ID: 18e9b4af8ab0327f3554e476b34882a1a7f642b81875f5309f59f89a8b46c175
Opcode Fuzzy Hash: 3c63a986cbbc1d5554d5d01f9175ed312358b4f5577cb02c6c025e358ef2cc82
Instruction Fuzzy Hash: 62F06D70B202059FCB64CF3AC844B6A7BEAEB89250B2184B9E109C7360EA31DD41CB50

Function 072CD2EB Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958b5b2bb528dda2b92335a1159a275e639dcb5804e7f30b4d62f81ecf06ff8f
Instruction ID: 80eb2317f31bb0040c3acae7dd48e9d234a9bb03bb8b63fa6e2ce7a6463e130a
Opcode Fuzzy Hash: 958b5b2bb528dda2b92335a1159a275e639dcb5804e7f30b4d62f81ecf06ff8f
Instruction Fuzzy Hash: 1AF059BA434782ABD31383749C126E5BF40FB73730F458BB2D54409887C62005ABCAB3

Function 0D5DB0D8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 445c7412f6eabbc51242d6bcd3e44366ffda40d56826a7700b06874367fb1007
Instruction ID: fc7ed4f0b2a6aa4d2b357dca45fe81a4afe96ad298294cb50e928c3907acadbc
Opcode Fuzzy Hash: 445c7412f6eabbc51242d6bcd3e44366ffda40d56826a7700b06874367fb1007
Instruction Fuzzy Hash: 7AF05932B192914BC37C593E5C5052E76AB67C9210B16857FC509CB282CE70CC0682A1

Function 03ED6220 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e86c191fcd06ebecdded9760915989acb255e71679e6bb1204e80cfb7f1f75a
Instruction ID: 36b9c2cf93d8acabf445f126a38a1b4d14b15f24b2225a590bf898fa86d2a8d5
Opcode Fuzzy Hash: 6e86c191fcd06ebecdded9760915989acb255e71679e6bb1204e80cfb7f1f75a
Instruction Fuzzy Hash: 81F02B67B241945BD318957BAC456AF668FD7C51A0B08437BD20AC7380EC9CDE0201E6

Function 03ED5A40 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6022950d097eb0ceaca5830f03c07d1a9cc1b0903d86a45d41083f528689cd29
Instruction ID: a78ce41fe270b219273212c25bba588e923f7db934ee0b2af0d95775adeee3b8
Opcode Fuzzy Hash: 6022950d097eb0ceaca5830f03c07d1a9cc1b0903d86a45d41083f528689cd29
Instruction Fuzzy Hash: 50F054353001318FCB14EB6CE4849ACB7EDEF4966974952A6E509CF3A2CB25DC428B80

Function 0D5DBE7C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a05a7bb5b46d05593d770837272831bd7f0248d5e0cea489420100f9c9a1d594
Instruction ID: 11f0723de9dfed2402af1b6b2d50d0a680a80977500678bc96b1123a622680b6
Opcode Fuzzy Hash: a05a7bb5b46d05593d770837272831bd7f0248d5e0cea489420100f9c9a1d594
Instruction Fuzzy Hash: C9F0B42648A7C86FCB274F58EC4695A7FF6AF07110B054883ED148F172C226E9A49B73

Function 0D5D19D9 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6427e1b3e87ed7ac33f31b5142a190e434eacbe53aa3937c69ddb3dd9955b14
Instruction ID: 286c5629731967d9fb1f262b6f1a01313cafab4a59dade8ec5e91743c11fd083
Opcode Fuzzy Hash: c6427e1b3e87ed7ac33f31b5142a190e434eacbe53aa3937c69ddb3dd9955b14
Instruction Fuzzy Hash: 09014F30B19755CBE7A88F28D890B597375FB95300F1089BAD90E9B6A0CA34DEC5CF25

Function 03ED3A40 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aca3676468ae5e705ec0c9f6277965a05af23dbd26ff0016d9d895d1e997e529
Instruction ID: 895360c3c2cd2511ffda81739b25a29d28919d4a4c0bf05f00a3b820e486327e
Opcode Fuzzy Hash: aca3676468ae5e705ec0c9f6277965a05af23dbd26ff0016d9d895d1e997e529
Instruction Fuzzy Hash: 2CF054317151515BC704D73D5C68126FF9F9BC515070C45BFD20DCB285D9648C12C363

Function 024DD76C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2011847472.00000000024DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 024DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24dd000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58595ad5408292e08662e3884a30a7b74360a913eecbfcf98fb7aa16579a3603
Instruction ID: 7abae387367ae07e47aca4551a7d1c1148523d18cf2605f26e06e3d7c836e7c6
Opcode Fuzzy Hash: 58595ad5408292e08662e3884a30a7b74360a913eecbfcf98fb7aa16579a3603
Instruction Fuzzy Hash: B0F06272508744DEE7108E1AD884B63FFA8EB45624F18C49BED494E286C3799844CBB1

Function 0D5DBE59 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7017c8e296158a5fd5bcfa554513eb984d2ec071ad3970a30537bfdf17b4122f
Instruction ID: 1c5ebdfc07d1d6bfeaa3822aa47c89337872fdae6b625cc1d095a8d317662c71
Opcode Fuzzy Hash: 7017c8e296158a5fd5bcfa554513eb984d2ec071ad3970a30537bfdf17b4122f
Instruction Fuzzy Hash: 84F09A2545A2C86FCB6B4F58EC4685A7FB6BE031107064882EE048B1B2C226E4949B33

Function 0D5D193F Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b65fe3a8249133caa154943e38a5c37775aa41be7efe0c4264d09a5f0b70310
Instruction ID: 1e8fe3ead466652a48374293cfbb207eb34f218cb87a67b6c66e8e1d5ca7aefd
Opcode Fuzzy Hash: 3b65fe3a8249133caa154943e38a5c37775aa41be7efe0c4264d09a5f0b70310
Instruction Fuzzy Hash: 8101D6306197418BE7988F28C890B597625BB81300F10C9BFC90ED7690D634CED5CF29

Function 072C2411 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3a56914cc16435263fac6efc63e8e78085baa0e924b0f28a29fb04ef00a12d7
Instruction ID: 916c98e063bef0e97f37bd46291090ca1ff0e4d5353496f151e293ba66cf8a48
Opcode Fuzzy Hash: a3a56914cc16435263fac6efc63e8e78085baa0e924b0f28a29fb04ef00a12d7
Instruction Fuzzy Hash: AFF0E271B402166BC730A669D900B9EAF99AF80660F144268D4149F254EE2ADD4A47D0

Function 072CFB36 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2f16d5810165cde323f033d21ad10bd388216993faad0336eada6c879dcaef0
Instruction ID: 6b707512c23904a34bdb2ae00dc86b9bb7d1df8b1d98b574c7bd9056113a85c3
Opcode Fuzzy Hash: c2f16d5810165cde323f033d21ad10bd388216993faad0336eada6c879dcaef0
Instruction Fuzzy Hash: 8CF012F6E10206AB8B14DB6AD5549DEBBF6DF98210F04C26FD819D7600D7349540CF91

Function 0D5DCD18 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e7192af72c5041c44e8e0ec415319d91ab40b9222153e4219d25b79d1a76532
Instruction ID: 4b91e763e71f7b1d0381d76f7e2f4ed1ade7b1a3e5bcc47254aed00376bb84d8
Opcode Fuzzy Hash: 8e7192af72c5041c44e8e0ec415319d91ab40b9222153e4219d25b79d1a76532
Instruction Fuzzy Hash: E8E0E531B0425447D7AC643E6C9062B798FA7C9260F14843EDA0EC7385CC75CC1682A0

Function 0D5D7160 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e06411f11f222e7e39d6d537d93eb0e420751c868b4f48882b887aa02f2b91c4
Instruction ID: a47c41baea93681051768c0e86fbf619270fe239edc8c00eb66bb417914b27cc
Opcode Fuzzy Hash: e06411f11f222e7e39d6d537d93eb0e420751c868b4f48882b887aa02f2b91c4
Instruction Fuzzy Hash: 84E02B3270811547C79C647D184022BB5CFA7CA121B24453ECA0EC7350DC71CC0741A0

Function 0D5DB0E8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f56d158f82fecd4da78304d5d8f0eec4bbd9af25a47e2512f687c7b88842cd
Instruction ID: ec0264c7dc5858c6971d7e77c23715057ca0b1afccfdbac12eae05231ddfd02b
Opcode Fuzzy Hash: 55f56d158f82fecd4da78304d5d8f0eec4bbd9af25a47e2512f687c7b88842cd
Instruction Fuzzy Hash: 8BE02232B2A26147C7AC68BF585062FB5DFA7C9520F16853EDA0AC7341DD70CC0282A1

Function 03ED2576 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c56031454e9dab2bda3e28deac2b10817fc0fbf33d994e5e88b452d605549d
Instruction ID: 8282ae1e06b176f04ef3a0a63349048a13944aed01858c79257ecaa890bedb62
Opcode Fuzzy Hash: 56c56031454e9dab2bda3e28deac2b10817fc0fbf33d994e5e88b452d605549d
Instruction Fuzzy Hash: 97F0C975A002199F8B00DF59D48089ABBF4FF49324B24856AE918D7311D731ED16CFA1

Function 03E7E399 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2d4f7a8e2d5125ca3e58b60505870d36d9b90ddfa9486d5c6de67c3315e8010
Instruction ID: eb4e3c84a8ffbe7b3df8d265858cb0420857fef0374f35ed0d0e92e2d74a1348
Opcode Fuzzy Hash: f2d4f7a8e2d5125ca3e58b60505870d36d9b90ddfa9486d5c6de67c3315e8010
Instruction Fuzzy Hash: A6F04FB1D1025AAFDF15EFED8C046AFBEF2BB88200F1491AAC544E6311D7744941CBA1

Function 03E7FE40 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f302b520fc2945ca199f719bb641ea767c4d8b3aa37ff5ad8ffc67222cded19
Instruction ID: 58201d50b3b189761d950de91ff13d76442f696d68c0f21a32dcbf7c0f9c4ef8
Opcode Fuzzy Hash: 4f302b520fc2945ca199f719bb641ea767c4d8b3aa37ff5ad8ffc67222cded19
Instruction Fuzzy Hash: 15F097392042940FC22AE2A8511817EBEAADF83718B1C168FDA41C6A01CB146C47C792

Function 03E79CE7 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e95cd000853896894543c0d3d08fce70fe1ef2c1cba4a5249048d1f1d1cebbe5
Instruction ID: c1400a9d5b1e3a2c8acea2198c961a25b70e06836317bc89f55ad6f0c4d792a6
Opcode Fuzzy Hash: e95cd000853896894543c0d3d08fce70fe1ef2c1cba4a5249048d1f1d1cebbe5
Instruction Fuzzy Hash: 4AF0A0752043456FC721DA2AD890897FFE9EE8A260704C86EE899C7361CA70EC498760

Function 072CCEF9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3755b93aab7f29dc4022c286616feca5cfc3684e5089f4bde8f5cf584f1d12c
Instruction ID: 4dd573519b05fd2514ae7944ba19bf928da67983e81021054f48bb71a21ac2ba
Opcode Fuzzy Hash: d3755b93aab7f29dc4022c286616feca5cfc3684e5089f4bde8f5cf584f1d12c
Instruction Fuzzy Hash: 1AF0F670B300408BC358DE38DD5472E655397D5200F40853FC90ADB3AADD78DD854BA2

Function 03EDB7CC Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b857023621d493960144d66b6da1f59a62e977bfc3334c678f8aaa972616dde0
Instruction ID: d8835a8f157f390803f2df5a05934745aeb82d2ac3829c9251f046eb11f58824
Opcode Fuzzy Hash: b857023621d493960144d66b6da1f59a62e977bfc3334c678f8aaa972616dde0
Instruction Fuzzy Hash: 53F049B0D0420ADFCB00DFA8D889BBEBBF5EB48300F008569D908E7251D7708541CB90

Function 03ED2578 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff736c148934bfe82fb26f221e3d5cb9824328dfc6a0c8f149b948e04643017f
Instruction ID: 814430b84b60f886b3d4132f8b0bc11ac227eff438bab9bf8d152a123bddf88f
Opcode Fuzzy Hash: ff736c148934bfe82fb26f221e3d5cb9824328dfc6a0c8f149b948e04643017f
Instruction Fuzzy Hash: E8F0FF75A002199F8B00DF59D48089EFBF4FF49324B14816AE918D7311D731ED16CFA1

Function 03ED68B0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51ee75cda4e398c1a5ee9ea3fcdd5f82101297bc1eadda1d08873d1516928952
Instruction ID: 100f60de40d2c1d321754a08ebf3a9ba70604b656b06b57b09ad9ff9b7b40279
Opcode Fuzzy Hash: 51ee75cda4e398c1a5ee9ea3fcdd5f82101297bc1eadda1d08873d1516928952
Instruction Fuzzy Hash: DCF0EC383153580FEB24E224A420AAD77AE9B85604F0422EAE906CF382CE649C0243D2

Function 03E74782 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45ba0a0691e30cd4d1fc339a318831bfc7defb26c58539d6a63729f034c0516c
Instruction ID: dda14b10fc722cd32d2d6292ad82c2f54893b083990541fc757a1d6abe4648d1
Opcode Fuzzy Hash: 45ba0a0691e30cd4d1fc339a318831bfc7defb26c58539d6a63729f034c0516c
Instruction Fuzzy Hash: F3E06D793043A05FC725EB759850C6B3BB99F869503080AAEE846CF3A2CD61DC02C7A1

