Edit tour

Windows Analysis Report
Tqa1vDp9NT.exe

Overview

General Information

Sample name:	Tqa1vDp9NT.exe renamed because original name is a hash value
Original sample name:	ab11dfd0b452b30b6248e72154d88e99.exe
Analysis ID:	1581616
MD5:	ab11dfd0b452b30b6248e72154d88e99
SHA1:	3e988553ad12da459fd17d4c7c8859f7324086f4
SHA256:	c2e35ee8349589398250b8fa84c3c00b0ed621fab5fba8196ec7253d009ea952
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Tqa1vDp9NT.exe (PID: 7240 cmdline: "C:\Users\user\Desktop\Tqa1vDp9NT.exe" MD5: AB11DFD0B452B30B6248E72154D88E99)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["mindhandru.buzz", "appliacnesot.buzz", "prisonyfork.buzz", "screwamusresz.buzz", "cashfuzysao.buzz", "rebuildeso.buzz", "scentniej.buzz", "hummskitnj.buzz", "inherineau.buzz"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:22.898856+0100	2028371	3	Unknown Traffic	192.168.2.10	49705	23.55.153.106	443	TCP
2024-12-28T09:55:25.615634+0100	2028371	3	Unknown Traffic	192.168.2.10	49716	172.67.157.254	443	TCP
2024-12-28T09:55:27.509041+0100	2028371	3	Unknown Traffic	192.168.2.10	49717	172.67.157.254	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:26.228281+0100	2054653	1	A Network Trojan was detected	192.168.2.10	49716	172.67.157.254	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:26.228281+0100	2049836	1	A Network Trojan was detected	192.168.2.10	49716	172.67.157.254	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:20.881343+0100	2058572	1	Domain Observed Used for C2 Detected	192.168.2.10	56876	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:21.023757+0100	2058576	1	Domain Observed Used for C2 Detected	192.168.2.10	50301	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:21.164909+0100	2058578	1	Domain Observed Used for C2 Detected	192.168.2.10	49371	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:20.171588+0100	2058580	1	Domain Observed Used for C2 Detected	192.168.2.10	50784	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:19.539659+0100	2058582	1	Domain Observed Used for C2 Detected	192.168.2.10	57428	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:19.716566+0100	2058584	1	Domain Observed Used for C2 Detected	192.168.2.10	62452	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:19.867155+0100	2058586	1	Domain Observed Used for C2 Detected	192.168.2.10	58510	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:20.029672+0100	2058588	1	Domain Observed Used for C2 Detected	192.168.2.10	59468	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:20.738066+0100	2058590	1	Domain Observed Used for C2 Detected	192.168.2.10	62492	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T09:55:23.793081+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.10	49705	23.55.153.106	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Tqa1vDp9NT.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://lev-tolstoi.com/piU	Avira URL Cloud: Label: malware
Source: https://appliacnesot.buzz:443/apicN	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/pib	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/apiHx	Avira URL Cloud: Label: malware
Source: https://rebuildeso.buzz:443/api9M	Avira URL Cloud: Label: malware
Source: https://scentniej.buzz:443/apiiXM	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/2S	Avira URL Cloud: Label: malware
Source: https://lev-tolstoi.com/22K	Avira URL Cloud: Label: malware
Source: https://help.steampowered.co	Avira URL Cloud: Label: malware

Found malware configuration

Source: Tqa1vDp9NT.exe.7240.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["mindhandru.buzz", "appliacnesot.buzz", "prisonyfork.buzz", "screwamusresz.buzz", "cashfuzysao.buzz", "rebuildeso.buzz", "scentniej.buzz", "hummskitnj.buzz", "inherineau.buzz"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for submitted file

Source: Tqa1vDp9NT.exe	Virustotal: Detection: 56%			Perma Link
Source: Tqa1vDp9NT.exe	ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Tqa1vDp9NT.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: hummskitnj.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: appliacnesot.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: screwamusresz.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: inherineau.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: scentniej.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: rebuildeso.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: prisonyfork.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mindhandru.buzz
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Source: Tqa1vDp9NT.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.10:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49716 version: TLS 1.2

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edx, ebx	0_2_00188600
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00188A50
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_001C1720
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_001AC09E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_001AE0DA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_001AC0E6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_001AC09E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov eax, dword ptr [001C6130h]	0_2_00198169
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_001A81CC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_001B6210
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_0019C300
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_001C0340
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_001A83D8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_001AC465
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_001AC465
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_001A8528
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edi, ecx	0_2_001AA5B6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_001C06F0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then push esi	0_2_0018C805
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_001A2830
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_001BC830
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_001AC850
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov eax, ebx	0_2_0019C8A0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_0019C8A0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_0019C8A0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_0019C8A0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_001BC990
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_001A89E9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_001BCA40
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_001AAAC0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edx, ecx	0_2_00198B1B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_0018AB40
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_0019EB80
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_0018CC7A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00194CA0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edx, ecx	0_2_001A6D2E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_001C0D20
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_001BEDC1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_001BCDF0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_001BCDF0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_001BCDF0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_001BCDF0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_001A2E6D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then jmp edx	0_2_001A2E6D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_001A2E6D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00182EB0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00196F52
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov esi, ecx	0_2_001A90D0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_001AD116
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_001AD17D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_001AB170
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_001C1160
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_001AD34A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_001873D0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_001873D0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov eax, ebx	0_2_001A7440
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_001A7440
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0019747D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_0019747D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_0019B57D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then jmp eax	0_2_001A9739
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_001A7740
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00189780
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then jmp edx	0_2_001A37D6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_0019D8AC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_0019D8AC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_0019D8D8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_0019D8D8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edx, ecx	0_2_0019B8F6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edx, ecx	0_2_0019B8F6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_001AB980
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then jmp edx	0_2_001A39B9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_001A39B9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_001A1A10
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then dec edx	0_2_001BFA20
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then dec edx	0_2_001BFB10
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then dec edx	0_2_001BFD70
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_001ADDFF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then dec edx	0_2_001BFE00
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_001ADE07
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edx, ecx	0_2_001A9E80
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_001A5F1B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 4x nop then mov ecx, eax	0_2_001ABF13

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.10:50784 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.10:50301 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058582 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz) : 192.168.2.10:57428 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.10:49371 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.10:62492 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.10:58510 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.10:56876 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.10:59468 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.10:62452 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.10:49716 -> 172.67.157.254:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49716 -> 172.67.157.254:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.10:49705 -> 23.55.153.106:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz

Source: Joe Sandbox View	IP Address: 172.67.157.254 172.67.157.254
Source: Joe Sandbox View	IP Address: 23.55.153.106 23.55.153.106

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49717 -> 172.67.157.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49716 -> 172.67.157.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49705 -> 23.55.153.106:443

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: heckout.steampowered.com/ https://www.youtube.co equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: mindhandru.buzz
Source: global traffic	DNS traffic detected: DNS query: prisonyfork.buzz
Source: global traffic	DNS traffic detected: DNS query: rebuildeso.buzz
Source: global traffic	DNS traffic detected: DNS query: scentniej.buzz
Source: global traffic	DNS traffic detected: DNS query: inherineau.buzz
Source: global traffic	DNS traffic detected: DNS query: screwamusresz.buzz
Source: global traffic	DNS traffic detected: DNS query: appliacnesot.buzz
Source: global traffic	DNS traffic detected: DNS query: cashfuzysao.buzz
Source: global traffic	DNS traffic detected: DNS query: hummskitnj.buzz
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: lev-tolstoi.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.c
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://appliacnesot.buzz:443/apicN
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.cF
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.co
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/22K
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/2S
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D12000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D12000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/apiHx
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/piU
Source: Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/pib
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/piu
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com:443/api
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rebuildeso.buzz:443/api9M
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://scentniej.buzz:443/apiiXM
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steamp
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.co
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443

Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.10:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.10:49716 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: Tqa1vDp9NT.exe	Static PE information: section name:
Source: Tqa1vDp9NT.exe	Static PE information: section name: .idata
Source: Tqa1vDp9NT.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00188600	0_2_00188600
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0018B100	0_2_0018B100
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00230030	0_2_00230030
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025803C	0_2_0025803C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022C03F	0_2_0022C03F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00244015	0_2_00244015
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00218065	0_2_00218065
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002AE079	0_2_002AE079
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B0075	0_2_002B0075
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DC04C	0_2_002DC04C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023A046	0_2_0023A046
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00304059	0_2_00304059
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00302044	0_2_00302044
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001AC09E	0_2_001AC09E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022E0B3	0_2_0022E0B3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE084	0_2_001FE084
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00310092	0_2_00310092
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00206094	0_2_00206094
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B4091	0_2_002B4091
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002780E1	0_2_002780E1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001AA0CA	0_2_001AA0CA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020A0F5	0_2_0020A0F5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E00F6	0_2_002E00F6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D60C7	0_2_002D60C7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C20C2	0_2_002C20C2
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001960E9	0_2_001960E9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002540D4	0_2_002540D4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F20D5	0_2_002F20D5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001AC0E6	0_2_001AC0E6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FA11F	0_2_001FA11F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024212C	0_2_0024212C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002FE123	0_2_002FE123
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F810D	0_2_001F810D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027410C	0_2_0027410C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C4100	0_2_002C4100
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CE114	0_2_002CE114
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00234119	0_2_00234119
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F016D	0_2_002F016D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001AC09E	0_2_001AC09E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00268146	0_2_00268146
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027E142	0_2_0027E142
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00290141	0_2_00290141
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029A146	0_2_0029A146
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00198169	0_2_00198169
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00308141	0_2_00308141
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00186160	0_2_00186160
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026C1A6	0_2_0026C1A6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F61BE	0_2_002F61BE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002661B3	0_2_002661B3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026A1B0	0_2_0026A1B0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001AE180	0_2_001AE180
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C8180	0_2_002C8180
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0021618C	0_2_0021618C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00212190	0_2_00212190
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E21A5	0_2_001E21A5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028C197	0_2_0028C197
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002FC190	0_2_002FC190
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FC1DE	0_2_001FC1DE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027A1E9	0_2_0027A1E9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003141FF	0_2_003141FF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002101EE	0_2_002101EE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A81CC	0_2_001A81CC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E61F4	0_2_002E61F4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F41FC	0_2_001F41FC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B01D3	0_2_002B01D3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003121CB	0_2_003121CB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002281DE	0_2_002281DE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020822E	0_2_0020822E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002AA225	0_2_002AA225
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C0235	0_2_002C0235
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00300213	0_2_00300213
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002BA200	0_2_002BA200
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0019E220	0_2_0019E220
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029C214	0_2_0029C214
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022421D	0_2_0022421D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023C265	0_2_0023C265
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00232277	0_2_00232277
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A827D	0_2_002A827D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00296270	0_2_00296270
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00294272	0_2_00294272
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028A276	0_2_0028A276
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002BE274	0_2_002BE274
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D824F	0_2_002D824F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00184270	0_2_00184270
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00250248	0_2_00250248
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020424F	0_2_0020424F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022E259	0_2_0022E259
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A6251	0_2_002A6251
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030624E	0_2_0030624E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025A2A7	0_2_0025A2A7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002722AC	0_2_002722AC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002EE2B8	0_2_002EE2B8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028E28C	0_2_0028E28C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026829E	0_2_0026829E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B22E8	0_2_002B22E8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A42D0	0_2_001A42D0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002462C3	0_2_002462C3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023A2C9	0_2_0023A2C9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002022D7	0_2_002022D7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DE2D7	0_2_002DE2D7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002EA32A	0_2_002EA32A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F0314	0_2_001F0314
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00270302	0_2_00270302
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00274311	0_2_00274311
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025C31E	0_2_0025C31E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024831B	0_2_0024831B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00222367	0_2_00222367
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00220365	0_2_00220365
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00286374	0_2_00286374
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030E36C	0_2_0030E36C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00284347	0_2_00284347
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027A35E	0_2_0027A35E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F639E	0_2_001F639E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002143A3	0_2_002143A3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002803AF	0_2_002803AF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D03A1	0_2_002D03A1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029E384	0_2_0029E384
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CC390	0_2_002CC390
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00282396	0_2_00282396
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A83D8	0_2_001A83D8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002563F7	0_2_002563F7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C23F9	0_2_002C23F9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002623F1	0_2_002623F1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023E3FA	0_2_0023E3FA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002643F9	0_2_002643F9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0021E3D1	0_2_0021E3D1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00226427	0_2_00226427
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020A431	0_2_0020A431
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002FC43D	0_2_002FC43D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E043D	0_2_002E043D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D2415	0_2_002D2415
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00250468	0_2_00250468
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001BA440	0_2_001BA440
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028C475	0_2_0028C475
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F2475	0_2_001F2475
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F245B	0_2_002F245B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0031044B	0_2_0031044B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001C0460	0_2_001C0460
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002004AF	0_2_002004AF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024A4B4	0_2_0024A4B4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E2481	0_2_001E2481
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002AE48E	0_2_002AE48E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C448A	0_2_002C448A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024E494	0_2_0024E494
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C049A	0_2_002C049A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023849A	0_2_0023849A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00288494	0_2_00288494
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002604EE	0_2_002604EE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003084F8	0_2_003084F8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A04C6	0_2_001A04C6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025C4C0	0_2_0025C4C0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DC4CB	0_2_002DC4CB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020E4D9	0_2_0020E4D9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026C4DF	0_2_0026C4DF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A24E0	0_2_001A24E0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027E4D8	0_2_0027E4D8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C2529	0_2_002C2529
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030053B	0_2_0030053B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00212535	0_2_00212535
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C8535	0_2_002C8535
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D6509	0_2_002D6509
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001AC53C	0_2_001AC53C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00206517	0_2_00206517
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020A56A	0_2_0020A56A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002EE57C	0_2_002EE57C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DA54D	0_2_002DA54D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00252549	0_2_00252549
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A4560	0_2_001A4560
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002105A0	0_2_002105A0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CA5A4	0_2_002CA5A4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025A581	0_2_0025A581
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00290587	0_2_00290587
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001EE5AD	0_2_001EE5AD
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001BC5A0	0_2_001BC5A0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A0594	0_2_002A0594
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002325ED	0_2_002325ED
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001BA5D4	0_2_001BA5D4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020C5F6	0_2_0020C5F6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029A5C8	0_2_0029A5C8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001865F0	0_2_001865F0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FC5F0	0_2_001FC5F0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A45C5	0_2_002A45C5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A85DA	0_2_002A85DA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E25DC	0_2_002E25DC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E05DA	0_2_002E05DA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00312637	0_2_00312637
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023C62E	0_2_0023C62E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027860F	0_2_0027860F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0019E630	0_2_0019E630
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001B8650	0_2_001B8650
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022867F	0_2_0022867F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00230642	0_2_00230642
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E667C	0_2_001E667C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00314645	0_2_00314645
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FA662	0_2_001FA662
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002AC6A8	0_2_002AC6A8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002246AF	0_2_002246AF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D66A0	0_2_002D66A0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0018E687	0_2_0018E687
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025669F	0_2_0025669F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027269C	0_2_0027269C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE6DD	0_2_001FE6DD
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002AA6ED	0_2_002AA6ED
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A46D0	0_2_001A46D0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B66FA	0_2_002B66FA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002446F1	0_2_002446F1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F06C0	0_2_001F06C0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E46CE	0_2_002E46CE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026E6C5	0_2_0026E6C5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003526D0	0_2_003526D0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001C06F0	0_2_001C06F0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003506CF	0_2_003506CF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002226D8	0_2_002226D8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C6720	0_2_002C6720
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028A727	0_2_0028A727
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00202734	0_2_00202734
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001EA707	0_2_001EA707
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00236719	0_2_00236719
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026071B	0_2_0026071B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00192750	0_2_00192750
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B2773	0_2_002B2773
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00294772	0_2_00294772
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029C74B	0_2_0029C74B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00258756	0_2_00258756
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002887A9	0_2_002887A9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D47B3	0_2_002D47B3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00346799	0_2_00346799
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024C79C	0_2_0024C79C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002BC7F8	0_2_002BC7F8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002867F5	0_2_002867F5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002767C3	0_2_002767C3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029E7C4	0_2_0029E7C4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002727D5	0_2_002727D5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C47DF	0_2_002C47DF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002687D3	0_2_002687D3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002EA7D9	0_2_002EA7D9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E07D6	0_2_002E07D6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027A7DD	0_2_0027A7DD
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E67E2	0_2_001E67E2
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023E829	0_2_0023E829
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00238837	0_2_00238837
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E4802	0_2_001E4802
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00200804	0_2_00200804
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002FA80A	0_2_002FA80A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030E879	0_2_0030E879
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002AE87C	0_2_002AE87C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0018C840	0_2_0018C840
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F2846	0_2_001F2846
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B684A	0_2_002B684A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029684F	0_2_0029684F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022684A	0_2_0022684A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027E85A	0_2_0027E85A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DA8AB	0_2_002DA8AB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003088B6	0_2_003088B6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002148AD	0_2_002148AD
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002468A8	0_2_002468A8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001B88B0	0_2_001B88B0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0021888F	0_2_0021888F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F08A7	0_2_001F08A7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0019C8A0	0_2_0019C8A0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002EE8EF	0_2_002EE8EF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C08E4	0_2_002C08E4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002508FE	0_2_002508FE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B48C8	0_2_002B48C8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CC8C9	0_2_002CC8C9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020E8C6	0_2_0020E8C6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C88CB	0_2_002C88CB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002848C2	0_2_002848C2
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002528DE	0_2_002528DE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00262927	0_2_00262927
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F8918	0_2_001F8918
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A6910	0_2_001A6910
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F6922	0_2_002F6922
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020493D	0_2_0020493D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023A908	0_2_0023A908
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00302908	0_2_00302908
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030690F	0_2_0030690F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002BA96A	0_2_002BA96A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025A96D	0_2_0025A96D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020096A	0_2_0020096A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A097A	0_2_002A097A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00230974	0_2_00230974
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030496F	0_2_0030496F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00276943	0_2_00276943
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0019E960	0_2_0019E960
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020695D	0_2_0020695D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026E9B6	0_2_0026E9B6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D29B8	0_2_002D29B8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030C993	0_2_0030C993
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027C982	0_2_0027C982
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C29EF	0_2_002C29EF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002429E3	0_2_002429E3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F49E7	0_2_002F49E7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E89C9	0_2_001E89C9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001AC9EB	0_2_001AC9EB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003D29CF	0_2_003D29CF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001C09E0	0_2_001C09E0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00254A2F	0_2_00254A2F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E0A24	0_2_002E0A24
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00314A24	0_2_00314A24
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00202A3D	0_2_00202A3D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F2A0F	0_2_002F2A0F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A2A08	0_2_002A2A08
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002AAA1F	0_2_002AAA1F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002ACA67	0_2_002ACA67
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E8A61	0_2_002E8A61
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F4A4C	0_2_001F4A4C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00234A7A	0_2_00234A7A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001BCA40	0_2_001BCA40
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CEA72	0_2_002CEA72
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00312A55	0_2_00312A55
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002BEA41	0_2_002BEA41
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FCA68	0_2_001FCA68
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F6AAD	0_2_002F6AAD
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00302ABF	0_2_00302ABF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00270ABA	0_2_00270ABA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A8ABC	0_2_001A8ABC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002EEA87	0_2_002EEA87
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E0AB2	0_2_001E0AB2
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026AAEE	0_2_0026AAEE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00230AF4	0_2_00230AF4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022CAF8	0_2_0022CAF8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00198B1B	0_2_00198B1B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020CB32	0_2_0020CB32
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00224B35	0_2_00224B35
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028AB37	0_2_0028AB37
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00294B6B	0_2_00294B6B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DEB6F	0_2_002DEB6F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029CB6E	0_2_0029CB6E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00358B7D	0_2_00358B7D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0018AB40	0_2_0018AB40
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027AB7B	0_2_0027AB7B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00216B7C	0_2_00216B7C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002FCBAC	0_2_002FCBAC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00274BB2	0_2_00274BB2
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0019EB80	0_2_0019EB80
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E6BBF	0_2_001E6BBF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00184BA0	0_2_00184BA0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00292B93	0_2_00292B93
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022EBEC	0_2_0022EBEC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00238BF4	0_2_00238BF4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002BABF4	0_2_002BABF4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003E0BDE	0_2_003E0BDE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00248BC4	0_2_00248BC4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F0BFD	0_2_001F0BFD
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001EABFA	0_2_001EABFA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00244BC1	0_2_00244BC1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00236BCE	0_2_00236BCE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025EC39	0_2_0025EC39
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E2C23	0_2_001E2C23
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A6C17	0_2_002A6C17
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028EC6A	0_2_0028EC6A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00268C7E	0_2_00268C7E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028CC70	0_2_0028CC70
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00226C42	0_2_00226C42
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DCC4C	0_2_002DCC4C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CCC46	0_2_002CCC46
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00214C52	0_2_00214C52
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025CC52	0_2_0025CC52
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029ECA8	0_2_0029ECA8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020ACA8	0_2_0020ACA8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B2CA5	0_2_002B2CA5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00282CBE	0_2_00282CBE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022AC97	0_2_0022AC97
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00194CA0	0_2_00194CA0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002FAC96	0_2_002FAC96
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DACF5	0_2_002DACF5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00242CFA	0_2_00242CFA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00270CC9	0_2_00270CC9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E4CD1	0_2_002E4CD1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00276D2A	0_2_00276D2A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020ED32	0_2_0020ED32
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A0D31	0_2_002A0D31
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024ED0F	0_2_0024ED0F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026ED0B	0_2_0026ED0B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A6D2E	0_2_001A6D2E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001C0D20	0_2_001C0D20
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00258D18	0_2_00258D18
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001ACD5E	0_2_001ACD5E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001EED52	0_2_001EED52
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001ACD4C	0_2_001ACD4C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00246D7A	0_2_00246D7A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00222D45	0_2_00222D45
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027ED51	0_2_0027ED51
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CCDAF	0_2_002CCDAF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025ADA0	0_2_0025ADA0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FAD89	0_2_001FAD89
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00310DA6	0_2_00310DA6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C2DB0	0_2_002C2DB0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00266D85	0_2_00266D85
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00316D9C	0_2_00316D9C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00200D8E	0_2_00200D8E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C6D98	0_2_002C6D98
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00278D92	0_2_00278D92
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030AD87	0_2_0030AD87
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0021ED98	0_2_0021ED98
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00264D9D	0_2_00264D9D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00254DE5	0_2_00254DE5
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002FEDEB	0_2_002FEDEB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029EDF8	0_2_0029EDF8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002ECDF6	0_2_002ECDF6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00202DFC	0_2_00202DFC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027CDF9	0_2_0027CDF9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0023ADC0	0_2_0023ADC0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001BCDF0	0_2_001BCDF0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002ACDC1	0_2_002ACDC1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00256DD4	0_2_00256DD4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002DCDDC	0_2_002DCDDC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CEDDF	0_2_002CEDDF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00262E27	0_2_00262E27
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D2E29	0_2_002D2E29
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E8E25	0_2_002E8E25
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00308E3F	0_2_00308E3F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002AAE3E	0_2_002AAE3E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002EAE3A	0_2_002EAE3A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D0E37	0_2_002D0E37
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00238E3F	0_2_00238E3F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00228E09	0_2_00228E09
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A4E10	0_2_002A4E10
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002D6E10	0_2_002D6E10
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00206E67	0_2_00206E67
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026AE7E	0_2_0026AE7E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0018CE45	0_2_0018CE45
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00314E50	0_2_00314E50
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A0E6C	0_2_001A0E6C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001A2E6D	0_2_001A2E6D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001AEE63	0_2_001AEE63
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00304EB8	0_2_00304EB8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024AEB6	0_2_0024AEB6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002EEE88	0_2_002EEE88
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F2E88	0_2_002F2E88
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00182EB0	0_2_00182EB0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0019AEB0	0_2_0019AEB0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022CE97	0_2_0022CE97
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00222E98	0_2_00222E98
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001B8EA0	0_2_001B8EA0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028EEC3	0_2_0028EEC3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B8EDF	0_2_002B8EDF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F6F1C	0_2_001F6F1C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E6F39	0_2_001E6F39
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00298F14	0_2_00298F14
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00274F62	0_2_00274F62
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0026CF61	0_2_0026CF61
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002ACF63	0_2_002ACF63
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00196F52	0_2_00196F52
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001EAF4E	0_2_001EAF4E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E0F46	0_2_001E0F46
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001F4F7E	0_2_001F4F7E
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002F4F44	0_2_002F4F44
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027AF5D	0_2_0027AF5D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E8F84	0_2_001E8F84
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00236FB8	0_2_00236FB8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00218F83	0_2_00218F83
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A6F85	0_2_002A6F85
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E4F81	0_2_002E4F81
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002C0FE1	0_2_002C0FE1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FCFFB	0_2_001FCFFB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00290FC4	0_2_00290FC4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00224FD9	0_2_00224FD9
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028D039	0_2_0028D039
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0019D003	0_2_0019D003
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00259007	0_2_00259007
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00269008	0_2_00269008
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0018D021	0_2_0018D021
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025101F	0_2_0025101F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E3060	0_2_002E3060
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00209075	0_2_00209075
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0028B071	0_2_0028B071
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0021507A	0_2_0021507A
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029D041	0_2_0029D041
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E306D	0_2_001E306D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00231056	0_2_00231056
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024505C	0_2_0024505C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00239059	0_2_00239059
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003010B1	0_2_003010B1
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002230A4	0_2_002230A4
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002810AF	0_2_002810AF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002A10B7	0_2_002A10B7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003570AB	0_2_003570AB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002CF09F	0_2_002CF09F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0027D09F	0_2_0027D09F
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022709D	0_2_0022709D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025B0E7	0_2_0025B0E7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003030E3	0_2_003030E3
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B30D0	0_2_002B30D0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0030F0CE	0_2_0030F0CE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0021D125	0_2_0021D125
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0022F12C	0_2_0022F12C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001E5108	0_2_001E5108
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00249114	0_2_00249114
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0029B118	0_2_0029B118
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00287115	0_2_00287115
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B5116	0_2_002B5116
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00233173	0_2_00233173
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002E917B	0_2_002E917B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FB178	0_2_001FB178
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_00247157	0_2_00247157
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0025715C	0_2_0025715C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0020F15B	0_2_0020F15B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0024B158	0_2_0024B158

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: String function: 00187F60 appears 40 times
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: String function: 00194C90 appears 77 times

Source: Tqa1vDp9NT.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Tqa1vDp9NT.exe	Static PE information: Section: ZLIB complexity 0.9995659722222222
Source: Tqa1vDp9NT.exe	Static PE information: Section: uiizzldj ZLIB complexity 0.9948656398721

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@11/2

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Code function: 0_2_001B2070 CoCreateInstance,

0_2_001B2070

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Tqa1vDp9NT.exe	Virustotal: Detection: 56%
Source: Tqa1vDp9NT.exe	ReversingLabs: Detection: 57%

Source: Tqa1vDp9NT.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

File read: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Jump to behavior

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: Tqa1vDp9NT.exe

Static file information: File size 1893376 > 1048576

Source: Tqa1vDp9NT.exe

Static PE information: Raw size of uiizzldj is bigger than: 0x100000 < 0x1a4400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Unpacked PE file: 0.2.Tqa1vDp9NT.exe.180000.0.unpack :EW;.rsrc:W;.idata :W; :EW;uiizzldj:EW;orqpgtlg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;uiizzldj:EW;orqpgtlg:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: Tqa1vDp9NT.exe

Static PE information: real checksum: 0x1d43f5 should be: 0x1d4964

Source: Tqa1vDp9NT.exe	Static PE information: section name:
Source: Tqa1vDp9NT.exe	Static PE information: section name: .idata
Source: Tqa1vDp9NT.exe	Static PE information: section name:
Source: Tqa1vDp9NT.exe	Static PE information: section name: uiizzldj
Source: Tqa1vDp9NT.exe	Static PE information: section name: orqpgtlg
Source: Tqa1vDp9NT.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001D803A push ebp; mov dword ptr [esp], 4D8F19A1h	0_2_001D803B
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001DC032 push edi; mov dword ptr [esp], 704FA48Eh	0_2_001DC051
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C021 push 37A8AB8Fh; mov dword ptr [esp], edi	0_2_0062C07D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C021 push ebx; mov dword ptr [esp], ecx	0_2_0062C0BB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C021 push 6845158Dh; mov dword ptr [esp], ebx	0_2_0062C0EA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C021 push 5283B1E1h; mov dword ptr [esp], ecx	0_2_0062C0FC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C021 push 5113C115h; mov dword ptr [esp], edi	0_2_0062C123
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C021 push ecx; mov dword ptr [esp], esi	0_2_0062C141
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C03D push 37A8AB8Fh; mov dword ptr [esp], edi	0_2_0062C07D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C03D push ebx; mov dword ptr [esp], ecx	0_2_0062C0BB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C03D push 6845158Dh; mov dword ptr [esp], ebx	0_2_0062C0EA
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C03D push 5283B1E1h; mov dword ptr [esp], ecx	0_2_0062C0FC
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C03D push 5113C115h; mov dword ptr [esp], edi	0_2_0062C123
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_0062C03D push ecx; mov dword ptr [esp], esi	0_2_0062C141
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_003DE054 push 16AC0720h; mov dword ptr [esp], ebp	0_2_003DE0B8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_004380D9 push 5EB0BBC9h; mov dword ptr [esp], edx	0_2_0043813D
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_004380D9 push edi; mov dword ptr [esp], 3BBF2513h	0_2_0043815C
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE084 push eax; mov dword ptr [esp], edx	0_2_001FE4AB
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE084 push ebx; mov dword ptr [esp], 50748F7Dh	0_2_001FE4AF
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE084 push edx; mov dword ptr [esp], 7E6DBA44h	0_2_001FE4E0
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE084 push edi; mov dword ptr [esp], ebp	0_2_001FE522
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE084 push edx; mov dword ptr [esp], eax	0_2_001FE5B8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE084 push 782F277Ah; mov dword ptr [esp], edi	0_2_001FE5F7
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_001FE084 push edi; mov dword ptr [esp], edx	0_2_001FE647
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B4091 push 11143CEFh; mov dword ptr [esp], eax	0_2_002B45AD
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B4091 push ebx; mov dword ptr [esp], edi	0_2_002B4669
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B4091 push ebx; mov dword ptr [esp], ecx	0_2_002B4724
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B4091 push ebp; mov dword ptr [esp], edx	0_2_002B4757
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002B4091 push ecx; mov dword ptr [esp], edx	0_2_002B47C6
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002780E1 push edi; mov dword ptr [esp], eax	0_2_002783D8
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Code function: 0_2_002780E1 push edi; mov dword ptr [esp], 3BB20900h	0_2_002783DC