Function 03E7F710 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15721f2691784bc340ec1795bde84fdf341aeab1cdf37b155e6ab4065639e3aa
Instruction ID: 8bcbeccd4433515c2c38d91c34c18121a72a2c7352e90a457f0a091cd4d412d5
Opcode Fuzzy Hash: 15721f2691784bc340ec1795bde84fdf341aeab1cdf37b155e6ab4065639e3aa
Instruction Fuzzy Hash: 89E02B3230928122C735C12D6DD84DEBA6BEBC7175B6DD37BD00847719452148438193

Function 072C0728 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a4533152865d28816f69c8881b8a8af292ea5182bad9b933f789f23f7a800d
Instruction ID: f3c4d70b1917fd6a11f2e2854f19feba4637a3efe36fd3121e681a1fe14546eb
Opcode Fuzzy Hash: 40a4533152865d28816f69c8881b8a8af292ea5182bad9b933f789f23f7a800d
Instruction Fuzzy Hash: 04F030743605248BD788B77DD954B6E76DAAFCAB00F0580A9A10ADB3A5CDA1DC0547C1

Function 072CBCD0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70207b64a561869660355da5f36be9fb129513135ddbc7fe9189d4fc144b1d5b
Instruction ID: d9d5a049a19dbcd8cc35833fae1516de771c12e7d006b447dbee23973641d90d
Opcode Fuzzy Hash: 70207b64a561869660355da5f36be9fb129513135ddbc7fe9189d4fc144b1d5b
Instruction Fuzzy Hash: EFE0C976B041286F93149B6ED894D6BBBEEEBCD664355817AE508C7310DA319C0186A0

Function 072C1BAF Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fad58d550952454f3306dae865889ce7f105ce522040c06d7e7c57574a665d89
Instruction ID: 713a0ef6e6e57337bce89540cec175b1d0b3c9d85b1756427022eabeb6b8276a
Opcode Fuzzy Hash: fad58d550952454f3306dae865889ce7f105ce522040c06d7e7c57574a665d89
Instruction Fuzzy Hash: 0FF027E561E3C81FCB238B78AC214643FB85E93210B0905DFDDC8CB1A3E8085824C7A7

Function 03ED665F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5a3f43ff60c7f28b0c0c05b24e88665dd16955253da68100ef155ff277ee81
Instruction ID: fd1782931c47a413903a3bb4f74a59bee59e46f64f7c01d531d77fe5c1db186b
Opcode Fuzzy Hash: af5a3f43ff60c7f28b0c0c05b24e88665dd16955253da68100ef155ff277ee81
Instruction Fuzzy Hash: 10E0DF32B0402457EB88962E7C45A6FAA8FDBC5760F48813BE20AC7B90CCA5CC5242D1

Function 072C0A60 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 609d9c0d1b051a3532bda1709c5fc0de2e0ecbe355b14c2bef18252f586ae436
Instruction ID: 3b3dfe2da893e3350ec24fae64675fb3de409310dda0c5a30defa24ee435d2e5
Opcode Fuzzy Hash: 609d9c0d1b051a3532bda1709c5fc0de2e0ecbe355b14c2bef18252f586ae436
Instruction Fuzzy Hash: 9BE048B6770212A7A724E13B6C00D7B669F9BE4591B0D493DEA09C72D0DD60CC418AF5

Function 0D5DA9A8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fccc7a71904bb5a42dad8c89c96e3800495f56c9fc1604cc6a177e8a6941555
Instruction ID: 7e8732b9966fb3d827b1a63aeafe1bc8c7c7988b8b178be263cef468610918df
Opcode Fuzzy Hash: 2fccc7a71904bb5a42dad8c89c96e3800495f56c9fc1604cc6a177e8a6941555
Instruction Fuzzy Hash: 35F0F936014209EFCB02AF98C814C84BFB5FF5A314705C196F6485B132E732D5A4EB40

Function 03ED6230 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f73684a42e0a0d51cf0871f656f86cfda0c2ff0be8a89478ff8bc285395d499
Instruction ID: 2f2cd1dc294b6b57f564275c1c3ea66121c9ef4db41dd36ef35a93303f616467
Opcode Fuzzy Hash: 1f73684a42e0a0d51cf0871f656f86cfda0c2ff0be8a89478ff8bc285395d499
Instruction Fuzzy Hash: 4EE02626B2402447C708D57F6C4046FA2CF9BC82A0B48527BD20EC7340ECA4CE120095

Function 03ED6660 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b56f9c40ed77664c4917526d31f25aa656353b426969c16ba8ced707546856ce
Instruction ID: ae506749f2e19ee46b4df19005f59310ec1e341c018a7b81eadc6a4d48a7ca0d
Opcode Fuzzy Hash: b56f9c40ed77664c4917526d31f25aa656353b426969c16ba8ced707546856ce
Instruction Fuzzy Hash: 83E0DF32B0402447EB88962E7C44A2FA68FDBC5760F48813BE20AC7790CCA5CC1242D0

Function 03ED3A50 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3157c906fd12af3ed2f185f5def70c9706f9dc4542cfd16472b734a718c3876
Instruction ID: 1fc641778714d67991f3d8eb3337d08607451b728aea5eecb8d34884fb9da700
Opcode Fuzzy Hash: c3157c906fd12af3ed2f185f5def70c9706f9dc4542cfd16472b734a718c3876
Instruction Fuzzy Hash: 73E02036B2112153C708D73F6C5812BE5CF97C86A0759863BD30EC7344DD708C1241A2

Function 03E7E3A8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6883eb88bc9c1aba228da60c44fd7a4450e1104ecdfbb76280f0163e8b1005c3
Instruction ID: 5e39851c04117b1e3401577c62a3dde95edf25d17470a4f600a2564d3195061c
Opcode Fuzzy Hash: 6883eb88bc9c1aba228da60c44fd7a4450e1104ecdfbb76280f0163e8b1005c3
Instruction Fuzzy Hash: 3AF03AB0D002699FDF14EFA9D8046AFBEF6AB88300F14526AC508FB240DB740A01CBE1

Function 072C4C39 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c4885caa71efb377458791dd7a11742adf95b5d31643c2eec5badbb138b4c5b
Instruction ID: 305b6dde139e54494ff62a0527b89ca4f46f5e2dd44085ae3bb2e610651f6021
Opcode Fuzzy Hash: 8c4885caa71efb377458791dd7a11742adf95b5d31643c2eec5badbb138b4c5b
Instruction Fuzzy Hash: 71F05CB1215B818FD325E235D458823BF55FB91314B25032ED058C3161C710D811C702

Function 072C5EF0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f764bad0c732573f365f1f9c57e316e7b703e227c50bed6380829b026636878c
Instruction ID: 0dc4367683c31975d016a16a069f632604dc1a9eca830e22d5aebdafd8ad54f9
Opcode Fuzzy Hash: f764bad0c732573f365f1f9c57e316e7b703e227c50bed6380829b026636878c
Instruction Fuzzy Hash: D6F03AB4220A10CFC328EB29E444A1A73E9FB89700B1002ADE1468B771CB74EC41CB95

Function 072C1C78 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4344092aa390f2a4c06960201fac40038c4cfe1df521e4b0f77b2760cb3745cb
Instruction ID: 7ac63dc8abc32729e58bea42063c3b34cae58d3c9163069a62883ab9ba8ca1ec
Opcode Fuzzy Hash: 4344092aa390f2a4c06960201fac40038c4cfe1df521e4b0f77b2760cb3745cb
Instruction Fuzzy Hash: 0DE092B171052A8BDA14E7B9F9019E9B39DEB442A5B04026AF50ED3311DF12E91047C2

Function 072CF9BB Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 222fa0980a3e3aeeca4fab436d7d8ea6a318a6cd702b72361b2e57fa4f9b1252
Instruction ID: 7fad69fca146644ff7e5646012cb37a4a31a02a7e769972c9a2727c946c51254
Opcode Fuzzy Hash: 222fa0980a3e3aeeca4fab436d7d8ea6a318a6cd702b72361b2e57fa4f9b1252
Instruction Fuzzy Hash: 80F02B323143447FC712971DAC00F9A7B9ADBC5730F04435BF214DB2D6C9A9A94583A5

Function 03EDE4FE Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bf2f13d7f0a95a193e641a8961683d5df68689cb2aa2478a6bb79ba032bc83
Instruction ID: bb0276a0035798cf5f8e414e93330fae45c26d16f6ea45048782f84307386e59
Opcode Fuzzy Hash: a4bf2f13d7f0a95a193e641a8961683d5df68689cb2aa2478a6bb79ba032bc83
Instruction Fuzzy Hash: ED01A474E012298BEB58DF64DC90F9DBBB2BF89210F5442E9C509BB280DB315E808F25

Function 03EDE431 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 209a35034f606607a53cb9f7d1128801a0f717b0f414238596a70ac0524afe3d
Instruction ID: 8be1b75c44394084cd38cb249aa4c42afaf89979b58423fa56ab0fca3df18956
Opcode Fuzzy Hash: 209a35034f606607a53cb9f7d1128801a0f717b0f414238596a70ac0524afe3d
Instruction Fuzzy Hash: 4101A474E002198FCB54DB64DD81B9DBBB2AF8A310F5044A9C54DBB682D6315E81CF11

Function 03E77490 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a3b81c2abf706b5b131040f2b46f716e7fd22767368d43058b73b5cd0b1002b
Instruction ID: bbe3b66a916e7b12c2d5cd9a522e7340fc0653e4c2fe4ea7e2084cc8f8f7eb4f
Opcode Fuzzy Hash: 7a3b81c2abf706b5b131040f2b46f716e7fd22767368d43058b73b5cd0b1002b
Instruction Fuzzy Hash: 32E0E5B1B116105B574CEB6F9450466F6DBBFD8510318C17ED50D87624ED7198018AD5

Function 072C5952 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0915e36ffa8ee5fa223f7febb3f3aa80fe01834e115b41f79e61363cf1e89094
Instruction ID: 7997c7edbdf5134d6854aab48bf77d693386d7166bb8bb97c3734b1adef705c9
Opcode Fuzzy Hash: 0915e36ffa8ee5fa223f7febb3f3aa80fe01834e115b41f79e61363cf1e89094
Instruction Fuzzy Hash: 08F05EB9E101458FEB00EB85D891BEEB772EF84311F108165E9156B289C674B891CB50

Function 0D5D7420 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 893b204c61e5f553b23a30b18d4e57808ddcd67b9268b7e69ba80a82caf385b5
Instruction ID: 86d73f6339729e48367c2a4850a507ee343b3c951f6ed9080946e5555adb1d2a
Opcode Fuzzy Hash: 893b204c61e5f553b23a30b18d4e57808ddcd67b9268b7e69ba80a82caf385b5
Instruction Fuzzy Hash: 61F0D436014609EFCF42AF98C844C95BFB6FF49324B06C595FA099B132E732D5A4EB40

Function 03ED68C0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 504c1fc25d01fc6c619ba87ab822a7308259bfdbebc5e433f87cf318e3c11523
Instruction ID: b255764388c02a69f9728b53019212ab9edf5e196b81a8546b1b934cd2b3435a
Opcode Fuzzy Hash: 504c1fc25d01fc6c619ba87ab822a7308259bfdbebc5e433f87cf318e3c11523
Instruction Fuzzy Hash: 05E092383103244BEB14F768D4146AD73EF9BC8A51F4422AAE906CF381CEA5DC0247C1

Function 072C99D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85b68040b1318ef83ad686bf5f9d086a5327d432d8b24eb8a941cd1feac38fab
Instruction ID: 40ae33fcf1f038df280232f6579648513bb854ada40d7a8ab7f830040ecf74f8
Opcode Fuzzy Hash: 85b68040b1318ef83ad686bf5f9d086a5327d432d8b24eb8a941cd1feac38fab
Instruction Fuzzy Hash: 18E068323502047BCB10920DFC00FAEBB8ADBD4710F04813AF205C7291CAE1A8004399

Function 0D5D5F20 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610a8513958b15ea95770ac12c05b862dc76418a944bcd98d6e3147bda42d240
Instruction ID: 9b53ebe730a7c1bd144c1128a4e902b62aa272e9c1eb5f1348f3dfdc0da49547
Opcode Fuzzy Hash: 610a8513958b15ea95770ac12c05b862dc76418a944bcd98d6e3147bda42d240
Instruction Fuzzy Hash: 5FE0C23610020DBBDF119E86DC40EDB3FADFB8D7A4F014101FE0866250C232E860DBA0

Function 03EDDF8F Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 504cb21fb4d7129577b4a45dd893a0a70d3ae03381c137028f6a71638c39c724
Instruction ID: e9a5e21cfba659dad9b3a1fd817aece1f6ca03642fc50aa1145688dbee6f6eb8
Opcode Fuzzy Hash: 504cb21fb4d7129577b4a45dd893a0a70d3ae03381c137028f6a71638c39c724
Instruction Fuzzy Hash: 7CF0B2B0D0420ADFDB44DFA9D889BAEBFF2AB48300F148669D509EB261D7759641CB90