Source: Tqa1vDp9NT.exe	Static PE information: section name: entropy: 7.978074904611501
Source: Tqa1vDp9NT.exe	Static PE information: section name: uiizzldj entropy: 7.95464780991997

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 36124F second address: 36125D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F82D8D1C926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 364568 second address: 36456D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 36456D second address: 364596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or dword ptr [ebp+122D1AF4h], eax 0x00000012 push 00000000h 0x00000014 or esi, 4A1CB376h 0x0000001a add esi, 726C93DAh 0x00000020 push 10A2C6F1h 0x00000025 push esi 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 364596 second address: 3645E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D91AB3EAh 0x00000009 popad 0x0000000a pop esi 0x0000000b xor dword ptr [esp], 10A2C671h 0x00000012 jmp 00007F82D91AB3EDh 0x00000017 push 00000003h 0x00000019 sub dword ptr [ebp+122D1BE8h], ebx 0x0000001f push 00000000h 0x00000021 mov cl, 0Ch 0x00000023 push 00000003h 0x00000025 mov ecx, 71ADBEE1h 0x0000002a mov edi, 205D7A54h 0x0000002f call 00007F82D91AB3E9h 0x00000034 push eax 0x00000035 push edx 0x00000036 jnc 00007F82D91AB3E8h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3645E5 second address: 364623 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C932h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F82D8D1C92Bh 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F82D8D1C92Eh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 364623 second address: 364629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 364629 second address: 36462D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 36462D second address: 3646BE instructions: 0x00000000 rdtsc 0x00000002 jl 00007F82D91AB3E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jmp 00007F82D91AB3F0h 0x00000015 pop eax 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F82D91AB3E8h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 mov edi, dword ptr [ebp+122D3A81h] 0x00000036 lea ebx, dword ptr [ebp+1245F30Bh] 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007F82D91AB3E8h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 0000001Ah 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 mov esi, dword ptr [ebp+122D398Dh] 0x0000005c mov dword ptr [ebp+122D17F7h], eax 0x00000062 push eax 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F82D91AB3F2h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3646BE second address: 3646C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3646C8 second address: 3646CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 364720 second address: 36472A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F82D8D1C92Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 36472A second address: 36475F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F82D91AB3E8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 call 00007F82D91AB3E9h 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 36475F second address: 3647B6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F82D8D1C926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F82D8D1C92Ah 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 jmp 00007F82D8D1C937h 0x0000001e mov eax, dword ptr [eax] 0x00000020 jbe 00007F82D8D1C92Eh 0x00000026 jnc 00007F82D8D1C928h 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 je 00007F82D8D1C92Ch 0x00000038 jns 00007F82D8D1C926h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3647B6 second address: 3647BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 364868 second address: 364881 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F82D8D1C926h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnp 00007F82D8D1C928h 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 364881 second address: 3648BE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F82D91AB3F6h 0x00000011 mov eax, dword ptr [eax] 0x00000013 push esi 0x00000014 pushad 0x00000015 jmp 00007F82D91AB3F5h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3648BE second address: 3648F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F82D8D1C936h 0x00000012 jmp 00007F82D8D1C930h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3648F2 second address: 3648F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 347C5E second address: 347C7E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F82D8D1C930h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jo 00007F82D8D1C926h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 382214 second address: 382219 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 382AB8 second address: 382AEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C937h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F82D8D1C92Dh 0x00000011 jmp 00007F82D8D1C92Ah 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 382AEE second address: 382B0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F82D91AB3E6h 0x00000009 jl 00007F82D91AB3E6h 0x0000000f jbe 00007F82D91AB3E6h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jno 00007F82D91AB3E6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 382DB4 second address: 382DD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F82D8D1C926h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F82D8D1C933h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 382F74 second address: 382F78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 382F78 second address: 382F7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 382F7E second address: 382F8B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F82D91AB3E8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 38320F second address: 383216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 383216 second address: 383221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 383221 second address: 38322B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F82D8D1C926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 384026 second address: 38403B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F82D91AB3ECh 0x0000000c jp 00007F82D91AB3E6h 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3874FB second address: 3874FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3864B3 second address: 3864B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3891FA second address: 389200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 389200 second address: 389212 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 389212 second address: 38924E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F82D8D1C932h 0x00000010 jmp 00007F82D8D1C92Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 38924E second address: 389258 instructions: 0x00000000 rdtsc 0x00000002 je 00007F82D91AB3EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 38B435 second address: 38B43B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 38B43B second address: 38B46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F82D91AB3EDh 0x0000000c jmp 00007F82D91AB3F7h 0x00000011 jnc 00007F82D91AB3E6h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 38B46D second address: 38B472 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3864AB second address: 3864B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 391A0F second address: 391A1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F82D8D1C926h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 390E82 second address: 390E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 jc 00007F82D91AB3E8h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 390E94 second address: 390EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F82D8D1C926h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d jo 00007F82D8D1C92Ah 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a jmp 00007F82D8D1C930h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 390EC0 second address: 390EC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3911A5 second address: 3911A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3939C5 second address: 3939DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3939DD second address: 393A0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C92Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 63ADFDF4h 0x00000010 sub dword ptr [ebp+122D1C62h], edx 0x00000016 call 00007F82D8D1C929h 0x0000001b push ebx 0x0000001c jo 00007F82D8D1C92Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393A0D second address: 393A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop ebx 0x0000000b pop ebx 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007F82D91AB3EEh 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 je 00007F82D91AB3FEh 0x0000001e jmp 00007F82D91AB3F8h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 push ebx 0x00000029 push edi 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393B64 second address: 393B68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393B68 second address: 393B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F82D91AB3E8h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393DF3 second address: 393E00 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F82D8D1C926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393E00 second address: 393E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3946FE second address: 394702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 395B30 second address: 395B67 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov esi, 1EECA2E2h 0x00000010 xor dword ptr [ebp+122D1AEFh], eax 0x00000016 push 00000000h 0x00000018 mov esi, dword ptr [ebp+122D38D1h] 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 jmp 00007F82D91AB3F0h 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3963A2 second address: 3963A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 397570 second address: 397576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 397576 second address: 39757F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 397317 second address: 39731B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 397639 second address: 397655 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C934h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 398224 second address: 398229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 398229 second address: 398242 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F82D8D1C934h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 398242 second address: 398269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007F82D91AB3F9h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 398269 second address: 39827B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F82D8D1C92Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39827B second address: 398302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F82D91AB3E8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 je 00007F82D91AB3FBh 0x00000028 call 00007F82D91AB3EEh 0x0000002d mov esi, dword ptr [ebp+122D3819h] 0x00000033 pop edi 0x00000034 mov edi, ebx 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F82D91AB3E8h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 00000018h 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 or dword ptr [ebp+122D37A1h], edx 0x00000058 push 00000000h 0x0000005a sub dword ptr [ebp+1247034Fh], eax 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 jng 00007F82D91AB3ECh 0x00000069 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 398C2A second address: 398C2F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 398C2F second address: 398C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F82D91AB3F1h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F82D91AB3E8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov di, 65D1h 0x0000002c push 00000000h 0x0000002e mov edi, 7942F942h 0x00000033 push 00000000h 0x00000035 jno 00007F82D91AB3ECh 0x0000003b mov dword ptr [ebp+122D58FAh], edx 0x00000041 push eax 0x00000042 jo 00007F82D91AB3F0h 0x00000048 pushad 0x00000049 push eax 0x0000004a pop eax 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39968D second address: 399732 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F82D8D1C926h 0x00000012 popad 0x00000013 popad 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F82D8D1C928h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f mov esi, dword ptr [ebp+122D3672h] 0x00000035 push 00000000h 0x00000037 mov edi, dword ptr [ebp+122D3931h] 0x0000003d mov esi, dword ptr [ebp+122D1AC7h] 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ecx 0x00000048 call 00007F82D8D1C928h 0x0000004d pop ecx 0x0000004e mov dword ptr [esp+04h], ecx 0x00000052 add dword ptr [esp+04h], 00000015h 0x0000005a inc ecx 0x0000005b push ecx 0x0000005c ret 0x0000005d pop ecx 0x0000005e ret 0x0000005f call 00007F82D8D1C936h 0x00000064 and esi, dword ptr [ebp+122D3681h] 0x0000006a pop esi 0x0000006b xchg eax, ebx 0x0000006c push eax 0x0000006d push edx 0x0000006e jno 00007F82D8D1C928h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39A0CB second address: 39A0CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39A0CF second address: 39A129 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C92Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F82D8D1C92Ch 0x00000012 pop edx 0x00000013 nop 0x00000014 mov edi, ecx 0x00000016 push 00000000h 0x00000018 mov esi, dword ptr [ebp+122D37E1h] 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F82D8D1C928h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000016h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a mov dword ptr [ebp+122D1CDAh], edi 0x00000040 push eax 0x00000041 push ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39A129 second address: 39A12D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39BCB1 second address: 39BCD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F82D8D1C935h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39BCD4 second address: 39BD22 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 je 00007F82D91AB3E6h 0x0000000d pop edi 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F82D91AB3E8h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a xor ebx, 7FDFF906h 0x00000030 push 00000000h 0x00000032 sub edi, dword ptr [ebp+122D2DE0h] 0x00000038 mov bl, 52h 0x0000003a push 00000000h 0x0000003c mov ebx, dword ptr [ebp+122D2DE0h] 0x00000042 xchg eax, esi 0x00000043 pushad 0x00000044 push edi 0x00000045 push ebx 0x00000046 pop ebx 0x00000047 pop edi 0x00000048 push eax 0x00000049 push edx 0x0000004a push edx 0x0000004b pop edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 399E65 second address: 399E7C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F82D8D1C928h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007F82D8D1C926h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 399E7C second address: 399E80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 399E80 second address: 399E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 399E86 second address: 399E8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39BEEE second address: 39BF84 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F82D8D1C926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jl 00007F82D8D1C92Bh 0x00000014 mov ebx, 20764D87h 0x00000019 push dword ptr fs:[00000000h] 0x00000020 add dword ptr [ebp+122D19D1h], ebx 0x00000026 mov dword ptr fs:[00000000h], esp 0x0000002d call 00007F82D8D1C92Ah 0x00000032 clc 0x00000033 pop ebx 0x00000034 mov eax, dword ptr [ebp+122D14F5h] 0x0000003a mov ebx, 7F7F7D34h 0x0000003f push FFFFFFFFh 0x00000041 push 00000000h 0x00000043 push ebp 0x00000044 call 00007F82D8D1C928h 0x00000049 pop ebp 0x0000004a mov dword ptr [esp+04h], ebp 0x0000004e add dword ptr [esp+04h], 0000001Ah 0x00000056 inc ebp 0x00000057 push ebp 0x00000058 ret 0x00000059 pop ebp 0x0000005a ret 0x0000005b cmc 0x0000005c push ebx 0x0000005d add ebx, 3CD7CF00h 0x00000063 pop edi 0x00000064 mov ebx, 1C4D4E41h 0x00000069 push eax 0x0000006a pushad 0x0000006b push ecx 0x0000006c jmp 00007F82D8D1C938h 0x00000071 pop ecx 0x00000072 push eax 0x00000073 push edx 0x00000074 push ebx 0x00000075 pop ebx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A66F4 second address: 3A66FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39F37A second address: 39F382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A66FB second address: 3A671B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007F82D91AB3EEh 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A1A46 second address: 3A1A4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39F382 second address: 39F386 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A29F3 second address: 3A29F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A3925 second address: 3A3929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A57CC second address: 3A57D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A29F7 second address: 3A2A0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A57D9 second address: 3A57DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A2A0C second address: 3A2A11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39F453 second address: 39F459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A57DD second address: 3A57E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AB52F second address: 3AB546 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C92Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AB546 second address: 3AB54C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AB54C second address: 3AB5AC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bh, 03h 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F82D8D1C928h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov ebx, dword ptr [ebp+122D386Dh] 0x0000002d push 00000000h 0x0000002f mov dword ptr [ebp+122D2DE5h], edi 0x00000035 add edi, 59D24249h 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d push eax 0x0000003e ja 00007F82D8D1C926h 0x00000044 pop eax 0x00000045 pop eax 0x00000046 push eax 0x00000047 pushad 0x00000048 jne 00007F82D8D1C92Ch 0x0000004e jng 00007F82D8D1C92Ch 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AD2A2 second address: 3AD2A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A871A second address: 3A8788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 xor bh, 00000034h 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov dword ptr fs:[00000000h], esp 0x0000001a jmp 00007F82D8D1C930h 0x0000001f mov eax, dword ptr [ebp+122D04D9h] 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F82D8D1C928h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 00000015h 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f push FFFFFFFFh 0x00000041 mov dword ptr [ebp+122D1AC7h], esi 0x00000047 nop 0x00000048 pushad 0x00000049 jmp 00007F82D8D1C933h 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AA742 second address: 3AA80A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D91AB3F1h 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F82D91AB3F5h 0x00000010 nop 0x00000011 push ecx 0x00000012 mov edi, 43704773h 0x00000017 pop ebx 0x00000018 push dword ptr fs:[00000000h] 0x0000001f push 00000000h 0x00000021 push ecx 0x00000022 call 00007F82D91AB3E8h 0x00000027 pop ecx 0x00000028 mov dword ptr [esp+04h], ecx 0x0000002c add dword ptr [esp+04h], 00000019h 0x00000034 inc ecx 0x00000035 push ecx 0x00000036 ret 0x00000037 pop ecx 0x00000038 ret 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 push 00000000h 0x00000042 push esi 0x00000043 call 00007F82D91AB3E8h 0x00000048 pop esi 0x00000049 mov dword ptr [esp+04h], esi 0x0000004d add dword ptr [esp+04h], 00000017h 0x00000055 inc esi 0x00000056 push esi 0x00000057 ret 0x00000058 pop esi 0x00000059 ret 0x0000005a mov dword ptr [ebp+12458ACFh], eax 0x00000060 mov eax, dword ptr [ebp+122D1575h] 0x00000066 mov dword ptr [ebp+1245C0DCh], ebx 0x0000006c push FFFFFFFFh 0x0000006e sub dword ptr [ebp+122D35C6h], ebx 0x00000074 jmp 00007F82D91AB3F0h 0x00000079 push eax 0x0000007a pushad 0x0000007b push esi 0x0000007c jmp 00007F82D91AB3EBh 0x00000081 pop esi 0x00000082 push eax 0x00000083 push edx 0x00000084 jmp 00007F82D91AB3EBh 0x00000089 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A8788 second address: 3A878C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A878C second address: 3A8790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A8790 second address: 3A879E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3A879E second address: 3A87A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B0628 second address: 3B062E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AB6C1 second address: 3AB6C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AB6C5 second address: 3AB6CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AB6CB second address: 3AB746 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F82D91AB3E8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 add edi, dword ptr [ebp+122D1DEEh] 0x0000002a push dword ptr fs:[00000000h] 0x00000031 add edi, dword ptr [ebp+122D2DC2h] 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e mov bh, BDh 0x00000040 mov eax, dword ptr [ebp+122D0B01h] 0x00000046 push 00000000h 0x00000048 push ebp 0x00000049 call 00007F82D91AB3E8h 0x0000004e pop ebp 0x0000004f mov dword ptr [esp+04h], ebp 0x00000053 add dword ptr [esp+04h], 00000016h 0x0000005b inc ebp 0x0000005c push ebp 0x0000005d ret 0x0000005e pop ebp 0x0000005f ret 0x00000060 push FFFFFFFFh 0x00000062 push eax 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AB746 second address: 3AB74A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AB74A second address: 3AB771 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F82D91AB3F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AC617 second address: 3AC633 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C938h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B785C second address: 3B7860 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B7860 second address: 3B7873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F82D8D1C926h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B7873 second address: 3B7884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jns 00007F82D91AB3E6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B7884 second address: 3B7888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B7888 second address: 3B788C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B788C second address: 3B7892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B7892 second address: 3B789A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3B95D4 second address: 3B9608 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F82D8D1C935h 0x0000000b popad 0x0000000c pushad 0x0000000d jnp 00007F82D8D1C92Eh 0x00000013 ja 00007F82D8D1C926h 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c jng 00007F82D8D1C926h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3BD432 second address: 3BD43D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3BD43D second address: 3BD451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F82D8D1C926h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3BD451 second address: 3BD455 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3BD455 second address: 3BD45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3BD45B second address: 3BD46F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d jnc 00007F82D91AB3E6h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AC633 second address: 3AC6DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, edx 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push ecx 0x00000015 jne 00007F82D8D1C92Bh 0x0000001b pop ebx 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 call 00007F82D8D1C935h 0x00000028 mov bx, cx 0x0000002b pop ebx 0x0000002c mov eax, dword ptr [ebp+122D09D1h] 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007F82D8D1C928h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 0000001Dh 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c mov edi, dword ptr [ebp+122D3B49h] 0x00000052 jnc 00007F82D8D1C927h 0x00000058 push FFFFFFFFh 0x0000005a push 00000000h 0x0000005c push esi 0x0000005d call 00007F82D8D1C928h 0x00000062 pop esi 0x00000063 mov dword ptr [esp+04h], esi 0x00000067 add dword ptr [esp+04h], 00000014h 0x0000006f inc esi 0x00000070 push esi 0x00000071 ret 0x00000072 pop esi 0x00000073 ret 0x00000074 mov ebx, edx 0x00000076 nop 0x00000077 push edi 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007F82D8D1C92Fh 0x0000007f rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AC6DF second address: 3AC711 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F82D91AB3F5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AC711 second address: 3AC715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 35A16C second address: 35A184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D91AB3F2h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C1CD9 second address: 3C1CEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007F82D8D1C92Bh 0x0000000a pop edi 0x0000000b popad 0x0000000c pushad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C1CEF second address: 3C1D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F82D91AB3E6h 0x0000000a pop edx 0x0000000b pushad 0x0000000c jns 00007F82D91AB3E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C1D03 second address: 3C1D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D8D1C932h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C2499 second address: 3C249D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C2C8C second address: 3C2C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C2C95 second address: 3C2C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C2E1C second address: 3C2E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F82D8D1C92Ch 0x0000000a push edi 0x0000000b jno 00007F82D8D1C926h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AD496 second address: 3AD4B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jo 00007F82D91AB3F0h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3AD4B6 second address: 3AD54C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 jbe 00007F82D8D1C92Ch 0x0000000d sub dword ptr [ebp+12458943h], edx 0x00000013 jmp 00007F82D8D1C937h 0x00000018 push dword ptr fs:[00000000h] 0x0000001f jmp 00007F82D8D1C934h 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b mov dword ptr [ebp+122D3704h], edi 0x00000031 mov eax, dword ptr [ebp+122D170Dh] 0x00000037 or dword ptr [ebp+122D37A1h], ecx 0x0000003d push FFFFFFFFh 0x0000003f push 00000000h 0x00000041 push esi 0x00000042 call 00007F82D8D1C928h 0x00000047 pop esi 0x00000048 mov dword ptr [esp+04h], esi 0x0000004c add dword ptr [esp+04h], 0000001Ah 0x00000054 inc esi 0x00000055 push esi 0x00000056 ret 0x00000057 pop esi 0x00000058 ret 0x00000059 push eax 0x0000005a pushad 0x0000005b pushad 0x0000005c jns 00007F82D8D1C926h 0x00000062 push edi 0x00000063 pop edi 0x00000064 popad 0x00000065 push eax 0x00000066 push edx 0x00000067 jc 00007F82D8D1C926h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8639 second address: 3C863F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C863F second address: 3C8643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8643 second address: 