Function 03E7E29A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e70f0c061c53ad99cd5e8e0a1fc60b99b94b342a0d344764b5f6f126a6b4e807
Instruction ID: ec19623316196d3b085c59d5a196d1f2bbd7549742dad83e7635d3a9c80032a2
Opcode Fuzzy Hash: e70f0c061c53ad99cd5e8e0a1fc60b99b94b342a0d344764b5f6f126a6b4e807
Instruction Fuzzy Hash: 40E086323053141B866466BE6C944AB7FDEDEC9270328097EE699C3292CD768C418791

Function 03E719A0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7ce8c8935afb035e0b37b8de0abf5f5afb596cf6aa3b5c001115f733e738e76
Instruction ID: 339108983e6b61cfac7b9ad9db6972507b4e8cf4b5928ba8f052d6dbfdba86d4
Opcode Fuzzy Hash: a7ce8c8935afb035e0b37b8de0abf5f5afb596cf6aa3b5c001115f733e738e76
Instruction Fuzzy Hash: 02E086757103209B8664EB7A9454C7F76ADEF85A503005B6EE90BCF360CE21DC01C7E4

Function 072C56B4 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32fc1977906fcf333fb98cd81f2f59f7b25b04c2263ff8d88e6ddcd3f59aab1c
Instruction ID: 2b2a2b1dacfa3c54f1567fb541e54fb18fda3dd77e50bd4f23ca487ef2097fad
Opcode Fuzzy Hash: 32fc1977906fcf333fb98cd81f2f59f7b25b04c2263ff8d88e6ddcd3f59aab1c
Instruction Fuzzy Hash: 06F05EB5E20106CFCB14CF96E4848AEF7B0FF84310B25816AD4219B325C734E811CB40

Function 03ED6E09 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe585d0d3cc16337cbb5b523a16da938cdd2caba01182213b5fe4bd44d69a3a9
Instruction ID: c67dd4a05a362240a31c748eb5bbdda867260354620f4f97aaa2655ebeefeea8
Opcode Fuzzy Hash: fe585d0d3cc16337cbb5b523a16da938cdd2caba01182213b5fe4bd44d69a3a9
Instruction Fuzzy Hash: A9F0F234A002198FCF00DF68D844AADBBB1FB48715F0085A9E606AB360CB34E906CF91

Function 03E70A48 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c52d2a0b1ebab078f0888de7d2e2e70b747e7cb00167b1d20c353d5ef5901ad1
Instruction ID: e7b673454c77dede597438c0a98b2deb308fbffb1621c260fae34261bee023e0
Opcode Fuzzy Hash: c52d2a0b1ebab078f0888de7d2e2e70b747e7cb00167b1d20c353d5ef5901ad1
Instruction Fuzzy Hash: C5E06DF0D402159FC740DFB8C805AAF7BF1AB48600F12C9A9E814E7262E7B1C5049B50

Function 072CB234 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c9a37b8a882e1abb1cfef93207df51e33e90ff10ae243d649c5a629390a5e1
Instruction ID: 9e9cd45c02ddfa9f9978fb79839e0ea6e0d741269a28eb67d3763bc63e377290
Opcode Fuzzy Hash: 12c9a37b8a882e1abb1cfef93207df51e33e90ff10ae243d649c5a629390a5e1
Instruction Fuzzy Hash: 7BE0D8F6B006069F9B20CE68DC418BFB3B9FBC0671710471EE435E3240D730990587A1

Function 072C1BE0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46c04dc646a88b58c09a1915af9a5bb6e50b0779440dfdf37a0d570a2a3a3919
Instruction ID: 864c737871209b936a66ef68d7389a8fca9e277ea463bebc5d5135a9db860cc3
Opcode Fuzzy Hash: 46c04dc646a88b58c09a1915af9a5bb6e50b0779440dfdf37a0d570a2a3a3919
Instruction Fuzzy Hash: 3BE0ECB23505298B4A14EAADF4448EA73DCEB885A630901AEF50DC7651DA51EC108B95

Function 03E7E2A0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 915d5fefafa94cf9b9e2dcca347b7814d864f727204ee46cf9d1b29dcf6189aa
Instruction ID: b5fb78800f849b60bc56300628fc489fc26ecd26205ab2fb44d031b33fff1fd4
Opcode Fuzzy Hash: 915d5fefafa94cf9b9e2dcca347b7814d864f727204ee46cf9d1b29dcf6189aa
Instruction Fuzzy Hash: B9D02B333053141B46A431BE2C4846B3FDEDACD1B0318023AF21AC3392CC368C0183E0

Function 03E77DA1 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c6421ee23890c37107d79179d6b85a092922a2180e588767fae431bdb66def7
Instruction ID: 64d4fa84bf0587d7694683356a7d6f1c8a285ed63bbc1dbe24ed09595ef7c67b
Opcode Fuzzy Hash: 4c6421ee23890c37107d79179d6b85a092922a2180e588767fae431bdb66def7
Instruction Fuzzy Hash: 7CE06D315596989ECB02EF7484101A93FB8AF07240F04D5BAE948CF163E631C198CB80

Function 03E77480 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a721a4c9d12e230e1cf47ba6d15e6537eb3b3de2613598aae954affe4de9e5e
Instruction ID: 582ef9310371d0efa8a2428695d645d3053b8325aaf4a390880277005a5f12d7
Opcode Fuzzy Hash: 9a721a4c9d12e230e1cf47ba6d15e6537eb3b3de2613598aae954affe4de9e5e
Instruction Fuzzy Hash: 50E0DFB16046911FC31AE67958204B2BFA67ECB2003088AAED08887259D9B268139398

Function 03E7C69F Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acf7c6a4d7ffbd4372b1aa428eee112c5f99a4c38f58bf568b6d2af12389c274
Instruction ID: e15e27335e682f8eb5ef2e4703f8b1414161367131d223d678c7c13920c63827
Opcode Fuzzy Hash: acf7c6a4d7ffbd4372b1aa428eee112c5f99a4c38f58bf568b6d2af12389c274
Instruction Fuzzy Hash: B9F0C97690021ACBCF10DF84D4806DCFBB4FF59725F29A296D5557B201D371AA96CBC0

Function 072C5A8C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09b06c650ecc9e0152cd89fab223962c8b8b407ed8ee0ae2f233f84f2faf863f
Instruction ID: 27b32f77d6e68077b502efe855ad9760f4850da1fee80ab5b48952909732c738
Opcode Fuzzy Hash: 09b06c650ecc9e0152cd89fab223962c8b8b407ed8ee0ae2f233f84f2faf863f
Instruction Fuzzy Hash: D1E092BAE103058BEB00DB81E882BEDB731FB84321F208115E5146B389C6B0F890CB50

Function 072C582A Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 617789b6249501c731f3e114a2bea5485f6f67b206ac91613b7341f52d3af44d
Instruction ID: ee2a84c53291974fec5662c65ef8302e8860a04832f6f900602186a327496967
Opcode Fuzzy Hash: 617789b6249501c731f3e114a2bea5485f6f67b206ac91613b7341f52d3af44d
Instruction Fuzzy Hash: 98E092BAE103058BEB00DB81E842BEDB731FB84361F208115E5146B388C6B0F890CB50

Function 072C5894 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b58a91c0cafde89cd87bd56cc1bf01259b04f11bcd84ee8c46be0a66de899cf
Instruction ID: 6c46d45590fceef19d050862e0b486baaacac0c8f754afa565b7b73e9baa963e
Opcode Fuzzy Hash: 1b58a91c0cafde89cd87bd56cc1bf01259b04f11bcd84ee8c46be0a66de899cf
Instruction Fuzzy Hash: FAE092BAE103058BEB00DB81E842BEDB731FB84325F208116E5147B388C6B4F890CB50

Function 03EDE3BE Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5671528c6c1635efca268d5cd9e36a3e74de6eb17e2156bdd2366860c3a585
Instruction ID: c26b751f05ff52a0bf4d62f59409b26e46af2f92b772f588fd52143145369a3c
Opcode Fuzzy Hash: af5671528c6c1635efca268d5cd9e36a3e74de6eb17e2156bdd2366860c3a585
Instruction Fuzzy Hash: 19F0C979E0425D8FDF04CFA5C4844EDBBF2AF8D220F28665AD402BB740D73459828F25

Function 03E7CB5F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc523a201bc1783a2704ba817d0197bf2ecdfecb9d97e0a553424f471abb4517
Instruction ID: d5db56f724e9b0353aede06b8a5416b0b37646dbc7a051d06431623b42631872
Opcode Fuzzy Hash: cc523a201bc1783a2704ba817d0197bf2ecdfecb9d97e0a553424f471abb4517
Instruction Fuzzy Hash: 1CE0CD379481104EEB20CD10F8817C873A5EF95201F298DDAE4C0DF189C539DD838751

Function 072CD36E Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 235733565d2af126a7f28bdc5d0b937bfb1c11490d1978bd3d3ee581ea735e54
Instruction ID: a8b96ca0ff8f1055ef5e12bff888f9d9a6cf9a55c82e65f93b7fbecef5ec5522
Opcode Fuzzy Hash: 235733565d2af126a7f28bdc5d0b937bfb1c11490d1978bd3d3ee581ea735e54
Instruction Fuzzy Hash: DBE012B6429B82FBD7130774D8126E5BF91EF62720F6586A5D584044458225286BCBA3

Function 03ED66C9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0d8d4a5a89ece93573625923df197733c2739f3b3eeffa9eccbfe73b49041bc
Instruction ID: 479308302b603d6ad72598d6427a6e1207e215539b01a966741d559f1358c56c
Opcode Fuzzy Hash: a0d8d4a5a89ece93573625923df197733c2739f3b3eeffa9eccbfe73b49041bc
Instruction Fuzzy Hash: 64E086713506118FC624DA68D850BA677F5AF88610F000269F10ACB751CA61DC41CBD1

Function 03E7A5B8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4037bd2c2fcbb51d7523a31d4720f03f6f203977138069ad50140c81d470e1e5
Instruction ID: 46a4554b7daf918ca2bb0d557456508e7732f26fae3daed7fffc09c07e887587
Opcode Fuzzy Hash: 4037bd2c2fcbb51d7523a31d4720f03f6f203977138069ad50140c81d470e1e5
Instruction Fuzzy Hash: 87D02E3B2C402042D920D624BC817D83359EBC4300F28EE6AF082DB188C42AD9C24241

Function 03ED382F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade770d062c3101c790fdc87b3f39bd5e10d7e235db973f96dbc1e736e90b7f1
Instruction ID: 30a9da4e60e84a3289eae886fb190b00b73a6a01a460c0050d8fc12b51dcba8a
Opcode Fuzzy Hash: ade770d062c3101c790fdc87b3f39bd5e10d7e235db973f96dbc1e736e90b7f1
Instruction Fuzzy Hash: 2DD05E363001185BC614925DE815AAB779EDBCA765F04802AF80DD3318CEA5AC8146F1

Function 03E747C8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8db13ddf95ea17a86a8ee97041bf7c8752e410c42c7f246ecbce3a4537a531f
Instruction ID: bdc5308121a8587b69ab289527ea074b59a7264213e46793b1da8dd6ecd7daee
Opcode Fuzzy Hash: d8db13ddf95ea17a86a8ee97041bf7c8752e410c42c7f246ecbce3a4537a531f
Instruction Fuzzy Hash: 15D0A7152193A42FC706F3FA1C518E97FD84E8B02030D15E6E4498F247CC05280683DF

Function 072C5928 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e9dd7e18f88a68fe3a59f69ce4a13227fba9d6680f9ce8f9439ef17ef3ef067
Instruction ID: 518ec1960298edccac03128c51a386ec1de910da50c4b3d4bfcc88de1f776b92
Opcode Fuzzy Hash: 8e9dd7e18f88a68fe3a59f69ce4a13227fba9d6680f9ce8f9439ef17ef3ef067
Instruction Fuzzy Hash: 49E04FB5E10045DFDB10EB85E8508FEF776EFC0311F14C266D91567289C6306812CB50

Function 072C58FE Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d224e33ada3444aab0d43047cd002c43c51f162f0620f49b9e70cb1745eca86d
Instruction ID: 02046ed3f647e74ee2f74a13a3d08f9385d541e873580dbbde4378d85759433a
Opcode Fuzzy Hash: d224e33ada3444aab0d43047cd002c43c51f162f0620f49b9e70cb1745eca86d
Instruction Fuzzy Hash: B5E04FB6E10045DFDB00EB85E8508FEF776EFC0311F14C266D91567289C6306812CB50

Function 03ED3830 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 445698745b8a13bbb0ce01bf450e3b46d6738ad4a397f09aa9f92d06b186fa1b
Instruction ID: 10137339dc8493ef4e91067ec451c9a8da0fe5ed9367f080ada7efd44aead444
Opcode Fuzzy Hash: 445698745b8a13bbb0ce01bf450e3b46d6738ad4a397f09aa9f92d06b186fa1b
Instruction Fuzzy Hash: EBD0A73630011C5BC704925DE415AAB739EDBCA765F04803AF80DD3318CEB5EC4147E1

Function 03E74018 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa284b23eea36d9667bc2ceaaa862fbc0d37d4b1b6a6c0bd48b96513408e5149
Instruction ID: 7a6e6ddc5a31cd2b569c11d6fe4821f4ba295e53498285336bb9ae2d1edd3f26
Opcode Fuzzy Hash: fa284b23eea36d9667bc2ceaaa862fbc0d37d4b1b6a6c0bd48b96513408e5149
Instruction Fuzzy Hash: A2D05E313006194BDA1CA729B800AAE739AAF462A9708522DA406D7354DE65AC408BE5

Function 072CB570 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c3e049a1d35a18772198aa3fb57e62a21e013498d7557fcb3e0abf0b773bfac
Instruction ID: 724c07a12d8e992c0990bb46bdfc6c5301cfeb1f0fa175abfd972e84630d617e
Opcode Fuzzy Hash: 2c3e049a1d35a18772198aa3fb57e62a21e013498d7557fcb3e0abf0b773bfac
Instruction Fuzzy Hash: B0E086B4A00209FFCB00DFA4E90185DBFB6EB84300B108199EC0593354DE326F54DF52

Function 072C5588 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d6743a0973d16fe6ebe69f119f0c9c6a694b74d9bd81613093efa4a359d7f36
Instruction ID: d7139d3fb63bde863a9e95d704eeccde571402b3544edb1f4337e0c6b167df4e
Opcode Fuzzy Hash: 7d6743a0973d16fe6ebe69f119f0c9c6a694b74d9bd81613093efa4a359d7f36
Instruction Fuzzy Hash: 5EE01AB9A10104CFCB04DF94E484C9DB771FF88321B218196E9119B326C730EC01CF90

Function 03E70A58 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44c8b86495ab6b8cd6c92777a155171550349a13a2b4b8eabd3d1ac753025857
Instruction ID: 372ec734dad078dedeb06dec0d79c42513a31deb7e99bd5365941269d4594630
Opcode Fuzzy Hash: 44c8b86495ab6b8cd6c92777a155171550349a13a2b4b8eabd3d1ac753025857
Instruction Fuzzy Hash: 0DE0B6B4D5020ADFD740EFB9C905A9EBBF0BF08600F11C6A9D029E7252E7749A058F91

Function 03ED28E0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad8711a3506ea8fab7e526bd93e33c3799dc26192d0b0115947f820f7df25af
Instruction ID: 487028c13e0d8e0cce8b48061f2628001a5c94f0ba001c29ebce34d29a637c39
Opcode Fuzzy Hash: aad8711a3506ea8fab7e526bd93e33c3799dc26192d0b0115947f820f7df25af
Instruction Fuzzy Hash: 63C01226300668234919B19E242486F628E8ACAAA1215812EE90ACB380CE885C4302EA

Function 03ED28DB Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 622d2c41e6c8058b29fef3772c258ab8a1c1b948a23e8b2bb90fb6cedf48812b
Instruction ID: 402f376729dabcc6bc96c8213196e1c66c1a2c332f37b1ba2abbd7c2a7a78ed8
Opcode Fuzzy Hash: 622d2c41e6c8058b29fef3772c258ab8a1c1b948a23e8b2bb90fb6cedf48812b
Instruction Fuzzy Hash: 5AD012263045B0134929B16E30244BF57CA4ACA661315557FE44DCF344CF540C4353D6

Function 03E77DB0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69bb626beacf61ba95887ed8c048802c526149746ed3fa6c771214fda14f820a
Instruction ID: 743ef8a133bf95e6ee4421f1d3ac79d14f3b76017a45eec9c72847584ba29976
Opcode Fuzzy Hash: 69bb626beacf61ba95887ed8c048802c526149746ed3fa6c771214fda14f820a
Instruction Fuzzy Hash: 12E01731810A0CEECB50EF79D5040BE7BFCAB06254F50D63AEA0C9A110FA30D2A8CF90

Function 072C4CF0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50007e3d1cd1ae9f1395654cb9510c166376cbb57a4cc55d2bab136a93d5e8a8
Instruction ID: f82ed217234f29f78dffbd805232dac2d24cca3fd528b7b87997831d2b0f0af1
Opcode Fuzzy Hash: 50007e3d1cd1ae9f1395654cb9510c166376cbb57a4cc55d2bab136a93d5e8a8
Instruction Fuzzy Hash: EFD05EB51183819FCB42DB34D4648A17FF4EF3721471651DAD5488BA27D321B852CB51

Function 03EDDF48 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05231f968c3240e0e7e5332308708cb2d35f70c64ccdb349bdb9356af56b0c2e
Instruction ID: 548b2c36e6998e2d2eea8fcc1a1ae316ff1e3bc7d0a82edb7ee89fc18a16fb8d
Opcode Fuzzy Hash: 05231f968c3240e0e7e5332308708cb2d35f70c64ccdb349bdb9356af56b0c2e
Instruction Fuzzy Hash: F5D017B4C4430EAFDB40EFB988113AFBBF4AF04200F109A6AC014FA241EBB442068F91

Function 03EDDF47 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67d9fe64f73cd6ee6d0a5d8cdfbf2c8b41f1a82972ac4b50374ea2ea4e49b5c3
Instruction ID: e15cd0ac0f721bd1201bed0462c9dcf38ff9f7bb37682bc1ac4b446184e09a83
Opcode Fuzzy Hash: 67d9fe64f73cd6ee6d0a5d8cdfbf2c8b41f1a82972ac4b50374ea2ea4e49b5c3
Instruction Fuzzy Hash: CDE0ECB0C4020AAEDB50EFB9C8517EEBFF1AF44210F109A69C015F6201EB7402058F80

Function 072C5A32 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ec2d433db5d52ffdf97cae5883eb45cfd014ebae928b2f2e88c8c50fe6be068
Instruction ID: 5e764aca45f6b2ffaea0637ea6a921b7e357550813cdf47328b0c041010c69bf
Opcode Fuzzy Hash: 1ec2d433db5d52ffdf97cae5883eb45cfd014ebae928b2f2e88c8c50fe6be068
Instruction Fuzzy Hash: 50E017BAE10108CFCB04DF85E4918EEFB71FF88221B10819ADA15AB325C730E851CF90

Function 03EDE037 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fa72b8da303a4dcd97c06e73af83d51bdc47d60043f730ee491c09376833547
Instruction ID: 89c76178608a067e87e5461578411dd2fade103bcb711dd26373adbecb97a507
Opcode Fuzzy Hash: 0fa72b8da303a4dcd97c06e73af83d51bdc47d60043f730ee491c09376833547
Instruction Fuzzy Hash: 15D012361102089FCB40EEA5F840D927BEDBB54740B049562F608CB920FA21E465D791

Function 072C5AC8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5fe6dbfc64fe4ef7c0689387900112ca174a68b2f73465b9cf84b56aa7d6be0
Instruction ID: f9da7c7f6d142aa01ebae04310988543fc9ad5c264be65fa326cfef56d3c4aed
Opcode Fuzzy Hash: b5fe6dbfc64fe4ef7c0689387900112ca174a68b2f73465b9cf84b56aa7d6be0
Instruction Fuzzy Hash: 1ED0C9BAE60308DBDB10DBC5F891BEDF731FB84325F208256DA156B289C6717521CB91

Function 072C5ADF Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36afcc4f6a8fa7dc5f80aee36fc1f0bd4d6b50b42c0a827fd02136c5ae963341
Instruction ID: 913cffedd91d1f139dbef7ab6c65eef125c54dbc70ae872572fe85e6b0064c3d
Opcode Fuzzy Hash: 36afcc4f6a8fa7dc5f80aee36fc1f0bd4d6b50b42c0a827fd02136c5ae963341
Instruction Fuzzy Hash: 5FD09EBAE60204DADB10DA85F851ADDB731EB84325F208156D91567285C67164158B51

Function 072C5866 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403c7d3c53cbfe925c9f0d52b5dc8213ea1cf3d9d1ba3f769f6a159cebcdf201
Instruction ID: 65e7baed330fc70cd7dd82d3cdbf7e6cfc290470224f5737964b2b7e4e32539b
Opcode Fuzzy Hash: 403c7d3c53cbfe925c9f0d52b5dc8213ea1cf3d9d1ba3f769f6a159cebcdf201
Instruction Fuzzy Hash: 53D0C9BAE60208DBCB10DBC5F851BEDF731FB84325F208256EA156B289C7B17511CB91

Function 072C587D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6efd400fa81d9a4d057082f2515f42f39e2e16c33df93f79a16c9739a1f0eaf0
Instruction ID: 0028bd35ef1ac0455cce629556cb3a637c49b7856a72a29c2a120bfe3af4f839
Opcode Fuzzy Hash: 6efd400fa81d9a4d057082f2515f42f39e2e16c33df93f79a16c9739a1f0eaf0
Instruction Fuzzy Hash: 4ED09EBAE50204DACB10DA85F8516DDB731EB84325F208156D91567289C67164158B51

Function 072C58E7 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 423514f8aa8f4514f3b03c893fd741f839359fbb32cf887b3e1f2a79a42348b3
Instruction ID: 8ae3ba1f3542455bf9ae899f152813272849965feac60f456d539a9c5a3cce2a
Opcode Fuzzy Hash: 423514f8aa8f4514f3b03c893fd741f839359fbb32cf887b3e1f2a79a42348b3
Instruction Fuzzy Hash: EAD0C9BAE60208DBCB10DBC5F851BEDF731EB84325F20C267DA296B289C6757415CB91

Function 072C58D0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732af3127dae74e987cc15b04ae655ec79d7dd0c97e0958552dd4eee3a7e34c0
Instruction ID: 11cbd1c5a56e97ad029bc57b5c5428571b32f03c06814d41424217b968e98411
Opcode Fuzzy Hash: 732af3127dae74e987cc15b04ae655ec79d7dd0c97e0958552dd4eee3a7e34c0
Instruction Fuzzy Hash: 43D0C9BAE60208DBCB10DBC5F851BEDF731FB84325F208267DA156B289C6757511CB91

Function 03E73339 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5420ee83348882aba23db7b7417dcde5953f43c83d38507d019d7dd0203c55dc
Instruction ID: 7b4ca7892e146cb5ccd7da3c8a8b9897babf600e3353a63d8f27eb27c58cdb8f
Opcode Fuzzy Hash: 5420ee83348882aba23db7b7417dcde5953f43c83d38507d019d7dd0203c55dc
Instruction Fuzzy Hash: CBD0A932240308BFC700CF98C884C49BBA8EF0A320F108096FD888F222C232E810DB41

Function 03E73310 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 656fac09248aabe1f56b275f758129c935a2cade86e90733fddd8a48a2442a9c
Instruction ID: 115f375b1489958d72da106c69d3d0b84aa85a300baa4bee19604708a5db1486
Opcode Fuzzy Hash: 656fac09248aabe1f56b275f758129c935a2cade86e90733fddd8a48a2442a9c
Instruction Fuzzy Hash: FAC01265A457087EE201B669CD1284E7F70EB23A91F40535AE0C51D050F660845982A3

Function 072C0338 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49786b4ba3a55af0dc4db9f8c1e797b41b62c53ac20208ba9f29fd0a761ce70f
Instruction ID: 8d965a7598ca81cf6f8fd87ecedccac230a060105d108b8717c3c2c2d2f8aa80
Opcode Fuzzy Hash: 49786b4ba3a55af0dc4db9f8c1e797b41b62c53ac20208ba9f29fd0a761ce70f
Instruction Fuzzy Hash: A4D0C934E162408FD749CF2CD4456867BE2BF88380F2644F5E988CB31AE360E9D4CB92

Function 072C5703 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 414fe2525c16d7957214b9e4356b26cc8e178f58349946ee52b21795e3d1c3d5
Instruction ID: 6956e5483b48e421cc56bef21a64e7dbda07e1351b977282622cdb1089b6efc9
Opcode Fuzzy Hash: 414fe2525c16d7957214b9e4356b26cc8e178f58349946ee52b21795e3d1c3d5
Instruction Fuzzy Hash: FED0C9BAE24208DB8B00DBC5F4404EDF731EAD4221B208257CA156720886316412CB91

Function 072C5773 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d3306c7572ff661922a1232e513a7ecfed3945ddf5027577635700b42be4095
Instruction ID: c506209bff2707d1e6ecb48fa899db19c27eb6765b3ef9328d7b13a7c9eee203
Opcode Fuzzy Hash: 1d3306c7572ff661922a1232e513a7ecfed3945ddf5027577635700b42be4095
Instruction Fuzzy Hash: ABD0C9BAE20209DB8B10DBC5F4404EDF731EA84221B208256CA156724886306511CB91

Function 072C5783 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d3306c7572ff661922a1232e513a7ecfed3945ddf5027577635700b42be4095
Instruction ID: 6270ad031b7d5649185b975e44c877ff07dbb5fe862488596edddf97ef19cf63
Opcode Fuzzy Hash: 1d3306c7572ff661922a1232e513a7ecfed3945ddf5027577635700b42be4095
Instruction Fuzzy Hash: 5AD0C9BAE20208DB8B00DBC5F4404EEF731EA84221B208256C9156720886306421CB91

Function 072C5622 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8fafcc58c481f16651526396a106d006ae7d5dbb8f6c462de322747f4950ccd
Instruction ID: 68e8fc27f2ebfd81a50a143b1adc21a8bd19690ad65939e7cc2cf863a27cd1cb
Opcode Fuzzy Hash: d8fafcc58c481f16651526396a106d006ae7d5dbb8f6c462de322747f4950ccd
Instruction Fuzzy Hash: CFD0C9BAE24208DB8B00DBC5F8404EDFB31EA84231B208256C9156720886316412CB91