3C8647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8647 second address: 3C8652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8652 second address: 3C866E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F82D91AB3F2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3921E6 second address: 3921EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39285C second address: 392861 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 392A4E second address: 392A54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 392B91 second address: 392BA4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 ja 00007F82D91AB3E6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 392C6D second address: 392C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D8D1C92Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F82D8D1C939h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39335A second address: 393364 instructions: 0x00000000 rdtsc 0x00000002 js 00007F82D91AB3E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393364 second address: 39336A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3934AD second address: 3934B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3934B1 second address: 3934B6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3934B6 second address: 3934C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jl 00007F82D91AB3EEh 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3934C7 second address: 3934EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jmp 00007F82D8D1C92Ah 0x0000000e mov eax, dword ptr [eax] 0x00000010 jmp 00007F82D8D1C92Ah 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3934EF second address: 3934F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3935BB second address: 3935BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3935BF second address: 39362D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 jmp 00007F82D91AB3F1h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F82D91AB3E8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push edx 0x00000029 mov ecx, dword ptr [ebp+122D1BE8h] 0x0000002f pop ecx 0x00000030 lea eax, dword ptr [ebp+1248CFCFh] 0x00000036 jns 00007F82D91AB3FAh 0x0000003c push eax 0x0000003d pushad 0x0000003e push edi 0x0000003f jg 00007F82D91AB3E6h 0x00000045 pop edi 0x00000046 pushad 0x00000047 pushad 0x00000048 popad 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39362D second address: 39365F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 lea eax, dword ptr [ebp+1248CF8Bh] 0x0000000f jmp 00007F82D8D1C932h 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jmp 00007F82D8D1C92Ah 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 39365F second address: 393669 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F82D91AB3ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393669 second address: 393679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F82D8D1C926h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393679 second address: 39367D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8B23 second address: 3C8B2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8B2A second address: 3C8B35 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jg 00007F82D91AB3E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8CB4 second address: 3C8CD8 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F82D8D1C926h 0x00000008 jmp 00007F82D8D1C936h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8E50 second address: 3C8E6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F82D91AB3F8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8FA7 second address: 3C8FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8FAD second address: 3C8FB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3C8FB1 second address: 3C8FB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3CCE1A second address: 3CCE2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop esi 0x00000007 ja 00007F82D91AB3E8h 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3CCE2F second address: 3CCE44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D8D1C931h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3CCE44 second address: 3CCE48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D112B second address: 3D1130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D12A3 second address: 3D12A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D12A9 second address: 3D12AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D12AD second address: 3D12B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D12B1 second address: 3D12DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F82D8D1C930h 0x0000000e jmp 00007F82D8D1C92Ah 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 jnl 00007F82D8D1C926h 0x0000001c jng 00007F82D8D1C926h 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D171F second address: 3D172B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D172B second address: 3D1732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D1732 second address: 3D1746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F82D91AB3EEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D1746 second address: 3D1798 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F82D8D1C926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F82D8D1C933h 0x00000016 jmp 00007F82D8D1C92Ah 0x0000001b push edi 0x0000001c pop edi 0x0000001d popad 0x0000001e pushad 0x0000001f jng 00007F82D8D1C926h 0x00000025 jmp 00007F82D8D1C937h 0x0000002a pushad 0x0000002b popad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D1915 second address: 3D193F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F82D91AB3E6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jmp 00007F82D91AB3F2h 0x00000012 jnp 00007F82D91AB3E8h 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D193F second address: 3D194B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F82D8D1C926h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D1FEF second address: 3D1FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D1FF3 second address: 3D2000 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D2000 second address: 3D2010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D91AB3EAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D0E53 second address: 3D0E59 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3D577A second address: 3D5796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F82D91AB3F6h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DAD05 second address: 3DAD2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C92Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b jmp 00007F82D8D1C931h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DAD2A second address: 3DAD30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DAD30 second address: 3DAD3A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F82D8D1C926h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DAD3A second address: 3DAD58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F82D91AB3F4h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DAD58 second address: 3DAD5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DB2CD second address: 3DB300 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F82D91AB3F4h 0x00000008 jmp 00007F82D91AB3F8h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DB5BF second address: 3DB5DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b js 00007F82D8D1C926h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DB5DA second address: 3DB5FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F82D91AB3F2h 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jl 00007F82D91AB3E6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DB8BB second address: 3DB8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F82D8D1C926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DBB96 second address: 3DBB9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DDDC9 second address: 3DDDCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DDF3F second address: 3DDF71 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F82D91AB3E8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F82D91AB400h 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F82D91AB3F8h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DDF71 second address: 3DDF85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D8D1C930h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DDF85 second address: 3DDF8F instructions: 0x00000000 rdtsc 0x00000002 js 00007F82D91AB3E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DDF8F second address: 3DDF95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3DDF95 second address: 3DDFB1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F82D91AB3F0h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E0A0B second address: 3E0A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D8D1C930h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E0A1F second address: 3E0A53 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F82D91AB3F8h 0x0000000e jmp 00007F82D91AB3EFh 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E0BC0 second address: 3E0BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E0D21 second address: 3E0D42 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F82D91AB3EDh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E0D42 second address: 3E0D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F82D8D1C92Ah 0x0000000c pushad 0x0000000d jmp 00007F82D8D1C934h 0x00000012 jg 00007F82D8D1C926h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E0E87 second address: 3E0E91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F82D91AB3E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E0E91 second address: 3E0E95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E0E95 second address: 3E0EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E4871 second address: 3E4891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F82D8D1C931h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E4891 second address: 3E4899 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3E4899 second address: 3E48A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EB60F second address: 3EB631 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F82D91AB3F8h 0x00000008 jl 00007F82D91AB3ECh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 392FA2 second address: 393027 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 mov cl, D9h 0x0000000a mov ebx, dword ptr [ebp+1248CFCAh] 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F82D8D1C928h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a js 00007F82D8D1C92Ch 0x00000030 sub dword ptr [ebp+122D2A4Bh], edi 0x00000036 pushad 0x00000037 movzx ecx, bx 0x0000003a mov edx, dword ptr [ebp+122D3B09h] 0x00000040 popad 0x00000041 add eax, ebx 0x00000043 push 00000000h 0x00000045 push ebx 0x00000046 call 00007F82D8D1C928h 0x0000004b pop ebx 0x0000004c mov dword ptr [esp+04h], ebx 0x00000050 add dword ptr [esp+04h], 00000019h 0x00000058 inc ebx 0x00000059 push ebx 0x0000005a ret 0x0000005b pop ebx 0x0000005c ret 0x0000005d nop 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F82D8D1C938h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393027 second address: 393094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F82D91AB3F9h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jnc 00007F82D91AB403h 0x00000012 nop 0x00000013 movzx edi, cx 0x00000016 push 00000004h 0x00000018 mov di, A08Ch 0x0000001c nop 0x0000001d pushad 0x0000001e jnp 00007F82D91AB3E8h 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F82D91AB3F4h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 393094 second address: 3930A5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F82D8D1C926h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EB29D second address: 3EB2BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F82D91AB3F9h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EB2BC second address: 3EB2EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F82D8D1C935h 0x00000012 pop ebx 0x00000013 push eax 0x00000014 jmp 00007F82D8D1C92Ah 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EF46D second address: 3EF477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EF477 second address: 3EF481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EE894 second address: 3EE8AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EEA3E second address: 3EEA57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F82D8D1C926h 0x0000000a jmp 00007F82D8D1C92Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EEB95 second address: 3EEB9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EEE82 second address: 3EEE8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EEE8A second address: 3EEE94 instructions: 0x00000000 rdtsc 0x00000002 je 00007F82D91AB3E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3EF010 second address: 3EF014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F690E second address: 3F6951 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007F82D91AB3F1h 0x00000010 jmp 00007F82D91AB3F0h 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F4AA2 second address: 3F4AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F82D8D1C926h 0x0000000a jnl 00007F82D8D1C926h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F4AB3 second address: 3F4AC4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F82D91AB3ECh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F4AC4 second address: 3F4ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F4C26 second address: 3F4C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F4C2F second address: 3F4C33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F4EF4 second address: 3F4EF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F56BC second address: 3F56C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F56C0 second address: 3F56C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F56C6 second address: 3F56CB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F56CB second address: 3F56E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F82D91AB3ECh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F56E3 second address: 3F56ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F82D8D1C926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F59EE second address: 3F59F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F59F2 second address: 3F5A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F82D8D1C926h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F5A02 second address: 3F5A3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F82D91AB3ECh 0x00000010 push edi 0x00000011 pop edi 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 push ebx 0x00000016 pushad 0x00000017 popad 0x00000018 pop ebx 0x00000019 jo 00007F82D91AB3F2h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F5D7D second address: 3F5DA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F82D8D1C926h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F82D8D1C92Ah 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F82D8D1C933h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F609D second address: 3F60A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F60A5 second address: 3F60AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F630C second address: 3F6316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F82D91AB3E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F6316 second address: 3F631A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F631A second address: 3F6355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F82D91AB3ECh 0x0000000c je 00007F82D91AB3E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F82D91AB3F9h 0x0000001a jmp 00007F82D91AB3EEh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F6355 second address: 3F635B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F635B second address: 3F6361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F6643 second address: 3F665A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C931h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3F665A second address: 3F6670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D91AB3F2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3FEDDF second address: 3FEDE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3FEDE4 second address: 3FEE26 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F82D91AB3ECh 0x00000008 pushad 0x00000009 jns 00007F82D91AB3E6h 0x0000000f ja 00007F82D91AB3E6h 0x00000015 jg 00007F82D91AB3E6h 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F82D91AB3EDh 0x00000025 jmp 00007F82D91AB3EFh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3FEE26 second address: 3FEE65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F82D8D1C937h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F82D8D1C936h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jp 00007F82D8D1C926h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 3FF0C7 second address: 3FF0E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F82D91AB3E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 407F4A second address: 407F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F82D8D1C926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4064AD second address: 4064B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4068E5 second address: 4068F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F82D8D1C92Eh 0x0000000a jns 00007F82D8D1C926h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4068F7 second address: 40690C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F82D91AB3EAh 0x00000008 pushad 0x00000009 jng 00007F82D91AB3E6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 406D0E second address: 406D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 406D12 second address: 406D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 406D16 second address: 406D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F82D8D1C936h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 406D34 second address: 406D45 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F82D91AB3E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 406D45 second address: 406D5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D8D1C933h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 406D5C second address: 406D7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F82D91AB3FCh 0x0000000c jmp 00007F82D91AB3F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 406F00 second address: 406F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 40E4B8 second address: 40E4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 40E648 second address: 40E652 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F82D8D1C926h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 40E652 second address: 40E658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 40E658 second address: 40E675 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C938h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 40FFE0 second address: 40FFE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 40FFE4 second address: 40FFE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 40FFE8 second address: 40FFF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F82D91AB3E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D671 second address: 41D692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D8D1C936h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D692 second address: 41D698 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D698 second address: 41D6A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F82D8D1C926h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D6A4 second address: 41D6A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D6A8 second address: 41D6AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D6AC second address: 41D6C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F82D91AB3E6h 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D6C2 second address: 41D6D0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F82D8D1C926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D6D0 second address: 41D6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D6D4 second address: 41D6DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D27C second address: 41D282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D282 second address: 41D28D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 41D3C3 second address: 41D3C9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 42E85C second address: 42E860 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 42E860 second address: 42E876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F82D91AB3E6h 0x00000010 jne 00007F82D91AB3E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 42E876 second address: 42E87A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 42E87A second address: 42E880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 42E880 second address: 42E8A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 jmp 00007F82D8D1C938h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 42E8A1 second address: 42E8A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4306CE second address: 4306E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C931h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4306E6 second address: 4306ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4306ED second address: 4306F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4306F5 second address: 4306F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 430573 second address: 430577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4374A6 second address: 4374AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4374AB second address: 4374B0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4377A9 second address: 4377CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F9h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4377CC second address: 4377D4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 4377D4 second address: 4377EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F82D91AB3F4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 437DC6 second address: 437DCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 43C840 second address: 43C846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 43C533 second address: 43C56C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F82D8D1C936h 0x0000000e jnl 00007F82D8D1C936h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 43C56C second address: 43C572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 447301 second address: 447305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 447305 second address: 447312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push edx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 44BEEE second address: 44BF0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F82D8D1C939h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 45C0D1 second address: 45C0EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F82D91AB3F7h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 45C2AC second address: 45C2B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 45C2B3 second address: 45C2B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 45E9BF second address: 45E9CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F82D8D1C926h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 472C0D second address: 472C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007F82D91AB3EBh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 472C1F second address: 472C57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C934h 0x00000007 jmp 00007F82D8D1C937h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f jnp 00007F82D8D1C92Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471B76 second address: 471B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jp 00007F82D91AB3E8h 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471CED second address: 471D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnp 00007F82D8D1C926h 0x0000000c jmp 00007F82D8D1C92Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471D08 second address: 471D4E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F82D91AB3E6h 0x00000008 jmp 00007F82D91AB3F1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007F82D91AB3F8h 0x00000015 jmp 00007F82D91AB3F2h 0x0000001a ja 00007F82D91AB3ECh 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471D4E second address: 471D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471D52 second address: 471D56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471D56 second address: 471D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F82D8D1C92Ah 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471D68 second address: 471D74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F82D91AB3E6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471D74 second address: 471D85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D8D1C92Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471F0D second address: 471F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471F11 second address: 471F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471F1B second address: 471F23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 471F23 second address: 471F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 478374 second address: 478378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 478378 second address: 478383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 478678 second address: 478682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F82D91AB3E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 478682 second address: 478699 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F82D8D1C92Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 478699 second address: 4786B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f pushad 0x00000010 jo 00007F82D91AB3E6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 47B877 second address: 47B88A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F82D8D1C92Ch 0x0000000a jbe 00007F82D8D1C926h 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 47B410 second address: 47B418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 47D3EF second address: 47D401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F82D8D1C92Bh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 47D401 second address: 47D425 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F82D91AB3F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jo 00007F82D91AB3E6h 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	RDTSC instruction interceptor: First address: 47D425 second address: 47D431 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jns 00007F82D8D1C926h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Special instruction interceptor: First address: 385A91 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Special instruction interceptor: First address: 3B3C1A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Special instruction interceptor: First address: 1D8BDA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Special instruction interceptor: First address: 412DF6 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Code function: 0_2_001DC06C rdtsc

0_2_001DC06C

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe TID: 1824

Thread sleep time: -150000s >= -30000s

Jump to behavior

Source: Tqa1vDp9NT.exe, Tqa1vDp9NT.exe, 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D09000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D09000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Tqa1vDp9NT.exe, 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	File opened: NTICE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	File opened: SICE
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Code function: 0_2_001DC06C rdtsc

0_2_001DC06C

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Code function: 0_2_001BE110 LdrInitializeThunk,

0_2_001BE110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: Tqa1vDp9NT.exe	String found in binary or memory: hummskitnj.buzz
Source: Tqa1vDp9NT.exe	String found in binary or memory: cashfuzysao.buzz
Source: Tqa1vDp9NT.exe	String found in binary or memory: appliacnesot.buzz
Source: Tqa1vDp9NT.exe	String found in binary or memory: screwamusresz.buzz
Source: Tqa1vDp9NT.exe	String found in binary or memory: inherineau.buzz
Source: Tqa1vDp9NT.exe	String found in binary or memory: scentniej.buzz
Source: Tqa1vDp9NT.exe	String found in binary or memory: rebuildeso.buzz
Source: Tqa1vDp9NT.exe	String found in binary or memory: prisonyfork.buzz
Source: Tqa1vDp9NT.exe	String found in binary or memory: mindhandru.buzz

Source: Tqa1vDp9NT.exe, Tqa1vDp9NT.exe, 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: zProgram Manager

Source: C:\Users\user\Desktop\Tqa1vDp9NT.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Tqa1vDp9NT.exe	57%	Virustotal		Browse
Tqa1vDp9NT.exe	58%	ReversingLabs	Win32.Trojan.CryptBot
Tqa1vDp9NT.exe	100%	Avira	TR/Crypt.XPACK.Gen
Tqa1vDp9NT.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://lev-tolstoi.com/piU	100%	Avira URL Cloud	malware
https://cdn.fastly.steamstatic.cF	0%	Avira URL Cloud	safe
https://appliacnesot.buzz:443/apicN	100%	Avira URL Cloud	malware
https://lev-tolstoi.com/pib	100%	Avira URL Cloud	malware
https://store.steamp	0%	Avira URL Cloud	safe
https://lev-tolstoi.com/apiHx	100%	Avira URL Cloud	malware
https://rebuildeso.buzz:443/api9M	100%	Avira URL Cloud	malware
https://scentniej.buzz:443/apiiXM	100%	Avira URL Cloud	malware
https://lev-tolstoi.com/2S	100%	Avira URL Cloud	malware
https://lev-tolstoi.com/22K	100%	Avira URL Cloud	malware
https://help.steampowered.co	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.55.153.106	true	false	high
lev-tolstoi.com	172.67.157.254	true	false	high
cashfuzysao.buzz	unknown	unknown	false	high
scentniej.buzz	unknown	unknown	false	high
inherineau.buzz	unknown	unknown	false	high
prisonyfork.buzz	unknown	unknown	false	high
rebuildeso.buzz	unknown	unknown	false	high
appliacnesot.buzz	unknown	unknown	false	high
hummskitnj.buzz	unknown	unknown	false	high
mindhandru.buzz	unknown	unknown	false	high
screwamusresz.buzz	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
scentniej.buzz	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
rebuildeso.buzz	false	high
appliacnesot.buzz	false	high
screwamusresz.buzz	false	high
cashfuzysao.buzz	false	high
inherineau.buzz	false	high
https://lev-tolstoi.com/api	false	high
hummskitnj.buzz	false	high
mindhandru.buzz	false	high
prisonyfork.buzz	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://player.vimeo.com	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/piU	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/?subsection=broadcasts	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/subscriber_agreement/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/apiHx	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://lev-tolstoi.com/pib	Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://appliacnesot.buzz:443/apicN	Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.valvesoftware.com/legal.htm	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.fastly.steamstatic.cF	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://rebuildeso.buzz:443/api9M	Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi	Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steamp	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.fastly.steamstatic.com/	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steam.tv/	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.co	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/2S	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/	Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/privacy_agreement/	Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com:443/profiles/76561199724331900	Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/points/shop/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://scentniej.buzz:443/apiiXM	Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sketchfab.com	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/inventory/	Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381720106.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com/	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/privacy_agreement/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/recaptcha/	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/about/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/my/wishlist/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/en/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/market/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/news/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/22K	Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://store.steampowered.com/subscriber_agreement/	Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net/recaptcha/;	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/discussions/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/stats/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://medal.tv	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://broadcast.st.dl.eccdnx.com	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/steam_refunds/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a	Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/workshop/	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.steampowered.com/	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/legal/	Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1379757083.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.co	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://recaptcha.net	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://127.0.0.1:27060	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lev-tolstoi.com/piu	Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lev-tolstoi.com:443/api	Tqa1vDp9NT.exe, 00000000.00000003.1379808877.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381773579.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1367114225.0000000000D24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	Tqa1vDp9NT.exe, 00000000.00000003.1380118091.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366926203.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1380535829.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000002.1381961325.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Tqa1vDp9NT.exe, 00000000.00000003.1366995258.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.157.254	lev-tolstoi.com	United States		13335	CLOUDFLARENETUS	false
23.55.153.106	steamcommunity.com	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581616
Start date and time:	2024-12-28 09:54:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Tqa1vDp9NT.exe renamed because original name is a hash value
Original Sample Name:	ab11dfd0b452b30b6248e72154d88e99.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@11/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
03:55:20	API Interceptor	6x Sleep call for process: Tqa1vDp9NT.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.157.254	FfcoO2Giru.exe	Get hash	malicious	LummaC	Browse
	k7T6akLcAr.exe	Get hash	malicious	LummaC	Browse
	hx0wBsOjkQ.exe	Get hash	malicious	LummaC	Browse
	fnnGMmd8eJ.exe	Get hash	malicious	LummaC	Browse
	IzDjbVdHha.exe	Get hash	malicious	LummaC	Browse
	T4qO1i2Jav.exe	Get hash	malicious	LummaC Stealer	Browse
	k0ukcEH.exe	Get hash	malicious	LummaC	Browse
	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse
	MaZjv5XeQi.exe	Get hash	malicious	LummaC	Browse
	jT7sgjdTea.exe	Get hash	malicious	LummaC	Browse
23.55.153.106	2S6U7zz1Jg.exe	Get hash	malicious	LummaC	Browse
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	FfcoO2Giru.exe	Get hash	malicious	LummaC	Browse
	N36e6JFEp6.exe	Get hash	malicious	LummaC	Browse
	k7T6akLcAr.exe	Get hash	malicious	LummaC	Browse
	SPzPNCzcCy.exe	Get hash	malicious	LummaC	Browse
	hx0wBsOjkQ.exe	Get hash	malicious	LummaC	Browse
	MrIOYC1Pns.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
lev-tolstoi.com	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.66.86
	FfcoO2Giru.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	k7T6akLcAr.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	SPzPNCzcCy.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	hx0wBsOjkQ.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	fnnGMmd8eJ.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	Script.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
steamcommunity.com	2S6U7zz1Jg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.55.153.106
	FfcoO2Giru.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	N36e6JFEp6.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k7T6akLcAr.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPzPNCzcCy.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	hx0wBsOjkQ.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	MrIOYC1Pns.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	2S6U7zz1Jg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.55.153.106
	FfcoO2Giru.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	FLKCAS1DzH.bat	Get hash	malicious	Unknown	Browse	23.44.201.12
	N36e6JFEp6.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k7T6akLcAr.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPzPNCzcCy.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	hx0wBsOjkQ.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
CLOUDFLARENETUS	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.66.86
	FfcoO2Giru.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	FLKCAS1DzH.bat	Get hash	malicious	Unknown	Browse	172.64.41.3
	j2nLC29vCy.exe	Get hash	malicious	LummaC	Browse	104.21.2.51
	k7T6akLcAr.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	SPzPNCzcCy.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	es5qBEFupj.exe	Get hash	malicious	LummaC	Browse	172.67.128.184
	vUcZzNWkKc.exe	Get hash	malicious	LummaC	Browse	172.67.128.184

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	2S6U7zz1Jg.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.67.157.254 23.55.153.106
	FfcoO2Giru.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106
	N36e6JFEp6.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106
	j2nLC29vCy.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106
	k7T6akLcAr.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106
	SPzPNCzcCy.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106
	es5qBEFupj.exe	Get hash	malicious	LummaC	Browse	172.67.157.254 23.55.153.106