Function 072C5632 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8fafcc58c481f16651526396a106d006ae7d5dbb8f6c462de322747f4950ccd
Instruction ID: 85dcd1767e942079742e289162f5eba395b3cbe4c62cb25b37e9abd1276369d1
Opcode Fuzzy Hash: d8fafcc58c481f16651526396a106d006ae7d5dbb8f6c462de322747f4950ccd
Instruction Fuzzy Hash: 15D0C9BAE24208DB8B00DBC5F4404EDF731EA94221B208266C9156720886316412CB91

Function 072C56A4 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 088288d04e3dbb8450e80dba7e011b0f1c523d8a079f63df42181840ecd5c060
Instruction ID: d4599ab76f7a4cdb56c545992eaef6227717e1e0fb0a8be8d80827877cdbb293
Opcode Fuzzy Hash: 088288d04e3dbb8450e80dba7e011b0f1c523d8a079f63df42181840ecd5c060
Instruction Fuzzy Hash: 3FD0C9BAE24208DB8B00DBC5F4804EDF731EA94221B208256CA156724886316512CB91

Function 072C56F3 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 414fe2525c16d7957214b9e4356b26cc8e178f58349946ee52b21795e3d1c3d5
Instruction ID: 3f5831bf61816be9d0cb2b476a4668ec07cb7c26dcfd93950f27e8186d1e1846
Opcode Fuzzy Hash: 414fe2525c16d7957214b9e4356b26cc8e178f58349946ee52b21795e3d1c3d5
Instruction Fuzzy Hash: D5D0C9BAE24208DB8B00DBC5F4404EEF731EA84221B208256C9156720886316422CB91

Function 072C55BC Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c14334587201b090b4d3aabb413888b6c0f154e24a4c7063afd8c59f07c7eed2
Instruction ID: c0f3a5b2a1a2e67aff83eb4576740d4c7b9d403e92270204102acd96dc345864
Opcode Fuzzy Hash: c14334587201b090b4d3aabb413888b6c0f154e24a4c7063afd8c59f07c7eed2
Instruction Fuzzy Hash: 38D0C9BAE25208DB8B00DFC6F4404EDF731EA84225B208256C9196720886316412CB91

Function 072C5B5D Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a7a1d18a7aae20bec417e3aa4b1956b42a48e146ea47b5dd47d4fc6bb284ac0
Instruction ID: d34e918eb62a8f41b2c0c1d5c89fd0d63a564b1006c3eea343bbd5e7fe3769e3
Opcode Fuzzy Hash: 3a7a1d18a7aae20bec417e3aa4b1956b42a48e146ea47b5dd47d4fc6bb284ac0
Instruction Fuzzy Hash: DAD0C9BAE25208DB8B00DB86F4404EDF731FA94221B208256C919A7208C630A421CB91

Function 072C5A22 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4bbe176693786fd130886c1dc3c0a0246bee7c376f7b1b0813e393278363c3f
Instruction ID: b4c4b8d8c5e9f8d5811ec379018fc3a0592c7362ece18db69ca6d2ea60258764
Opcode Fuzzy Hash: c4bbe176693786fd130886c1dc3c0a0246bee7c376f7b1b0813e393278363c3f
Instruction Fuzzy Hash: C1D0C9BAE20208DB8B00DBC5F4504EDF731EA84221B208257C9156720886306411CF91

Function 072C5A12 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4bbe176693786fd130886c1dc3c0a0246bee7c376f7b1b0813e393278363c3f
Instruction ID: 590860d86e7c6a0b25969f49729d839b34f7022492061fbd6390b7f1f49e3151
Opcode Fuzzy Hash: c4bbe176693786fd130886c1dc3c0a0246bee7c376f7b1b0813e393278363c3f
Instruction Fuzzy Hash: 73D0C9BAE20208DB8B00DBC5F4504EDF731EA94221B208266C9156724886306411CB91

Function 072C5A4D Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f0f436a84045e598c5de367fccd8082fe85272d69eeae740db39e9e4543969
Instruction ID: 2d4b4f48e84ac6be286d842afceeb528d33f84fd53badfba0fd6f6f32093884b
Opcode Fuzzy Hash: 24f0f436a84045e598c5de367fccd8082fe85272d69eeae740db39e9e4543969
Instruction Fuzzy Hash: 35D0C9BAE20209DB8B10DBC5F4504EDF731EA84221B208256CA156724886306511CB91

Function 072C5A5D Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f0f436a84045e598c5de367fccd8082fe85272d69eeae740db39e9e4543969
Instruction ID: aa76366c4c032b7912fc92d32339f280e57dd03f2b78f9b353125a9f6fa25520
Opcode Fuzzy Hash: 24f0f436a84045e598c5de367fccd8082fe85272d69eeae740db39e9e4543969
Instruction Fuzzy Hash: A4D0C9BAE20208DB8B00DFC5F4504EEF731EA84221B208256C9156720886306421CB91

Function 072C5AF6 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e75dc6877d65859309c11390a8d53f8ad9455fa785ddf1c41b95cc049aa3355a
Instruction ID: 791d56f8136d50c7dc4997b916b6ec36c04ee37f85e01768a6cc8a3647433ec8
Opcode Fuzzy Hash: e75dc6877d65859309c11390a8d53f8ad9455fa785ddf1c41b95cc049aa3355a
Instruction Fuzzy Hash: 96D0C9BAE20218DB8B00DBC5F4504EDF771FA84225B208256C9156720886316411CB91

Function 072C581A Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9845835c0bc989afbefc3b341261f3041d53330be2a9e66d59b69efc45c2b2f
Instruction ID: e6bec947861a79a0dc3a1a716ffa7952d31430d773c5098155d5550df715dd59
Opcode Fuzzy Hash: d9845835c0bc989afbefc3b341261f3041d53330be2a9e66d59b69efc45c2b2f
Instruction Fuzzy Hash: A4D0C9BAE21208DB8B00DBC5F4504EDF731EA84225B208256C9196720886346411CB91

Function 03EDE76A Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efcd82a338bb72479648a70cc03480c94c86c610f07d2264d6eee4a41eb37220
Instruction ID: ee159c6894226fb41b028aa2912822b3ec93d3dd15e3dbaf57c1e5ee8b6eb667
Opcode Fuzzy Hash: efcd82a338bb72479648a70cc03480c94c86c610f07d2264d6eee4a41eb37220
Instruction Fuzzy Hash: FAD092B4D0825A8ACF10DBB0C8814ECBEB1AA09611F28221AD002FB641D6245982CF20

Function 03E74768 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2086e03ec2feac3b1081d1ffbfa9a0a711f53d5a287417b5632a8be2a4d30ecd
Instruction ID: 7440e543d48be8609a80f1746f22a791a750bb57250319afcc8553213bb26a20
Opcode Fuzzy Hash: 2086e03ec2feac3b1081d1ffbfa9a0a711f53d5a287417b5632a8be2a4d30ecd
Instruction Fuzzy Hash: 25B01222714738130809F1AD38104EE728D4AD98B0344066FE50E8B341CD851D0202DF

Function 03EDC196 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c91e6ce86743a083218f709c5c11335dcee6400f71811078e71b8c39c7ce18a
Instruction ID: 5687455941ae6c8587fac0d690b4c3840d09a085f14ee29fe6ab7d3d983819ae
Opcode Fuzzy Hash: 8c91e6ce86743a083218f709c5c11335dcee6400f71811078e71b8c39c7ce18a
Instruction Fuzzy Hash: 32D092B4D152698FCF20CB65C940B9CBAB0AF05300F0051EA8189B7241EA304E81DF20

Function 072C423D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681e3118fa2d11082b712d1b8b4573faa7502b36fdf3a51b4add7618e2243ec2
Instruction ID: c6faba2ee07019f9ada3cbe48f10cfec32cc74d37c289ed1a7373f6d7a215b7b
Opcode Fuzzy Hash: 681e3118fa2d11082b712d1b8b4573faa7502b36fdf3a51b4add7618e2243ec2
Instruction Fuzzy Hash: 2BC0023AB510199F8B04DAA8F884898B770FB8422971100A6E61997221D631A9158B51

Function 0D5D37D0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d30b6ff9ad2e7525cb3b66f34bb044e6707c762fd8c1a8f9f0f758ae57254043
Instruction ID: 85b43cdf41d2a414949b7c5632f14eb360b16c3b9bf0cdb644b095fdc701c95a
Opcode Fuzzy Hash: d30b6ff9ad2e7525cb3b66f34bb044e6707c762fd8c1a8f9f0f758ae57254043
Instruction Fuzzy Hash: 3EC0483600420EBBCF02AE85ED02C9A3F2ABB48260F008411FE18085718673DAB0FBA5

Function 0D5DBEC8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b8ce7fedd76284a1279ee37d64ea6f73a4f07c97f01d0550682e400db97061
Instruction ID: a874578122632edabc6b3ae760529d6ff2433d97ae8406809934c87402e62698
Opcode Fuzzy Hash: 25b8ce7fedd76284a1279ee37d64ea6f73a4f07c97f01d0550682e400db97061
Instruction Fuzzy Hash: 84C0483604420EBBCF06AEC5EC01C9A3F2AFB48260F408451FE1908071C673EA70BBA2

Function 03E73348 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90

Function 072CF0A0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6393011041d677034e1b79bbab7d33d1206e6d66fda7377742ff15e5762dc91
Instruction ID: 30a61d7a41b92f951c79d58e095bb0f6476368b06815e6c906fbc54306a34959
Opcode Fuzzy Hash: c6393011041d677034e1b79bbab7d33d1206e6d66fda7377742ff15e5762dc91
Instruction Fuzzy Hash: 3DC02BD22F9200A7D000D3580A60B36D640DBB1700F00CC5D610846309C011C8029713

Function 072CC0AC Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113a9b1212720db2630e1da84ddf2fe8ef0e8084d87499e27da1692deb995559
Instruction ID: e67efe2567c0f6e420201ab7f9f69d94b6b69abf53792f27191a439bd3eb1e23
Opcode Fuzzy Hash: 113a9b1212720db2630e1da84ddf2fe8ef0e8084d87499e27da1692deb995559
Instruction Fuzzy Hash: 64B092E52B5200A29404A6A84940A6A9910EBF6B04F40C96A270990414846284A5D52F

Function 072C4D00 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4055f8bebb1f09e3430c6095b42012c1cc66e4952e1761faa242fe6affef8bb3
Instruction ID: 3bbf454b5b9fc03ef957e261e241749e4bd707ce72a56f356b2931b7ea99cff3
Opcode Fuzzy Hash: 4055f8bebb1f09e3430c6095b42012c1cc66e4952e1761faa242fe6affef8bb3
Instruction Fuzzy Hash: 3DC04834260208CFC244DB68E488D60B3E9AB48A18B2180E9E90D8B723CB32F8128A50

Function 0D5D2E74 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c2631828c5bd23c7497579cf27a4dfa57756955e792040c42710c7f97952d8
Instruction ID: 548f7443fd73f77de6b902a6dbe6f8ec501cafe7bc9cf83f84e362afd0010d32
Opcode Fuzzy Hash: d7c2631828c5bd23c7497579cf27a4dfa57756955e792040c42710c7f97952d8
Instruction Fuzzy Hash: 66A0120018804E80C494736C04463355001FB80306FD0DC10D70D400944540D001003E

Function 0D5DE2A8 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b0f674d308e81efee90aee23244b0d5e2b4867a0c31767d4cba546b136af090
Instruction ID: bc386b649b08245b3e6597d008505647d6f1ed513bb86a8abfb0a47f92114f6a
Opcode Fuzzy Hash: 4b0f674d308e81efee90aee23244b0d5e2b4867a0c31767d4cba546b136af090
Instruction Fuzzy Hash: 5CC04C35658510CFC394CF28C59491477B4FB49B10F1145A5E4069F2B1C679E944CE11

Function 03E78FA8 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1493fecef5be22f9305d9c1e50ebc3b24b1535168a9050537ad16c9213baec74
Instruction ID: a39a8fc6071e9e97c32a99702e2a33a257f0c4104b09b92709a1ec52b61c07fa
Opcode Fuzzy Hash: 1493fecef5be22f9305d9c1e50ebc3b24b1535168a9050537ad16c9213baec74
Instruction Fuzzy Hash: 99C002618381D44DEB12DB6471593543EAF173232AF08318AD78B51143C199034ACBA9

Function 0D5D1B63 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f696140135f79755405c9715bcd57a3a8dd9c7122fb6e27abce35459ea809dbb
Instruction ID: bc9ca11cad690ff993c6dced100fb95d7b805e069a641c6c8b522166a2ad46d1
Opcode Fuzzy Hash: f696140135f79755405c9715bcd57a3a8dd9c7122fb6e27abce35459ea809dbb
Instruction Fuzzy Hash: D7C02B30801200CFC75C8F10CD85F89B6B4B708300F00C076CC0ED1190CB344E808F24

Function 072CD07F Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e627ccbd4bcb908ca4e61175853d6335b863e4d0a4d9ef59030e457a71d563b
Instruction ID: 8b9405d8a480fa6f621b981b526007ab836b5991e9614555ecb309b028215a83
Opcode Fuzzy Hash: 0e627ccbd4bcb908ca4e61175853d6335b863e4d0a4d9ef59030e457a71d563b
Instruction Fuzzy Hash: A4A02283FB8802C3F208A238CE20028000B03E2080F002A3E080FC2CE0CC8CEF8808A3