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949924886251923
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Tqa1vDp9NT.exe
File size:	1'893'376 bytes
MD5:	ab11dfd0b452b30b6248e72154d88e99
SHA1:	3e988553ad12da459fd17d4c7c8859f7324086f4
SHA256:	c2e35ee8349589398250b8fa84c3c00b0ed621fab5fba8196ec7253d009ea952
SHA512:	b2fa03eaf01dd8a93a0c29acd0a59fe814ab5834556a6aa31884adbe49d76c82c5efdfe04cfe5307ce0e81a1b5132491e7e0f41bad5d76868bd4af3162c8ea89
SSDEEP:	49152:sxgucN9OhKo2bFx3eiIG1WsTCBqqHtGsG4jb:2gOgoiXuiInqqwn4X
TLSH:	099533BD3492C231CF5916FBC36B1B19BD360628946CFF69114892B76943240D6B3AEF
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................J...........@...........................K......C....@.................................Y@..m..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x8ad000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F82D8BA99BAh
cmpps xmm3, dqword ptr [eax+eax], 00h
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
inc dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	f975a59517ef9772249c6e8f5cd1b75b	False	0.9995659722222222	data	7.978074904611501	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1ac	0x200	c4249243ceaeb236e3ce8ce2ab2c9a69	False	0.5390625	data	5.249019796122045	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x2b2000	0x200	97f5f71d3721aff51738a5a590147a88	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
uiizzldj	0x307000	0x1a5000	0x1a4400	dcd60abe6e0f9210193530e29184cd18	False	0.9948656398721	data	7.95464780991997	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
orqpgtlg	0x4ac000	0x1000	0x400	03b1f6170550331367787cb7e1887700	False	0.751953125	data	5.951215097395899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4ad000	0x3000	0x2200	bd762aeff406915dce729bd85f3062f3	False	0.0646829044117647	DOS executable (COM)	0.7875555534997489	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-28T09:55:19.539659+0100	2058582	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)	1	192.168.2.10	57428	1.1.1.1	53	UDP
2024-12-28T09:55:19.716566+0100	2058584	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)	1	192.168.2.10	62452	1.1.1.1	53	UDP
2024-12-28T09:55:19.867155+0100	2058586	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)	1	192.168.2.10	58510	1.1.1.1	53	UDP
2024-12-28T09:55:20.029672+0100	2058588	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)	1	192.168.2.10	59468	1.1.1.1	53	UDP
2024-12-28T09:55:20.171588+0100	2058580	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)	1	192.168.2.10	50784	1.1.1.1	53	UDP
2024-12-28T09:55:20.738066+0100	2058590	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)	1	192.168.2.10	62492	1.1.1.1	53	UDP
2024-12-28T09:55:20.881343+0100	2058572	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)	1	192.168.2.10	56876	1.1.1.1	53	UDP
2024-12-28T09:55:21.023757+0100	2058576	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)	1	192.168.2.10	50301	1.1.1.1	53	UDP
2024-12-28T09:55:21.164909+0100	2058578	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)	1	192.168.2.10	49371	1.1.1.1	53	UDP
2024-12-28T09:55:22.898856+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	49705	23.55.153.106	443	TCP
2024-12-28T09:55:23.793081+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.10	49705	23.55.153.106	443	TCP
2024-12-28T09:55:25.615634+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	49716	172.67.157.254	443	TCP
2024-12-28T09:55:26.228281+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.10	49716	172.67.157.254	443	TCP
2024-12-28T09:55:26.228281+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.10	49716	172.67.157.254	443	TCP
2024-12-28T09:55:27.509041+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	49717	172.67.157.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 09:55:21.459994078 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:21.460038900 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:21.460135937 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:21.461654902 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:21.461674929 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:22.898750067 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:22.898855925 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:23.007373095 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:23.007390976 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.007761955 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.054014921 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:23.128005028 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:23.175323009 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.793139935 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.793168068 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.793210030 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.793209076 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:23.793226004 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.793258905 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.793279886 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:23.793292046 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:23.793292046 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:23.793323994 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:24.200112104 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.200125933 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.200159073 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.200222969 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:24.200261116 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.200300932 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:24.200490952 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.200535059 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.200547934 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:24.200556040 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.200597048 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:24.202214956 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:24.202225924 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.202240944 CET	49705	443	192.168.2.10	23.55.153.106
Dec 28, 2024 09:55:24.202245951 CET	443	49705	23.55.153.106	192.168.2.10
Dec 28, 2024 09:55:24.349643946 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:24.349693060 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:24.349775076 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:24.350078106 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:24.350092888 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:25.615540981 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:25.615633965 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:25.634325027 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:25.634346962 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:25.635216951 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:25.636982918 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:25.637008905 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:25.637340069 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:26.228295088 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:26.228379965 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:26.228426933 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:26.228975058 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:26.228992939 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:26.229006052 CET	49716	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:26.229011059 CET	443	49716	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:26.260518074 CET	49717	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:26.260560036 CET	443	49717	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:26.260623932 CET	49717	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:26.260924101 CET	49717	443	192.168.2.10	172.67.157.254
Dec 28, 2024 09:55:26.260932922 CET	443	49717	172.67.157.254	192.168.2.10
Dec 28, 2024 09:55:27.509041071 CET	49717	443	192.168.2.10	172.67.157.254

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 09:55:19.539659023 CET	57428	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:19.679976940 CET	53	57428	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:19.716566086 CET	62452	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:19.856745005 CET	53	62452	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:19.867155075 CET	58510	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:20.006735086 CET	53	58510	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:20.029671907 CET	59468	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:20.169287920 CET	53	59468	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:20.171587944 CET	50784	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:20.735496044 CET	53	50784	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:20.738065958 CET	62492	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:20.877461910 CET	53	62492	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:20.881342888 CET	56876	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:21.020433903 CET	53	56876	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:21.023756981 CET	50301	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:21.163115025 CET	53	50301	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:21.164908886 CET	49371	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:21.304125071 CET	53	49371	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:21.307988882 CET	53117	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:21.449194908 CET	53	53117	1.1.1.1	192.168.2.10
Dec 28, 2024 09:55:24.207920074 CET	52846	53	192.168.2.10	1.1.1.1
Dec 28, 2024 09:55:24.348932028 CET	53	52846	1.1.1.1	192.168.2.10

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 28, 2024 09:55:19.539659023 CET	192.168.2.10	1.1.1.1	0x853	Standard query (0)	mindhandru.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:19.716566086 CET	192.168.2.10	1.1.1.1	0xd328	Standard query (0)	prisonyfork.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:19.867155075 CET	192.168.2.10	1.1.1.1	0xa1f0	Standard query (0)	rebuildeso.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:20.029671907 CET	192.168.2.10	1.1.1.1	0x38a1	Standard query (0)	scentniej.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:20.171587944 CET	192.168.2.10	1.1.1.1	0x77dd	Standard query (0)	inherineau.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:20.738065958 CET	192.168.2.10	1.1.1.1	0xd2d2	Standard query (0)	screwamusresz.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:20.881342888 CET	192.168.2.10	1.1.1.1	0x85d9	Standard query (0)	appliacnesot.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:21.023756981 CET	192.168.2.10	1.1.1.1	0x8d27	Standard query (0)	cashfuzysao.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:21.164908886 CET	192.168.2.10	1.1.1.1	0x4dee	Standard query (0)	hummskitnj.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:21.307988882 CET	192.168.2.10	1.1.1.1	0x51e4	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:24.207920074 CET	192.168.2.10	1.1.1.1	0xe01d	Standard query (0)	lev-tolstoi.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 28, 2024 09:55:19.679976940 CET	1.1.1.1	192.168.2.10	0x853	Name error (3)	mindhandru.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:19.856745005 CET	1.1.1.1	192.168.2.10	0xd328	Name error (3)	prisonyfork.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:20.006735086 CET	1.1.1.1	192.168.2.10	0xa1f0	Name error (3)	rebuildeso.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:20.169287920 CET	1.1.1.1	192.168.2.10	0x38a1	Name error (3)	scentniej.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:20.735496044 CET	1.1.1.1	192.168.2.10	0x77dd	Name error (3)	inherineau.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:20.877461910 CET	1.1.1.1	192.168.2.10	0xd2d2	Name error (3)	screwamusresz.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:21.020433903 CET	1.1.1.1	192.168.2.10	0x85d9	Name error (3)	appliacnesot.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:21.163115025 CET	1.1.1.1	192.168.2.10	0x8d27	Name error (3)	cashfuzysao.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:21.304125071 CET	1.1.1.1	192.168.2.10	0x4dee	Name error (3)	hummskitnj.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:21.449194908 CET	1.1.1.1	192.168.2.10	0x51e4	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:24.348932028 CET	1.1.1.1	192.168.2.10	0xe01d	No error (0)	lev-tolstoi.com		172.67.157.254	A (IP address)	IN (0x0001)	false
Dec 28, 2024 09:55:24.348932028 CET	1.1.1.1	192.168.2.10	0xe01d	No error (0)	lev-tolstoi.com		104.21.66.86	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

lev-tolstoi.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49705	23.55.153.106	443	7240	C:\Users\user\Desktop\Tqa1vDp9NT.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 08:55:23 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-28 08:55:23 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 28 Dec 2024 08:55:23 GMT Content-Length: 35121 Connection: close Set-Cookie: sessionid=1577522815bec52112d52f76; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-28 08:55:23 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-28 08:55:24 UTC	10097	IN	Data Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09 Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
2024-12-28 08:55:24 UTC	10545	IN	Data Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 Data Ascii: NIVERSE":"public","LANGUAGE":"english","COUNTRY":"US","MEDIA_CDN_COMMUNITY_URL":"https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/","MEDIA_CDN_URL":"htt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49716	172.67.157.254	443	7240	C:\Users\user\Desktop\Tqa1vDp9NT.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 08:55:25 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: lev-tolstoi.com
2024-12-28 08:55:25 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-28 08:55:26 UTC	1125	IN	HTTP/1.1 200 OK Date: Sat, 28 Dec 2024 08:55:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7af9dckgvtr8o4iutck0m8eqqf; expires=Wed, 23 Apr 2025 02:42:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BJ8XY16Q%2Boj9A6zK1GJjFvYWMOPHlGrLpeP4%2BrL9zCTdzVKGP6nUmnnBn1nFm43xVGgSqRDo9SmXPcUeorHVdoEpMphf%2FXjLb7vDYvgrZVluIz6C9FwaHffktSuG%2B8zwKVA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f9054d2c96e8c2f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2072&min_rtt=2068&rtt_var=784&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1387832&cwnd=228&unsent_bytes=0&cid=6e942d45328734b0&ts=626&x=0"
2024-12-28 08:55:26 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-28 08:55:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	03:55:17
Start date:	28/12/2024
Path:	C:\Users\user\Desktop\Tqa1vDp9NT.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Tqa1vDp9NT.exe"
Imagebase:	0x180000
File size:	1'893'376 bytes
MD5 hash:	AB11DFD0B452B30B6248E72154D88E99
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	24.3%
Total number of Nodes:	70
Total number of Limit Nodes:	4

Executed Functions

Function 0018B100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

S%U', xrefs: 0018B203
D!M#, xrefs: 0018B1F9
(Y6[, xrefs: 0018B285
hI2K, xrefs: 0018B25D
zMzO, xrefs: 0018B267
.AtC, xrefs: 0018B249
Ym]o, xrefs: 0018B2B7
XyR{, xrefs: 0018B2D5
pE}G, xrefs: 0018B253
yQrS, xrefs: 0018B271
Gq\s, xrefs: 0018B2C1
Gu@w, xrefs: 0018B2CB
9]_, xrefs: 0018B28F
k=W?, xrefs: 0018B23F
b6j4, xrefs: 0018B57D

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: cbf6bb36e135da879d6e24fbd1005eb10293c781575f77898390d219387a80f0
Instruction ID: 1da1fd0b4231fc6b7fc5d61905b5bb1351c31afba93a944136af1e9b1c99bf84
Opcode Fuzzy Hash: cbf6bb36e135da879d6e24fbd1005eb10293c781575f77898390d219387a80f0
Instruction Fuzzy Hash: 280245B1204B05CFD324CF25D891BABBBE1FB49314F508A2CD5AA8BAA0D775E485CF50

Function 00188600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00188A4B

Part of subcall function 0018B7B0: FreeLibrary.KERNEL32(00188A31), ref: 0018B7B6
Part of subcall function 0018B7B0: FreeLibrary.KERNEL32 ref: 0018B7D7

Strings

b]u), xrefs: 00188877
}, xrefs: 0018890C
}, xrefs: 00188913

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: d2641d31e07413a336749e9012b6158fb8eecd38ba3750700a255c2ea344e4ac
Instruction ID: 5addfd91bf9dba87c250591bde2e7a273251c955b59ba511b2fb2c2bd7440da6
Opcode Fuzzy Hash: d2641d31e07413a336749e9012b6158fb8eecd38ba3750700a255c2ea344e4ac
Instruction Fuzzy Hash: 60C1F673E187144BC718EF69C84125AF7D6ABC8710F1AC52DA898EB391EB74DD048BC6

Function 001BE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(001C148A,?,00000018,?,?,00000018,?,?,?), ref: 001BE13E

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 001C1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=<32, xrefs: 001C176D

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: d1e98dbddd995898c61e6d2095d667b29f66b2909c4264dc59a5bd9a776492eb
Instruction ID: 8597d193d66111f4333e7a39313029eabb86b9971da512fe9d2dc43fded0c15d
Opcode Fuzzy Hash: d1e98dbddd995898c61e6d2095d667b29f66b2909c4264dc59a5bd9a776492eb
Instruction Fuzzy Hash: AB318A346883087FE7148A54DC91F7BB7A5EF96314F18852CF681572D2D730DC909782

Function 00188A50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction ID: 89b3357a20e4c070528e4e32537d48191ec7f20e112edff54e12dea8cad02bf1
Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction Fuzzy Hash: 6321B337A627184BD3108E54DCC87917761E7D9328F3E86B889249F3D2C97BA91386C0

Function 00189D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00189D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00189E78

Strings

CK!, xrefs: 00189E85

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: LibraryLoad
String ID: CK!
API String ID: 1029625771-3531172891
Opcode ID: 05359572409d1ef8a7ce5f2e92f7ef1acf94a9cdce0c5aa9ca63f1080b9e1fbf
Instruction ID: 1c288d945c5ad9e1a54cfb5027afb366454ba3861914b0708cebcb96954af933
Opcode Fuzzy Hash: 05359572409d1ef8a7ce5f2e92f7ef1acf94a9cdce0c5aa9ca63f1080b9e1fbf
Instruction Fuzzy Hash: 754110B4D003409FE715AF7899D2A9A7F71FB06324F50529CE4902F3A6C731980ACBE2

Function 0018EF53 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0018F09D

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 343f0faf2776a434afcc642a30bb30ae1e5c8f616d44edb3f3bb02ccd70a1c71
Instruction ID: fae0ea3ec8488cb5211b75e6cecea78702b622e19ee844b7e5713418665547b9
Opcode Fuzzy Hash: 343f0faf2776a434afcc642a30bb30ae1e5c8f616d44edb3f3bb02ccd70a1c71
Instruction Fuzzy Hash: 3D41D8B4810B40AFD370EF3D994B7137EB8AB05250F504B1EF9EA866D4E231A4198BD7

Function 001BE0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 001BE0E0

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: db8100407f2576391e0618882d9c173f89f34a91afb6504de07ad2d1ee06ad1e
Instruction ID: 7de26af5d6657f1c2555347cfe42fe2f28cf105ea0a57d90488bfd095650bf7b
Opcode Fuzzy Hash: db8100407f2576391e0618882d9c173f89f34a91afb6504de07ad2d1ee06ad1e
Instruction Fuzzy Hash: BBF0A032A14212EBD2102F28BD09A973AA4AFE2720F060479F40057124DB34E85685E1