Non-executed Functions

Function 077CCE60 Relevance: 2.9, Strings: 2, Instructions: 373COMMON

Download Yara Rule

Strings

Hbq, xrefs: 077CCFFD
Hbq, xrefs: 077CD05D

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: 71f40484158a171244877f5f68d61c7085d90ab7096e6fd7dbd5ca91d9cec559
Instruction ID: 396b430ae7da34307f83291d76a064647fd3c2eb9a17e943a313a99ce4ab6a64
Opcode Fuzzy Hash: 71f40484158a171244877f5f68d61c7085d90ab7096e6fd7dbd5ca91d9cec559
Instruction Fuzzy Hash: 32E12AB0A002189FDB15DFA9C494AAEBBF6BF89340F14846DE409AB364DB349D46CF51

Function 03EDF9AF Relevance: 2.6, Strings: 2, Instructions: 137COMMON

Download Yara Rule

Strings

XDUQ, xrefs: 03EDFA64
wkVQ, xrefs: 03EDFAF9

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: XDUQ$wkVQ
API String ID: 0-1120765957
Opcode ID: 2e689af86d255f4d8c1b1f5c489e5d2606a6cee9ab86231327bcc0bdb6e44589
Instruction ID: 48ef0adb47d193528a77e171c9e0f9cb0d3b6e1ab23434ad5d05954c5d7b8ea3
Opcode Fuzzy Hash: 2e689af86d255f4d8c1b1f5c489e5d2606a6cee9ab86231327bcc0bdb6e44589
Instruction Fuzzy Hash: 86519375E051199FCB48CFA9D9819EEF7F2BF88700F14A926E816B7314D73099428F64

Function 0914D180 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

d, xrefs: 0914D1E4

Memory Dump Source

Source File: 00000000.00000002.2052172698.0000000009130000.00000040.00000800.00020000.00000000.sdmp, Offset: 09130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9130000_Titan.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 0c33d1c76e447aff0b77656884fff3543d4cb7e87facdca32db9f28f380a9b11
Instruction ID: 32281921a05a197a05c01a54fb4b4e8c9febef32f47cb7dd18d2e683b63665b8
Opcode Fuzzy Hash: 0c33d1c76e447aff0b77656884fff3543d4cb7e87facdca32db9f28f380a9b11
Instruction Fuzzy Hash: 326115357002008BEB04DF78D980B5A7BA6AFC4308F5584BADD0E9F2D6D7B6E945CB91

Function 0A932240 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

BG, xrefs: 0A932326

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID:
String ID: BG
API String ID: 0-24399239
Opcode ID: c8449a2b2cb25e765fc9b7c5e7b4257c7c78f1409cc034a11a889dab704dafca
Instruction ID: d24b2dc24afdc1cca39ddb62f39882e908db99525a9ad174988091fa7fc76056
Opcode Fuzzy Hash: c8449a2b2cb25e765fc9b7c5e7b4257c7c78f1409cc034a11a889dab704dafca
Instruction Fuzzy Hash: A551DEB3E0464A9FCB15DFA4CC553FEB7B6EF91300F188276D010E6582DA788A41CB80

Function 03EDF7CF Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

F5}, xrefs: 03EDF83F

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID: F5}
API String ID: 0-3327517796
Opcode ID: f962b20c4bef6dd41564eca72483a2a040ac8d63ba465f89dfa96ad35ebae7a0
Instruction ID: 9bd88e8b39f127c9b3c55ed85f2f66a130ed3aaa7bae7131bea6ce7899007beb
Opcode Fuzzy Hash: f962b20c4bef6dd41564eca72483a2a040ac8d63ba465f89dfa96ad35ebae7a0
Instruction Fuzzy Hash: 7E51C274E01219DFCB04CFA9D8809EEBBF2BF89210F14966AE416B7314D73099028B65

Function 03EB223F Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

.DT&, xrefs: 03EB22D7

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID: .DT&
API String ID: 0-450903968
Opcode ID: a58ee901829dda4cfb93a1105eff355ecc72cf9511f4b7993d10e332982dd13e
Instruction ID: 80fbc13aed989b92547fd35034ed9756caa4153356bb7f031d868056fc59c791
Opcode Fuzzy Hash: a58ee901829dda4cfb93a1105eff355ecc72cf9511f4b7993d10e332982dd13e
Instruction Fuzzy Hash: C751FE70E042198FCF08CFAAC880ADEBBF2AF89314F14D62AD519BB254D774A545CF64

Function 0A932278 Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

BG, xrefs: 0A932326

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID:
String ID: BG
API String ID: 0-24399239
Opcode ID: 963a36e9866c47d47485b26645400368ec6acea740db7209a766fbb847c47bba
Instruction ID: 8b01408835cd676899cdae54f7aa5e274acb8df075ce580be6f1bd61efe3ccdf
Opcode Fuzzy Hash: 963a36e9866c47d47485b26645400368ec6acea740db7209a766fbb847c47bba
Instruction Fuzzy Hash: 5541EEB3E0450ADECF15DFA5CC513FEB7B2EFA1740F188276D020A6592DA788A55CB80

Function 03EB2BA0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

Rr2\, xrefs: 03EB2C3A

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID: Rr2\
API String ID: 0-2560159141
Opcode ID: 99c1fb5bcef1f123eeb1dc33c983fd603644dbd53e91c6b148e01fe976cc8648
Instruction ID: a60bcff646b12ab0efdcc956b28eca86f108af13af3e7aa4a7e02474324f7ac8
Opcode Fuzzy Hash: 99c1fb5bcef1f123eeb1dc33c983fd603644dbd53e91c6b148e01fe976cc8648
Instruction Fuzzy Hash: 4A410274E012188BDF58CFAAD9407DEBBF2BF88300F18D5AAC509B7254DB715A858F64

Function 03EB2B98 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

Rr2\, xrefs: 03EB2C3A

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID: Rr2\
API String ID: 0-2560159141
Opcode ID: 9bcf4b31bcdd87d96ecb11ea0dda0da04b0c65b15bdcd187f0e614551e55e501
Instruction ID: 43e1e0f36e94ee7387bad7a6c1be85ad47d3f0f3cd1cc671d73c81bd5281d97c
Opcode Fuzzy Hash: 9bcf4b31bcdd87d96ecb11ea0dda0da04b0c65b15bdcd187f0e614551e55e501
Instruction Fuzzy Hash: 5D410374E012188BDF18CFAAC9416DEBBF2BF88300F18D5AAC409B7254EB715A458F64

Function 0D5D2612 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96b19b3fdcbf4e7dd0d7d7e042b5bea9b95985375a8f2d704a702d92eff35d96
Instruction ID: 5b98f14ab1117799ff72faa92a16677f8e5258771affd68124ea32fb1372d20b
Opcode Fuzzy Hash: 96b19b3fdcbf4e7dd0d7d7e042b5bea9b95985375a8f2d704a702d92eff35d96
Instruction Fuzzy Hash: BEB1D435A0420AEBDF691FA8DC40BBEBF36BBC0340F514856EC656A194CB34C570DB9A

Function 0D5D7594 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3cb2f449ed64fb7b437329d2dbdc3ace308fbdd0c69160a218d71d1f51d97ce
Instruction ID: c3a93d61547526bb6cb85a35865cc2153235476a03ca6384a33234727a98fe1e
Opcode Fuzzy Hash: c3cb2f449ed64fb7b437329d2dbdc3ace308fbdd0c69160a218d71d1f51d97ce
Instruction Fuzzy Hash: 08D15B70A10715CFDB65DF28C980BA9BBB6BF89300F1085E9D909AB260D731EE85CF51

Function 0D5DCD88 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4263bb761638ac9b9de5a3eaab32812ed33752797ea64d0f1e476a8d8584a5
Instruction ID: 0aae9fe3dc42a83ebd2c074c125f9eef6bdaf5673429c5b68e5166e01320eafa
Opcode Fuzzy Hash: db4263bb761638ac9b9de5a3eaab32812ed33752797ea64d0f1e476a8d8584a5
Instruction Fuzzy Hash: B4D15B70A00715CFDB65DF28C980BA9BBB6BF89300F1085E9D909AB261D731EE85CF51

Function 0D5D2640 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f35d057297453f9c0a8f65379ae2a5f98ecbedc4f76fd2d7caca8a934dc408
Instruction ID: 6e29a521b1ae891116292c64495821808bd7b2f2174bc1effeb8d74d9d02b056
Opcode Fuzzy Hash: 38f35d057297453f9c0a8f65379ae2a5f98ecbedc4f76fd2d7caca8a934dc408
Instruction Fuzzy Hash: 9BB1E634A0420AEBDF691EA8DD40BBEBE36BBC0340F518856FD557A194CB34C570DB9A

Function 072CC79F Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b37d6d843b63be0cbc0581e350cb98f2b1c5b9ce6578f274436f6d01d73081
Instruction ID: c165c8d4ab195e113a98d5ce726152e3740f0153bfffea98c478c1d59c007e2d
Opcode Fuzzy Hash: 94b37d6d843b63be0cbc0581e350cb98f2b1c5b9ce6578f274436f6d01d73081
Instruction Fuzzy Hash: D3D11631C2075A9ACB11EFA4D954A9DB7B2FF95300F51C79AE4093B260EB706AC5CF81

Function 072CC7B0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d26153f2216d671ed7649303a87951342a7a6f45a96768e6010c32fb4effc188
Instruction ID: 7f3cbd48d5cf889f2e18c3306e1db4aec72c838986360429e5268cfa98cbabf5
Opcode Fuzzy Hash: d26153f2216d671ed7649303a87951342a7a6f45a96768e6010c32fb4effc188
Instruction Fuzzy Hash: 42D10531C2075A9ACB11EFA4D954A9DB7B2FF95300F51C79AE4093B260EB706AC5CF81

Function 072C284C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22cc04d4c6d2756598ac91d85041cbdc2c16a29ecf7e56c6784dd374df45b2be
Instruction ID: 584e9920d9b7c2fcf39b6f526ff815ca88b9bcb6e11e7221bd4267d9b44ed6a7
Opcode Fuzzy Hash: 22cc04d4c6d2756598ac91d85041cbdc2c16a29ecf7e56c6784dd374df45b2be
Instruction Fuzzy Hash: 17A18F72E2020ACFCF09DFA4C94059EB7B2FF95300B14866EE906AB265DF71D945CB90

Function 077CDD8D Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45379261c332fb276ff2dc39c66c0ce93b62f679786cefd8a10523eeecfec9a1
Instruction ID: 7cb66e34475b1f40b0c8eafcef437ede0e8078481c35fc561b0e6e03f71ef2af
Opcode Fuzzy Hash: 45379261c332fb276ff2dc39c66c0ce93b62f679786cefd8a10523eeecfec9a1
Instruction Fuzzy Hash: 68A103B0D01209DFDB15CFA8C9446EEBBF2BF89304F20856AE414BB260DB759985CF94

Function 0D5D729C Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e954874293290e214bf5bfe47d8da6daff8b6a13fcf7b381cb751f66ce8cd3c6
Instruction ID: 863b9025f1dabdbab66a4a936c3de67456245987fc9405fe318d6d8bdbe7caf5
Opcode Fuzzy Hash: e954874293290e214bf5bfe47d8da6daff8b6a13fcf7b381cb751f66ce8cd3c6
Instruction Fuzzy Hash: 25B14134A15215CFE768CB58C985FA9B7B5FB98300F1089BADC09AB3A1D734DE54CE21

Function 0D5D90C9 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc5018d112a53071da31c54d90e511f4d8cbf43c37f6f76c1d57c373c17253d5
Instruction ID: 0a2c04f0ed69ef0d394f38ba6deaff3f69d02650dd1405c0adeab52991eebbfd
Opcode Fuzzy Hash: cc5018d112a53071da31c54d90e511f4d8cbf43c37f6f76c1d57c373c17253d5
Instruction Fuzzy Hash: 18A16434A15215CFD768CB68C985FA9B7B5BB98300F1089BADC09AB3A1D734DE54CF21

Function 077CDD98 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8420388cd22ac96025d3418187fde401f615af0eeea3df203ebe9a19a32d63d5
Instruction ID: 2aad80136c3984bb084e7ab1a2916e07ef077fbc03b1d215dc0b86249e08d8c2
Opcode Fuzzy Hash: 8420388cd22ac96025d3418187fde401f615af0eeea3df203ebe9a19a32d63d5
Instruction Fuzzy Hash: DEA1F2B0D01209DFDB15CFA8C9446EEBBB2BF89304F20856AE415BB260DB759985CF94

Function 077C4288 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39c6903944c568c899d0869ee640ba4f45dc36540a4b04e81cb6ee9775fafebc
Instruction ID: f077ed7a0ea0fdc2b9fbccd8900d1bcd4b765ed836a718353f4ea7993191ccf9
Opcode Fuzzy Hash: 39c6903944c568c899d0869ee640ba4f45dc36540a4b04e81cb6ee9775fafebc
Instruction Fuzzy Hash: 69910271B10211DFD705CB30C959B69BB66FF89384F01817ED509AF2A5DB3AE812CB82

Function 077C3338 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac2d1a7b0ce0a3396b1d991423d84d69100573620db4815cf2042526c2678ba2
Instruction ID: 33d8c3a7aa430ed76d968de907bf40b8319298353b3778459af7d2aabdc3fe1d
Opcode Fuzzy Hash: ac2d1a7b0ce0a3396b1d991423d84d69100573620db4815cf2042526c2678ba2
Instruction Fuzzy Hash: B7910271B10201DFD705CB34C959B69BB66FF89384F01817ED509AF2A5DB3AE811CB82

Function 0D5D93BF Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f744b00ccecd8d998996316d536ce31561bb238035f32de8fb97488b1fe5521c
Instruction ID: 223a3c494895a09f640acec313dfa367522bbb7ecb82974c0019de629fb2e58f
Opcode Fuzzy Hash: f744b00ccecd8d998996316d536ce31561bb238035f32de8fb97488b1fe5521c
Instruction Fuzzy Hash: 13A14334A15205CFD7A8CB68C985FA9B775BB98300F10C9BADC09AB3A1D734DE54CE21

Function 0D5D3490 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c52eb61a3b6e1a0f20d1c86e41cc6486bad617dc0a2346699097383022a893
Instruction ID: 1923a8c6c742de85a007686ac48061a09aff26316a9b7e662d96e73fcaed5a5e
Opcode Fuzzy Hash: 57c52eb61a3b6e1a0f20d1c86e41cc6486bad617dc0a2346699097383022a893
Instruction Fuzzy Hash: F9815131E04A0A96EB66CE6CD8542DEF7B5FF89300F14CA6ADC1577340D774EA818BA1

Function 0D5D3480 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2068438878.000000000D5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D5D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d5d0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be8649776d7bbe2556876e4542dd63033e686803c35447f7fea741c796169bf1
Instruction ID: f9704e4be8527146d870a3fa6ae8854d898be85ded670817f08cfd4185b34a87
Opcode Fuzzy Hash: be8649776d7bbe2556876e4542dd63033e686803c35447f7fea741c796169bf1
Instruction Fuzzy Hash: 0E81A431D04B0A96EB6A8E6CD8542EAF774FF85300F14CA2ADC1577340D774EA84CBA2

Function 072CDF48 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd8e84183b4dc6cd5a716cc416e193b98ea0125b2401e2e40ded18c9af2db4b
Instruction ID: 8b58a3486283faeaae7d9b7412a140f523a47aa2483d4de26f776afcea1ab0dc
Opcode Fuzzy Hash: bbd8e84183b4dc6cd5a716cc416e193b98ea0125b2401e2e40ded18c9af2db4b
Instruction Fuzzy Hash: BA517AB1B346428FD305DA38E98056ABB69FF96300F014A7ED04ACFAE9CA74D855C791

Function 0A93E321 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2055661290.000000000A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a930000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3605852305e441ec60f05f31d2ee880025516037b7715e9a88bd85af6d12f96
Instruction ID: 439610a3bea0fb12f878c3cc88d7d304bb434416fbc4a1cd0637760d3f62d2f1
Opcode Fuzzy Hash: d3605852305e441ec60f05f31d2ee880025516037b7715e9a88bd85af6d12f96
Instruction Fuzzy Hash: 1E51D372F042059FC7449E39C59062ABBF6ABC4344B18C8BAC41ECF795DA3ADD498F91

Function 077CF1D0 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73de06a045e61b4cfd47d64e0cf32b48bf471a889baae40827c3e02ab1916ff8
Instruction ID: b9efe1cf00f4d375102b44c69dd8a3febabf2ae776c88443e292470a87e44ab8
Opcode Fuzzy Hash: 73de06a045e61b4cfd47d64e0cf32b48bf471a889baae40827c3e02ab1916ff8
Instruction Fuzzy Hash: 1C5110B5D01358DFDB10DFA9D884A9EBBF6FF4A310F20816AE408AB251D734A885CF54

Function 03EDF5E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24db99a530887f509f39c81a0b56c3f1c1c60aefbf313bd10fac63627e8833c8
Instruction ID: 50c7aa3087b4bd96941af72e5764bf9b52c8cfb7e29e3ac8e12f2311d3eed2c5
Opcode Fuzzy Hash: 24db99a530887f509f39c81a0b56c3f1c1c60aefbf313bd10fac63627e8833c8
Instruction Fuzzy Hash: 7151F975E0521A9FCF04CFA9D8819EEFBF2BF89210F14A565E426BB354D7309942CB50

Function 03ED8B60 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca8c366b2c6496718b67a3d2a8d999c15fe1b5a8bd5acb206eec8865e819332a
Instruction ID: 903877faf270a16605bac1a5df963f05c79012fa1c03287eb9cb76ccc9963c19
Opcode Fuzzy Hash: ca8c366b2c6496718b67a3d2a8d999c15fe1b5a8bd5acb206eec8865e819332a
Instruction Fuzzy Hash: F4514675E16609EFCB04DFE9E98189EBBF2BF89300F249629E005BB254D7309A51CB41

Function 03ED8B5F Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bdeddd8a3cd8aaed2c4b164790822ce11c296fd18e9464123f13bd61ef1fbb3
Instruction ID: 3ec79e758d66eea52d23bf8d140352e5fc71b23ac11c92ff3a9a1f7f0feb4d46
Opcode Fuzzy Hash: 9bdeddd8a3cd8aaed2c4b164790822ce11c296fd18e9464123f13bd61ef1fbb3
Instruction Fuzzy Hash: 90514674E16609EFCB04DFB9E98189EBBF2BF89300F249629E005BB354D7309A41CA41

Function 03F198C4 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ef50240c8f1da67662c2efab269068c71962056b7b2df896a267ddb0bb00638
Instruction ID: 58a202c4273d553cad71387ba01906f61a0745c7dc44359becd5beb370cf6d5c
Opcode Fuzzy Hash: 0ef50240c8f1da67662c2efab269068c71962056b7b2df896a267ddb0bb00638
Instruction Fuzzy Hash: 98511270E002589FDB14CFA9D894BDEFBB1BB09304F24912AD415AB254DBB49845CF85

Function 03EDB6F8 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 716b16af2870bff6923fa125df3f2f136438ede9dee487da275b82fc5316d854
Instruction ID: 1ce34cff5546138214dcd5f818685f0944064c139571f02c16d30b47de8b5d65
Opcode Fuzzy Hash: 716b16af2870bff6923fa125df3f2f136438ede9dee487da275b82fc5316d854
Instruction Fuzzy Hash: BE517AB4D0021A9FCB08DFA9D9804DEFBF1FF89310F1496AAD415EB350E7349A428B94

Function 03F18F58 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e69fe28da61d7ce7bb0a24633c90c028b336ebf94438a0691b2b4c1852e96663
Instruction ID: 288d82524047eb53768eb7b6eb00169211fa7b6151dd9f7680c793357fb3d38e
Opcode Fuzzy Hash: e69fe28da61d7ce7bb0a24633c90c028b336ebf94438a0691b2b4c1852e96663
Instruction Fuzzy Hash: 445101B0E002588FDB14CFA9D894B9EFBF1BB09304F24912AE815AB354DBB49845CF85

Function 03EDB70A Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa866494d5b9622aeeb669c3989273478135faec6807d448db5a5719f821aba1
Instruction ID: f384cee70b34a2301888cf18a82695db0619e8c49ccd0a758c3b9249defb7ea7
Opcode Fuzzy Hash: aa866494d5b9622aeeb669c3989273478135faec6807d448db5a5719f821aba1
Instruction Fuzzy Hash: 22414BB4D0021A9FCB48DFA9D8815DEFBF1FF89310F1496A6D415EB350E7349A428B54

Function 03ED8C51 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4112ce15bc468255fb0be6206e72a8a723c84fcb506f5e8a019a65fa4eb85226
Instruction ID: 35338a25d43bc796dc12388d087d379edb9faae619fcb683ad89d2481357dcf3
Opcode Fuzzy Hash: 4112ce15bc468255fb0be6206e72a8a723c84fcb506f5e8a019a65fa4eb85226
Instruction Fuzzy Hash: 8D511774E16609EFCB04DFF8E98189DBBF2BF89300F249A65E045BB254D734AA51CB41

Function 03EDB722 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a0eac7c8522fbe1805c491bbc4420fca6851e8311ea6fc8c44a62d0941696a3
Instruction ID: ddc3addcd13bdb99fee27a2b3133f86ec6119f45894ea720332f85642ae12a9f
Opcode Fuzzy Hash: 9a0eac7c8522fbe1805c491bbc4420fca6851e8311ea6fc8c44a62d0941696a3
Instruction Fuzzy Hash: F54127B4E0021A9FCB48CFA9D8815DEFBF1FF89310F149AAAD415EB354E7345A428B54

Function 0914C5B0 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2052172698.0000000009130000.00000040.00000800.00020000.00000000.sdmp, Offset: 09130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9130000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6be2fa46706a00437ac26d98e3c4f2bcb674caac363a4b4024ada7d68333393b
Instruction ID: 3c802f3f0af2dbe1f9e41bcbace780be5aa4cdb3894372423fb317d3062aa10c
Opcode Fuzzy Hash: 6be2fa46706a00437ac26d98e3c4f2bcb674caac363a4b4024ada7d68333393b
Instruction Fuzzy Hash: E451D070A16208CBDB04CF68D8847CEFBB2FF88308F258569D445AB291D776E946CF94

Function 03ED8BED Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e50b5c61343c52706f9f1190ea5fce5c1f0dfa37dcd6dfd2cc8c3756662a0c
Instruction ID: b27421f46be2fcee97e2af454def856102cde29c18864a8c3f3ac6f9794fcf4d
Opcode Fuzzy Hash: e5e50b5c61343c52706f9f1190ea5fce5c1f0dfa37dcd6dfd2cc8c3756662a0c
Instruction Fuzzy Hash: 20413974E16609EFCB05DFF8E98189DFBF2BF49300F209A65E005B7254D7309A51CA01

Function 03EDB73A Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94541ab028df0d7296dc635b22f2f0221efac34b24dd1f0be3cb1b00d777db04
Instruction ID: 473e6b09dc333d919cf0239fcda155e308c979be0cff0d313986779fec919765
Opcode Fuzzy Hash: 94541ab028df0d7296dc635b22f2f0221efac34b24dd1f0be3cb1b00d777db04
Instruction Fuzzy Hash: A44118B4E0421A9FCB44CFA9D8815DEFBF1BF88310F1496AAD415EB354E7345A428B94

Function 03EB0F70 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012387705.0000000003EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3eb0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8192d681c85b4b1766bb8716069a92f58b441f5f6c1554e7f67c6a9d8eab659
Instruction ID: a3898dd1a8ebdfef4f2a71b5b2266697c5d18a201038800684d546671d45b71e
Opcode Fuzzy Hash: d8192d681c85b4b1766bb8716069a92f58b441f5f6c1554e7f67c6a9d8eab659
Instruction Fuzzy Hash: 90411671E022189FDB04CFAAD9917DEBBF2AF89310F24D1A9E409A7294D7745A458F40

Function 03ED8C92 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 556f9c0da13269fccad13f38f98cff5bf12eaedf5471d94d09378e31b0fd6376
Instruction ID: 854b76a9dba5d738ddc777fd2a94f7e0c4a74a2db60f39eefa2adbcabc429aac
Opcode Fuzzy Hash: 556f9c0da13269fccad13f38f98cff5bf12eaedf5471d94d09378e31b0fd6376
Instruction Fuzzy Hash: BA414974E16509EFCB04DFB8E98189DFBF2BF89300F249665E005B7254D730AA51CA41

Function 03ED8D17 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c76ce97a15dda54784e8b14e0ed53030e1b69b51e8bf7531a05cea261f385a
Instruction ID: 96fc9ebe80967cecdf0146f69ef97fdbf33a3d4b0f1666f33ab387dfa1d60f4a
Opcode Fuzzy Hash: c0c76ce97a15dda54784e8b14e0ed53030e1b69b51e8bf7531a05cea261f385a
Instruction Fuzzy Hash: 44416874A16609EFCB04DFB8E98589DFBF2FF89300F209665E006B7254D730AA51CA01

Function 03ED8F5D Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76fd9583e81976380d3098a4cf10e110dbed32f4afd51663145a42dc661f5224
Instruction ID: 83e35578f516a7e98c3aefe5bf459c4539be1ac48fb66163f4ce0d6b8c60af08
Opcode Fuzzy Hash: 76fd9583e81976380d3098a4cf10e110dbed32f4afd51663145a42dc661f5224
Instruction Fuzzy Hash: 81415874E16609EFCB04DFB8E98589DFBF2FF89300F249665E005B7254E7309A51CA41

Function 03EDA900 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b9438764dd23e582d7d15f479d806101f2249d907af9575f4904efdda7bed39
Instruction ID: 94e8a74b2d05b95a77a96b7b20d65616e7c50f5ee25a0dbf414083fc33b15d89
Opcode Fuzzy Hash: 6b9438764dd23e582d7d15f479d806101f2249d907af9575f4904efdda7bed39
Instruction Fuzzy Hash: 924178B5D002589FCB10CFA9D584AEEFBF1BB49314F14A02AE819BB350D374AA85CF55

Function 03EDA8FF Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 728bb5fdb828293fe73084ff44498e736b459744aa40def32b347d911c6c800f
Instruction ID: 5afd55755464be02e3ac8e35f7d56173e31c7e9b783fd479d7098b92cfa8e988
Opcode Fuzzy Hash: 728bb5fdb828293fe73084ff44498e736b459744aa40def32b347d911c6c800f
Instruction Fuzzy Hash: C64179B5D002589FCB10CFA9D584AEEFBF1BB49314F14A02AE419BB350D374AA85CF54