Function 0018EC77 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0018ECA2

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 6c6ba6e37950990322708a651aaac458d2579f6d0a79bd444a8be236afe0f216
Instruction ID: 679da5f514676c308061f9b02c9467f269e8e0c854e04dd88c8691500c254dee
Opcode Fuzzy Hash: 6c6ba6e37950990322708a651aaac458d2579f6d0a79bd444a8be236afe0f216
Instruction Fuzzy Hash: 77E092343EA7427AF6B986149C63F6565179B42F25F306308BB213E7D5CAD0B581400D

Function 00189EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00189ED2

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: bde81242a0256ba7d86ad0b273aa838728544a8277e2c2852425884b49299cfd
Instruction ID: d26f0a9601a450a254791694631a5def348e2d6a805f5ea99ff0a255b3d9cc0e
Opcode Fuzzy Hash: bde81242a0256ba7d86ad0b273aa838728544a8277e2c2852425884b49299cfd
Instruction Fuzzy Hash: 56E02B336406029BD700DB34EC57E993757EB653467069428E205C1572EB72F491DA10

Function 001BC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,001BE0F9), ref: 001BC590

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 9f4f5c0442b3d359c1f59b45615eb1002f8777a5fca526fee13d41b34a39a32f
Instruction ID: 4388c3afd5899fd5598abade48ad75a959211a19b5c69d186a6459a2601b9bcb
Opcode Fuzzy Hash: 9f4f5c0442b3d359c1f59b45615eb1002f8777a5fca526fee13d41b34a39a32f
Instruction Fuzzy Hash: EFD0C932416232EBC6102F28BC05BC73B54DF59320F074891F4546A4B4C724ECD1CAD1

Function 001BC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 001BC561

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8454fed2489df7499c9cf3dbf12c594fd012e4579b75940f04db259f4eb2aa36
Instruction ID: 358f7633b215f47f3ce51c2467a5443ae7befbb74bd803dc63424241c4513f0f
Opcode Fuzzy Hash: 8454fed2489df7499c9cf3dbf12c594fd012e4579b75940f04db259f4eb2aa36
Instruction Fuzzy Hash: 3CA011300822008ACA022B20BC08B803B20AB28220F020082E000080B28230C8828A80

Function 0018DDBB Relevance: 1.3, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 0018DDC3

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: 060a8e695bb239a1ec084d02497c9a57e1152c37aff61cc339cc7c6dd20ca7ed
Instruction ID: 140a219587855446036d1d67373a1be81b5e53d38312da386c287f6318fb9860
Opcode Fuzzy Hash: 060a8e695bb239a1ec084d02497c9a57e1152c37aff61cc339cc7c6dd20ca7ed
Instruction Fuzzy Hash: 80C0807525C00057C30CB330DD22837774B4FA72443146919840782707D770F6968F45

Non-executed Functions

Function 001A42D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 001A43AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 001A443E

Strings

%r?p, xrefs: 001A595F
|r, xrefs: 001A53A8
13, xrefs: 001A5BFC
=:, xrefs: 001A57CE
N~4|, xrefs: 001A593E
+$e, xrefs: 001A43FA, 001A442B
ut, xrefs: 001A5CE3
r:i8, xrefs: 001A5899
DD, xrefs: 001A5CEE
Xs, xrefs: 001A5CD8
e>n<, xrefs: 001A588E
y{, xrefs: 001A5B36
tj, xrefs: 001A53BE
+$e, xrefs: 001A4365, 001A437A
uw, xrefs: 001A5B57
n l, xrefs: 001A596A
b`, xrefs: 001A55F9
=?, xrefs: 001A5BF1
gd, xrefs: 001A5E60
<j:h, xrefs: 001A5975

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1429676654
Opcode ID: f3d674ad33941913889442ee98a6503cccdba7d4069e2abc344c53ec9fb14c37
Instruction ID: 4a805eff8ef8f5e198d1e7f62deeedbe791a6c15ce640010d47ac3bcaf039024
Opcode Fuzzy Hash: f3d674ad33941913889442ee98a6503cccdba7d4069e2abc344c53ec9fb14c37
Instruction Fuzzy Hash: BBC20CB560C3848AD334CF14C452BDFBAF2FB82300F00892DD5E96B655D7B5864A8B9B

Function 001A4560 Relevance: 36.1, APIs: 1, Strings: 19, Instructions: 1081COMMON

Download Yara Rule

Strings

%r?p, xrefs: 001A595F
|r, xrefs: 001A53A8
13, xrefs: 001A5BFC
=:, xrefs: 001A57CE
N~4|, xrefs: 001A593E
+$e, xrefs: 001A442B
ut, xrefs: 001A5CE3
r:i8, xrefs: 001A5899
DD, xrefs: 001A5CEE
Xs, xrefs: 001A5CD8
e>n<, xrefs: 001A588E
y{, xrefs: 001A5B36
tj, xrefs: 001A53BE
uw, xrefs: 001A5B57
n l, xrefs: 001A596A
b`, xrefs: 001A55F9
=?, xrefs: 001A5BF1
gd, xrefs: 001A5E60
<j:h, xrefs: 001A5975

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-3233044194
Opcode ID: 96ac520a779b19b769ee384705149e75bd66dc08ca3d4f5e2fca22463f3d2347
Instruction ID: 84a9e55cfa14adf1e7b288380e0b61a2a837a72045545bee13accf0e6b8ecf8a
Opcode Fuzzy Hash: 96ac520a779b19b769ee384705149e75bd66dc08ca3d4f5e2fca22463f3d2347
Instruction Fuzzy Hash: E8C21DB560C3848AD334CF54C852BDFBAF2FB82300F00892DD5E96B655D7B586498B9B

Function 001960E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

JyTK, xrefs: 00196160
*,-", xrefs: 001966EF
{zdy, xrefs: 0019611D
L4, xrefs: 00196BA0
3F&D, xrefs: 00196273
qRb`, xrefs: 00196133
ntxE, xrefs: 00196112
~mfQ, xrefs: 0019613E
L4, xrefs: 00196780
uqrs, xrefs: 00196AF0
t~v:, xrefs: 001961E7
pt}w, xrefs: 001961F2
w}MI, xrefs: 00196128

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: f19e23593b03b91688d9934e6751a1441d62254d997f3e61473c8aa8c2fe76f4
Instruction ID: 54cc85db0965f812054b80e498b1215c12187f246948573ebe2d73ed96a4d1e7
Opcode Fuzzy Hash: f19e23593b03b91688d9934e6751a1441d62254d997f3e61473c8aa8c2fe76f4
Instruction Fuzzy Hash: 3E4223B26083508FCB258F28D8917ABB7E2FFD5314F19893CD4D98B256DB349845CB92

Function 0019747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 001975C5

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 060b38f2a2a1017a9c3161f266c8e050b00b651310ba31ed947d57b80aa2b1de
Instruction ID: 0faf633e594e12aa9c95ec6051811da5b53b107a1bf8486c1e9b4f6b959c6ac3
Opcode Fuzzy Hash: 060b38f2a2a1017a9c3161f266c8e050b00b651310ba31ed947d57b80aa2b1de
Instruction Fuzzy Hash: B582477151C3518BCB24CF28C8917ABBBE1FFD9324F198A6CE8D5972A5E7349805CB42

Function 001A81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 001A84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 001A85B4

Strings

LF7Y, xrefs: 001A8951
_^]\, xrefs: 001A8A15

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 782b1f859de1b3af0cb2515bb8e43924dc6e5d9fb563491dfa04f1d8e9e6f08b
Instruction ID: 1cddf22bf115b550a4252e3e4dae64984f4a2d65c3ad887596db5be9bf1f60b8
Opcode Fuzzy Hash: 782b1f859de1b3af0cb2515bb8e43924dc6e5d9fb563491dfa04f1d8e9e6f08b
Instruction Fuzzy Hash: 38220175908341CFD3249F29D880B2FBBE1FF8A310F194A6CE999572A1D771DA41CB92

Function 001A83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 001A84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 001A85B4

Strings

LF7Y, xrefs: 001A8951
_^]\, xrefs: 001A8A15

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: db8b9a6560325e0f0f757e135d91d7ab3d30a3a6e906cb5a7d9f78eb42df650b
Instruction ID: 077e86af8b3df099aad1998d5ee9cc939556ad784e50ba16e768d42e97864e37
Opcode Fuzzy Hash: db8b9a6560325e0f0f757e135d91d7ab3d30a3a6e906cb5a7d9f78eb42df650b
Instruction Fuzzy Hash: A9120175908341CFD3248F29D880B2FBBE1FF8A310F194A6CE999572A1D771DA41CB52

Function 003570AB Relevance: 6.6, Strings: 4, Instructions: 1605COMMON

Download Yara Rule

Strings

AQ}{, xrefs: 003583DB
AQ}{, xrefs: 0035837E
i{P5, xrefs: 00357D6A
M%m=, xrefs: 00357CA2

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: AQ}{$AQ}{$M%m=$i{P5
API String ID: 0-3915841909
Opcode ID: e175a0923ce701d07a6118045ee3fcf7965b4b52606d3e727051daf0385aec1b
Instruction ID: cf2fe5d216ad27e625dfed0d04c5773616649044c0dba7f273e47d6e54f3e47c
Opcode Fuzzy Hash: e175a0923ce701d07a6118045ee3fcf7965b4b52606d3e727051daf0385aec1b
Instruction Fuzzy Hash: 82B209F3A0C2149FE3046E2DEC8577ABBE5EF94720F1A493DEAC4C3744EA3558058696

Function 001A24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

"_,Y, xrefs: 001A2530
.[TU, xrefs: 001A2538
=K0E, xrefs: 001A2544
;GsA, xrefs: 001A2520
pCj], xrefs: 001A2528

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: 012a7d38d7be9314a57ad063d93c11a10e556aa16ac52c6c5aebb1d1682ac33d
Instruction ID: 57a590af7ca198cbff26f9a152954e17e6980322d14a7d52acb4ee44b7c221df
Opcode Fuzzy Hash: 012a7d38d7be9314a57ad063d93c11a10e556aa16ac52c6c5aebb1d1682ac33d
Instruction Fuzzy Hash: 2A9126B5A083009BC714DF68C891BA7B7F5EF96314F15842CF9898B392E374DA06CB52

Function 00198169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

7, xrefs: 00198419
SP, xrefs: 00198396
^`/4, xrefs: 001981E1
gfff, xrefs: 00198458
2h?n, xrefs: 001983A0

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: b7df43cd30311d64d3e5819cf23656c1001b0d4efb45c45aa2b98c9ad9b42aef
Instruction ID: 63b67279ad8e8bf046e9aa438f33bdb0fc23828ac3e1bdb227290bd1dc04ae4d
Opcode Fuzzy Hash: b7df43cd30311d64d3e5819cf23656c1001b0d4efb45c45aa2b98c9ad9b42aef
Instruction Fuzzy Hash: 30A11572A143508BD714CF28D8527AFB7E2FBC5318F598A3DD485D7291EB38C9468B82

Function 001A90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 001A9170

Strings

M/(, xrefs: 001A913D
M/(, xrefs: 001A919E

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: ab13d1cebb76013d104a7437473db55a1994fbd9e6f81c040d42331dc35d547a
Instruction ID: 0b460284b6743673a3fe65e2af77ac2abe2c80067a4b3f8e59d864aff4f98aad
Opcode Fuzzy Hash: ab13d1cebb76013d104a7437473db55a1994fbd9e6f81c040d42331dc35d547a
Instruction Fuzzy Hash: 7F21437164C3215FE710CE349881B9FBBAAEBC2700F01892CE0D1DB1C5D674884B8752

Function 001AA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

i, xrefs: 001AA5CD
i, xrefs: 001AA527
VN, xrefs: 001AA5C6
VN, xrefs: 001AA520

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: VN$VN$i$i
API String ID: 0-1885346908
Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction ID: 2421382532fe4812352ddfc807ce803f8d5c2758ee33f490ee344b3babdc484d
Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction Fuzzy Hash: 3D21C6255483818AD3058E6580402A6BBE3AFC7718F69465ED1F15B391E737C909875B

Function 003010B1 Relevance: 4.3, Strings: 3, Instructions: 525COMMON

Download Yara Rule

Strings

gG;w, xrefs: 0030171F
z]g, xrefs: 003017D1
'M}, xrefs: 003017A9

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: 'M}$gG;w$z]g
API String ID: 0-1289135306
Opcode ID: 3f90791af5fa403a3decbf1071ccc6c07d75c2b25cf265e32a92ff46d3af1605
Instruction ID: 6ceecb562d2eafb1353cfc934efe779fb5001eed710b2c0cb99a911aaa9b11a9
Opcode Fuzzy Hash: 3f90791af5fa403a3decbf1071ccc6c07d75c2b25cf265e32a92ff46d3af1605
Instruction Fuzzy Hash: A102C0F3F156144BF3548D39DC88366B6D2EBD4320F2B823D9A98973C4E97E9C058281

Function 001AA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

_^]\, xrefs: 001AA49C, 001AA188
<\hX, xrefs: 001AA236
.txt, xrefs: 001AA371

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 2b77ea27a214b2fb8aacf2e3e0f41f9e4ee084b01e772089d642559ac0fbbd18
Instruction ID: 25a83312ddc7050fb50c749111515c5f686bd219c75743ffe44d0431569e506b
Opcode Fuzzy Hash: 2b77ea27a214b2fb8aacf2e3e0f41f9e4ee084b01e772089d642559ac0fbbd18
Instruction Fuzzy Hash: D0C1227450C342DFD7089F28D881A7ABBE2AF96310F588A6CF0A5472E2D735D985CF12

Function 0019D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 0019D4DD
bh, xrefs: 0019D4D6

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 906ca4520812ce59d9986137b13f180b2cdc1780d524b294472433225134d9d9
Instruction ID: 9a6b5f35b3b9b1f05a64625ec15b125eb54b8bf2a0668b672ceeae646f5fb722
Opcode Fuzzy Hash: 906ca4520812ce59d9986137b13f180b2cdc1780d524b294472433225134d9d9
Instruction Fuzzy Hash: FF325AB1901711CBCB24CF29C8926BBB7B1FFA5310F19825DD8969F3A4E734A941CB91

Function 00184270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 001842EB
IEND, xrefs: 00184661

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 0e11c9c5d0ef2df14012b9a8b07ba3dc0b836b67ffa4cfabb2a228ac5ad74c73
Instruction ID: 39bd4fce8784527f8a19636e9766ee775d6e1ede4eccced73cd3a0b009f1c78a
Opcode Fuzzy Hash: 0e11c9c5d0ef2df14012b9a8b07ba3dc0b836b67ffa4cfabb2a228ac5ad74c73
Instruction Fuzzy Hash: F3D1BE715083459FD720EF14D841B5ABBE0AF94304F24492DF9A99B382E775EA08CF82