Function 03ED8EDE Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 319ba45f4ad32f61979166ca94bca95378dace91fbd288ff4730c992905d453e
Instruction ID: 5944bd5b76375d0b4d6d73a4e44094f415269cf9ea93c27a7c9b27dbd872ba7c
Opcode Fuzzy Hash: 319ba45f4ad32f61979166ca94bca95378dace91fbd288ff4730c992905d453e
Instruction Fuzzy Hash: 42413874E16609EFCB04DFB8E98589DFBF2BF89300F209665E045B7254D7309A51CA41

Function 03ED8DCC Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d59e9ba7fff307b20850edd48c6cd1ebd97a09ce2c2362ab23162afab81ce702
Instruction ID: 4052575dd7e6586358ed052f1478699a54bfeb48df3163d77375ccdfe9d1d19d
Opcode Fuzzy Hash: d59e9ba7fff307b20850edd48c6cd1ebd97a09ce2c2362ab23162afab81ce702
Instruction Fuzzy Hash: 7A413874E16609EFCB04DFB8E98589DFBF2BF89300F209665E045B7254D7309A51CA41

Function 03EDB74A Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d24e0521fb5416b11973bb79d603ea57685c958087e5cd8cf75d24830295fa95
Instruction ID: e993182f0626ad83f938059dd415057378b83119054a30f38356c84a1b9774fb
Opcode Fuzzy Hash: d24e0521fb5416b11973bb79d603ea57685c958087e5cd8cf75d24830295fa95
Instruction Fuzzy Hash: FC41F6B4E0021A9FCB44CFA9D8819DEFBF1BF89310F1499AAD415EB354D7349A428F54

Function 077C3630 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8edd1f675b3d1a08f9a6fe09f31c90a4ef0a45358099108a942dad8e3e2f89a
Instruction ID: b58a79eeb33c4dd39686e89fd5a50046591d27a4695a56bb317c8ee32a1be226
Opcode Fuzzy Hash: b8edd1f675b3d1a08f9a6fe09f31c90a4ef0a45358099108a942dad8e3e2f89a
Instruction Fuzzy Hash: CC4147707102019BD304DB78C8407AABBA2EF86348F15C5BEC549DF2A2DB76D8568BC2

Function 077CD354 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9727fd7ac8e6072be43a97d22f57381c211de7e687a9ec28eec79429ff1dcaad
Instruction ID: 56e31a8ae433be3bedffcc4132a9a98ee4d8df825e82b3bc75b17d7254e181e9
Opcode Fuzzy Hash: 9727fd7ac8e6072be43a97d22f57381c211de7e687a9ec28eec79429ff1dcaad
Instruction Fuzzy Hash: DB41DFB4D012089FDB20DFA9D984ADEFBF5AB49300F20842AE408BB250C774A944CF54

Function 077CF43D Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa03001eef36ebfee36436393a7e41514cbc044d6edae1751ebe1ec5b9740c8
Instruction ID: 70850d73575aae2d4da985879f3f43ddd16146e44bbd77a2ce833cdfb3dacb7d
Opcode Fuzzy Hash: 3aa03001eef36ebfee36436393a7e41514cbc044d6edae1751ebe1ec5b9740c8
Instruction Fuzzy Hash: 4141A7B5E003589FDB10DFA9D984ADEFBF5BB09300F20846AE508BB250D774AA85CF44

Function 077CF448 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38a23edf85a422a4b68f57fa4a375a1afccaffc69e44e523bd640108058a96c0
Instruction ID: 002ad3b37b745d019feb979dd8c04c9256fc3d58908f3a1c5ebf3bac33becd32
Opcode Fuzzy Hash: 38a23edf85a422a4b68f57fa4a375a1afccaffc69e44e523bd640108058a96c0
Instruction Fuzzy Hash: FE41A9B5E003589FDB10CFA9D984ADEFBF5BB09300F20942AE508BB250D774AA85CF54

Function 077CF270 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f040a5c0dc1da5df9c4e09cf55099d2840c0e789b6f5401450b75317906103ac
Instruction ID: 39f8891c8797798555d13e834a08e0208540d3e6516addbd7238c070e3ed5aed
Opcode Fuzzy Hash: f040a5c0dc1da5df9c4e09cf55099d2840c0e789b6f5401450b75317906103ac
Instruction Fuzzy Hash: F84197B5D01358AFDB10DFAAD984A9EFBF5BB49300F20802AE408BB250D774A984CF54

Function 03EDB75A Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a65701cd2b91fc129acdf1985e9d0bfdce9f91a8e4ec6e74d3b514ab385e401
Instruction ID: cadc004e6f384d26451625f4f94221c73812084230ab131452610af81a49340c
Opcode Fuzzy Hash: 6a65701cd2b91fc129acdf1985e9d0bfdce9f91a8e4ec6e74d3b514ab385e401
Instruction Fuzzy Hash: 8841D4B4E0021A9FCB44CFA9D8819AEFBF1BF88310F1495AAD415EB354D7349A528B54

Function 077CD360 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39d776094bb6ae15df99dc28ef014ef7102a5f0f5fb9213506e0686b83987fcf
Instruction ID: 80eea01a272db1e5377c2f9a9275c7a2736eea950a48e803b75940424b27dcdc
Opcode Fuzzy Hash: 39d776094bb6ae15df99dc28ef014ef7102a5f0f5fb9213506e0686b83987fcf
Instruction Fuzzy Hash: 5A41BFB4D012089FDB20DFE9D984BDEFBF5AB49300F20946AE508BB254C775A944CF54

Function 077C91B4 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f481fbfdb8d393562b946685c5ad890e0fa3be6219051f60346ed253c297d7e4
Instruction ID: a56b8bc0a672c182894e4b5969a8f3ec256eb2ab99175594ac561548cb8e4791
Opcode Fuzzy Hash: f481fbfdb8d393562b946685c5ad890e0fa3be6219051f60346ed253c297d7e4
Instruction Fuzzy Hash: 8F41CAB4D042489FDB14CFEAD984ADEFFF4AB49300F20942AE548BB261D734A945CF54

Function 03EDB764 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ee85c4695584127edc5fceb85825e2d57815070040c98b51476592fa4432b9
Instruction ID: 4e302c9f83ce4fea12ab48e09e50b70deade16373020a9d74592b66e01e51de6
Opcode Fuzzy Hash: 32ee85c4695584127edc5fceb85825e2d57815070040c98b51476592fa4432b9
Instruction Fuzzy Hash: 0641D3B0E4420A9FCB44CFA9D4819EEFBF2BF88310F14996AD415EB354D3349A528F54

Function 03EDE1BF Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012433597.0000000003ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3ed0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 043bdad1186aa7079fafbe00d38c7a12ba50bf3943380750218650a5fb827416
Instruction ID: 3d1d671b5f9197fdb2491f2ec0c070b8ffed6086fd71fdb1a8c950df79dda462
Opcode Fuzzy Hash: 043bdad1186aa7079fafbe00d38c7a12ba50bf3943380750218650a5fb827416
Instruction Fuzzy Hash: 2D31B4B4E0020A9FCB44CFA9D9419DEBBF2BF88310F14956AD415EB354D7349A518F64

Function 077C91C0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeeba58b8fa19cad7a716e8951822106fbf7f927746a10c4d4fcaff7968ebe39
Instruction ID: e312d14961c7c66128cf6959c85281c9801c5f1fb438b5027c71ee4700186334
Opcode Fuzzy Hash: eeeba58b8fa19cad7a716e8951822106fbf7f927746a10c4d4fcaff7968ebe39
Instruction Fuzzy Hash: 5431ABB4D04248DFDB14DFEAD984ADEFBF5AB49300F20942AE948BB250D734A945CF54

Function 077C991F Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d2800e1237975259ae49083d98086ffe2ab79d8a08c6ff8bb30e56aaca5aab
Instruction ID: eefc0983199bd2aff2dec157a29478c43952c7cf330b9661183d69bdf6c72dd0
Opcode Fuzzy Hash: 52d2800e1237975259ae49083d98086ffe2ab79d8a08c6ff8bb30e56aaca5aab
Instruction Fuzzy Hash: B431EDB4D00209DFDB54CFAAD9806EEBBF1BF89310F20916AD524B7290E7745A81CF94

Function 03E70CC4 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bc1b86d4ef17fbba3a9fdbad7583fb2bff7670381c8ebdf36a5dfd2e4c8bdc1
Instruction ID: 1a5abcb2df37dfaea71aa8d31f3d0e86a26c6fecb967866ebfbf2a9082423775
Opcode Fuzzy Hash: 3bc1b86d4ef17fbba3a9fdbad7583fb2bff7670381c8ebdf36a5dfd2e4c8bdc1
Instruction Fuzzy Hash: 72318EB4D05208EFDB14CFA9D884AEEBBF2BB89310F24A169E814B7350D734A941CF54

Function 072CB8CC Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32bceaf4ea5868b31110564c89ac5fe9f78cb3291fb1a41750402a3f66b5121c
Instruction ID: b1b400d1da0d4bc169e6f67a695698ca76789d5860b9189f2a9b06ab176c04a7
Opcode Fuzzy Hash: 32bceaf4ea5868b31110564c89ac5fe9f78cb3291fb1a41750402a3f66b5121c
Instruction Fuzzy Hash: 2D319FB4D15209EFCB54CFA9D485AEDBBF1BB59320F20A269E818B7350D3349A41CF54

Function 077C9928 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032943207.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736d67a671ba2901b40774d0da0e7b34fdeef0978c8b866905ec1de8fa4730ce
Instruction ID: 50916794e7f841cc4875ba4bbd1ca2257f53556423170510f378ef53b9e7cd80
Opcode Fuzzy Hash: 736d67a671ba2901b40774d0da0e7b34fdeef0978c8b866905ec1de8fa4730ce
Instruction Fuzzy Hash: 0E31CDB4D00209DFDB54CFAAD980AEEBBF1BF89310F20916AD524B7250E7746941CF94

Function 03E70CD0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012274237.0000000003E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3e70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4c433df24a2d704a8e9e8662aebcb193c5ab98bc8bf22daf43cc37ae1b68d1a
Instruction ID: 6e8e9e3f1a35b59206ab0ece70b9cda83ab6b8b7f175d20f32da18a3b6025d69
Opcode Fuzzy Hash: a4c433df24a2d704a8e9e8662aebcb193c5ab98bc8bf22daf43cc37ae1b68d1a
Instruction Fuzzy Hash: AB315FB4D05208DFCB14CFA9D884AEDBBF1BB89350F24A229E814B7350D7349941CF54

Function 072CB8D8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 203f64f540fc446d1919e606ff8033e768b6c7918ec67e9391fc8d5f71cdd8a8
Instruction ID: 8efbea333896b125ef6ad26c4e0037411ccb3858b28372b5b1553a470380d735
Opcode Fuzzy Hash: 203f64f540fc446d1919e606ff8033e768b6c7918ec67e9391fc8d5f71cdd8a8
Instruction Fuzzy Hash: D3318EB4D11209EFCB14CFA9D485AEDBBF1BB49310F24A269E818B7350D3349A41CF54

Function 03F10870 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012503813.0000000003F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3f10000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3069bc13d17d312e1dcde698ed6102c55af1e8498958729164ea0ac5661dacf
Instruction ID: f501e0c4e37db038992825916a375dddf45293b5903aeb1d7843330995768a9b
Opcode Fuzzy Hash: b3069bc13d17d312e1dcde698ed6102c55af1e8498958729164ea0ac5661dacf
Instruction Fuzzy Hash: 1321FC71E046599BEB18CF6B98505DEFBF3AFC9300F14C17AC418AB255EA3405828F40

Function 072CF578 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2029718618.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72c0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fa4618d3f418308f5c4aa4d9efc0d7b565c5083584915a4f7b16dcce0aeb261
Instruction ID: 8dfe834f027bda8cf679c3d33e7d9f2dce8447287dd4ac0f021cc95ce625dfec
Opcode Fuzzy Hash: 2fa4618d3f418308f5c4aa4d9efc0d7b565c5083584915a4f7b16dcce0aeb261
Instruction Fuzzy Hash: A5112BF27202428FCB21DF79DA105667BFAAF9A65072545BED115C7371DA31CC01CB60

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Titan.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Titan.exe_8cb473512a7e91fa42a4426884a73d12e15a229_bfbfc816_99b83d33-fdcb-47f8-a360-9dee4fe9eec2\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A9F.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D6E.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D9E.tmp.xml

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\libirecovery-1.0.3.dll (copy)

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\plutil (copy)

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\ut.plist (copy)

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\libirecovery-1.0.3.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\plutil

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\ut.plist

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll

Windows Analysis Report
Titan.exe

Function 03E71A1C Relevance: 6.9, Strings: 5, Instructions: 622
COMMON

Function 077CDB64 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113
COMMON

Function 03F10941 Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Function 03EDD820 Relevance: 2.9, Strings: 2, Instructions: 366
COMMON

Function 03F19348 Relevance: 2.8, Strings: 2, Instructions: 287
COMMON

Function 03ED4000 Relevance: 2.7, Strings: 2, Instructions: 216
COMMON

Function 03ED3FF7 Relevance: 2.7, Strings: 2, Instructions: 215
COMMON