Function 0025C4C0 Relevance: 2.7, Strings: 2, Instructions: 238COMMON

Download Yara Rule

Strings

h_r9, xrefs: 0025C4C0
h_r9, xrefs: 0025C4C5

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: h_r9$h_r9
API String ID: 0-973729222
Opcode ID: ea9529a3e5416cc0bc2aa3259e26289bb22d4634d49e6353f7b37ce2ecdc7c6a
Instruction ID: c0ef137f0af82fb799e59dc724ddc583b9f54c5097e51448aa4bb7a485008782
Opcode Fuzzy Hash: ea9529a3e5416cc0bc2aa3259e26289bb22d4634d49e6353f7b37ce2ecdc7c6a
Instruction Fuzzy Hash: 438168F7F1062647F3944938DC5836262929BE5324F2F82388F9C6BBC5D97E5D0A9384

Function 001AE180 Relevance: 2.0, Strings: 1, Instructions: 710COMMON

Download Yara Rule

Strings

, xrefs: 001AE191, 001AE4F2, 001AE54F, 001AE580, 001AE5B1, 001AE5F8, 001AE63F, 001AE69C, 001AE6E3, 001AE756, 001AE79D, 001AE7B8, 001AE7FF, 001AE81A, 001AE877, 001AE8A8, 001AE8C3, 001AE920, 001AE94B, 001AE992, 001AE9C3, 001AE9DE, 001AEA25, 001AEA40, 001AEA71, 001AEAB8, 001AEAD3, 001AEAEE, 001AEB09, 001AEB24, 001AEB3F, 001AEB5A, 001AEB75, 001AEB90, 001AEBAB, 001AEBC6, 001AEBE1, 001AEBFC, 001AEC17, 001AEC32, 001AEC4D, 001AEC68, 001AEC83, 001AEC9E

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID: 0-2740779761
Opcode ID: 4701c7423eed627ca1b22f93528842e416173cab40a7097339d5d309f2998940
Instruction ID: 5d8247fe75b427a748a8b50eb2e5a7b8352d72a12136020e7324724ac73139a7
Opcode Fuzzy Hash: 4701c7423eed627ca1b22f93528842e416173cab40a7097339d5d309f2998940
Instruction Fuzzy Hash: 9C62E2F1511B019FC3A0CF29C981B93BFE9AB99314F15491EE1AED7351CBB0A5418FA2

Function 0024212C Relevance: 1.8, Strings: 1, Instructions: 574COMMON

Download Yara Rule

Strings

"R-w, xrefs: 002428E8

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: "R-w
API String ID: 0-2852977671
Opcode ID: 093a2db80be0a96e824728354ff17ea7757d94a2f4f8289b0e1916b47f11d6d5
Instruction ID: fd86fe1c7e18cc9e0b5bb40fcdf78d211f1b1609309c7fe01645c34fd5506542
Opcode Fuzzy Hash: 093a2db80be0a96e824728354ff17ea7757d94a2f4f8289b0e1916b47f11d6d5
Instruction Fuzzy Hash: EF12CEF3F156204BF3449D69DC84366BAD2EB94320F2F863C9A88A77C5D97D8C068785

Function 001F810D Relevance: 1.8, Strings: 1, Instructions: 564COMMON

Download Yara Rule

Strings

_e?~, xrefs: 001F8880

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: _e?~
API String ID: 0-324386596
Opcode ID: bf875d458119b54fd60e1151d4434413f801a026dac656b51bc1f4a7a503c86e
Instruction ID: 2e4dc07aab630f96f2f0fc65e782c517f6e194956b9dbd1168afa42052abcba6
Opcode Fuzzy Hash: bf875d458119b54fd60e1151d4434413f801a026dac656b51bc1f4a7a503c86e
Instruction Fuzzy Hash: 7902AEF3E152204BF3545D29DC94366B693EBD4324F2F823D8E98A77C8D97E5C0A8285

Function 002B4091 Relevance: 1.8, Strings: 1, Instructions: 553COMMON

Download Yara Rule

Strings

6|o1, xrefs: 002B41C9

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: 6|o1
API String ID: 0-441753095
Opcode ID: 229c5d336b1ef90ef7f34039b13e354d34b47fc7bc4e35a66f66f5e63db69f18
Instruction ID: d4f8791d062530a1a231bae3f995f77fd057c6d254b5bcbb485fa827ca4131a5
Opcode Fuzzy Hash: 229c5d336b1ef90ef7f34039b13e354d34b47fc7bc4e35a66f66f5e63db69f18
Instruction Fuzzy Hash: 6502B0B3F156204BF3444D29DC98366B6D2EBD4320F2F863C9A889B7C9D97D9D0A4385

Function 002BE274 Relevance: 1.8, Strings: 1, Instructions: 519COMMON

Download Yara Rule

Strings

qC?, xrefs: 002BE848

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: qC?
API String ID: 0-3388754133
Opcode ID: 1093528c108ed7b088df0fdadac3e0fdd782e4063ccad35e2e659c7ac5e0693f
Instruction ID: 81cc2bd4143076d46ef6743a374611faf55ab389866bbf00d89e45d6d2de84ff
Opcode Fuzzy Hash: 1093528c108ed7b088df0fdadac3e0fdd782e4063ccad35e2e659c7ac5e0693f
Instruction Fuzzy Hash: 8302D3F3F116104BF3444E39CC98366BA92EBD4310F2B813C9A89977C9E97E9D058385

Function 0020822E Relevance: 1.8, Strings: 1, Instructions: 516COMMON

Download Yara Rule

Strings

Qb/?, xrefs: 0020870C

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: Qb/?
API String ID: 0-3185360325
Opcode ID: 80261189871019b02e05d9e144c7f9ac17247b4c8cfe10660e24e36061ec972f
Instruction ID: 5afc70f6d7135b3be8feaf2ff82352ad784a83c1e98884fe5925ffac0dfb4b4b
Opcode Fuzzy Hash: 80261189871019b02e05d9e144c7f9ac17247b4c8cfe10660e24e36061ec972f
Instruction Fuzzy Hash: 3CF1CFB3F116248BF3544D39CC48366B6D6EBD5320F2B823D8A989B7C8ED7D58098385

Function 0028D039 Relevance: 1.8, Strings: 1, Instructions: 507COMMON

Download Yara Rule

Strings

_N\, xrefs: 0028D4C1

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: _N\
API String ID: 0-3631339712
Opcode ID: 8ade014863a1733b9f80a92dc4235e585cb1574a5f8ab522114f5efeee8e6c00
Instruction ID: 26d940909b02a0993e86c237826efe20fbb99071e205956f3ef83d50cafd8b77
Opcode Fuzzy Hash: 8ade014863a1733b9f80a92dc4235e585cb1574a5f8ab522114f5efeee8e6c00
Instruction Fuzzy Hash: F002A1F7F016108BF3445E29DC94366B692DBD5320F2B823D9B989B7C9D93E5C0A8385

Function 002FC43D Relevance: 1.8, Strings: 1, Instructions: 506COMMON

Download Yara Rule

Strings

I<, xrefs: 002FCA22

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: I<
API String ID: 0-608348495
Opcode ID: 9aa7e7b05509f510964e44f5fe19e21101610de2c662896db26878a347630139
Instruction ID: 6128ab13064b5517b7f47b79f2aebbe3cf56e2880cfd08a5d17d8e92bd7ce0a8
Opcode Fuzzy Hash: 9aa7e7b05509f510964e44f5fe19e21101610de2c662896db26878a347630139
Instruction Fuzzy Hash: B8F1BEF3F142214BF3085938DD9836676929BD4320F2B82399F99ABBC4EC7D5C0A4285

Function 001AD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 001AD2A4

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: bf440ab735c3bf175128e8ad101406d1409c2328ace67ccfb1f30c071140da62
Instruction ID: 860f528529cc0bba415a945f841db544f314039650fa5c9274fe9327c87efbc7
Opcode Fuzzy Hash: bf440ab735c3bf175128e8ad101406d1409c2328ace67ccfb1f30c071140da62
Instruction Fuzzy Hash: DD41E1742047818BE3158B38D9A0B62BFE1EF57314F28868CE5E64B7A3D725D84ACB51

Function 001AD34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

><+, xrefs: 001AD353

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: ><+
API String ID: 0-2918635699
Opcode ID: 1c49ad14b078df235043f83caece7eb4ed23e442940e0b1a634a74d5050a0e75
Instruction ID: c14323301c02440de4e25503e358566f30cce19611fa1befa8953826d93d049f
Opcode Fuzzy Hash: 1c49ad14b078df235043f83caece7eb4ed23e442940e0b1a634a74d5050a0e75
Instruction Fuzzy Hash: 71C1D175604B418FD729CF2AD490762FBE2BF9A310F29859DC4DA8BB52C735E806CB50

Function 001AB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 001AB458

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction ID: 81e8f9459b8c8ec6f3e8e5e10a484d47221dde5a0fc5bf2c1477b9c346503586
Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction Fuzzy Hash: 48C108BAA0C3845FD7258E24C4D076BB7D5AF96310F19892DE8968B383E734ED44C792

Function 002780E1 Relevance: 1.6, Strings: 1, Instructions: 377COMMON

Download Yara Rule

Strings

&(LS, xrefs: 00278335

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: &(LS
API String ID: 0-1022179553
Opcode ID: 4d57105fd084456e9010a649e7f6720f1f5a9d12577269bb4dbf2c94219de05c
Instruction ID: ee39ce690110e65bdbf19a6837903d807e97a27aee618ab43e7243044393bb6e
Opcode Fuzzy Hash: 4d57105fd084456e9010a649e7f6720f1f5a9d12577269bb4dbf2c94219de05c
Instruction Fuzzy Hash: 0FC11FB3F102244BE3445E29DC94376B396EBE5320F2F853D9A8887384E97D6D098786

Function 0021618C Relevance: 1.6, Strings: 1, Instructions: 374COMMON

Download Yara Rule

Strings

g, xrefs: 002162D8

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: g
API String ID: 0-30677878
Opcode ID: 207d09d06198579ff05518efc319f654c5212a05fced3961fd86338be2820cf2
Instruction ID: 1f54271c80185fddf67a1e0d84ad8e48021f0ae4468344c4e2e8449bef831ac9
Opcode Fuzzy Hash: 207d09d06198579ff05518efc319f654c5212a05fced3961fd86338be2820cf2
Instruction Fuzzy Hash: CDD1B2B3F206254BF3544939DD983A26583DBD1324F2F82788E5CABBC9D87E5D0A5384

Function 002004AF Relevance: 1.6, Strings: 1, Instructions: 300COMMON

Download Yara Rule

Strings

<, xrefs: 002006CF

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 1e49d30226d5a5185e581fa3e116fc6f1e1758f15533234795be7c3512317222
Instruction ID: 562f63cddd5ea89afb1ae48a9523fefd6d08c60faed2b605db1b666c4f73a254
Opcode Fuzzy Hash: 1e49d30226d5a5185e581fa3e116fc6f1e1758f15533234795be7c3512317222
Instruction Fuzzy Hash: 1FA18FB3F205254BF3544D39CC983A26683DB95314F2F82788E99AB7C5DC7EAD0A5384

Function 0024505C Relevance: 1.5, Strings: 1, Instructions: 289COMMON

Download Yara Rule

Strings

9[, xrefs: 0024534F

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: 9[
API String ID: 0-3572859238
Opcode ID: 02233514a7379c510e21331f28fe606e6c54351b68cdc77f23881aa8e127cbd2
Instruction ID: 5b68646a9a10ec08207c547c1e85bf30736d1cef80a32a549ca932a84c1d6519
Opcode Fuzzy Hash: 02233514a7379c510e21331f28fe606e6c54351b68cdc77f23881aa8e127cbd2
Instruction Fuzzy Hash: 10A19BF3F606254BF3444D38DC983662683DBA5314F2E82388F599B7CAD9BE9D0A5344

Function 00250468 Relevance: 1.5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

Strings

U$1?, xrefs: 0025047E

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: U$1?
API String ID: 0-2464736319
Opcode ID: e0701f0768f26e149585502398fe3c38735e4d1875489e3c79a34d8edd971539
Instruction ID: 145b642d169a980dbd17043634b13d6db694267561611458fce23e80df4ce08c
Opcode Fuzzy Hash: e0701f0768f26e149585502398fe3c38735e4d1875489e3c79a34d8edd971539
Instruction Fuzzy Hash: CBA18CB3F516254BF3944D28DC983A26283DBD5324F2F81788E4CAB7C5E87E9D0A5784

Function 001A7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 001A7465

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 2db634d7245d7717299cb6c81dfdef90de020d7eb499460c3dc3907e0ebce5ee
Instruction ID: 6505b955964cdbc6fb38e4b19bf7c79f083ee862edb823713602b7b07e8f977a
Opcode Fuzzy Hash: 2db634d7245d7717299cb6c81dfdef90de020d7eb499460c3dc3907e0ebce5ee
Instruction Fuzzy Hash: 5E7128B9A083005BE7189E68DC92B7B77E1DF86318F19843CE58A872D2E334DE059756

Function 002BA200 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

8, xrefs: 002BA41C

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 6c44fb477f1087883065b982569bc055cf3cad2ae056a9d9cf592cefd557c0b7
Instruction ID: da0862d128c24afcf0f63a9ead38531ecec16c0a68162c1d2d63f06f47006004
Opcode Fuzzy Hash: 6c44fb477f1087883065b982569bc055cf3cad2ae056a9d9cf592cefd557c0b7
Instruction Fuzzy Hash: 5B919CB3F102258BF3544D79DC983627283DB95320F2F82788E586B7C9D97E5D0A9384

Function 001AC53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

x|*H, xrefs: 001ACE93

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: 3f2355fb0438aaed386cf7a3bc09f2a392199c1133537ff77a5ffd50153cf247
Instruction ID: 71b01e70b5062d9c0f5c2be28a6484d962028182942df9b7d2160d98428600c4
Opcode Fuzzy Hash: 3f2355fb0438aaed386cf7a3bc09f2a392199c1133537ff77a5ffd50153cf247
Instruction Fuzzy Hash: 5671D1746047818FD7298B39C4A0762BFE2AF67305F28C4ADD4D78B796D73998068B90

Function 0020E4D9 Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

$zC$, xrefs: 0020E6FC

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: $zC$
API String ID: 0-2955277028
Opcode ID: 9bb203f46245e21f5520c77c608f9412cdb184e80da817eb1f6305b95ea924ef
Instruction ID: 920bab63db5885417499ad6a6c6be21de754eaaf31688fbd441831b061250d27
Opcode Fuzzy Hash: 9bb203f46245e21f5520c77c608f9412cdb184e80da817eb1f6305b95ea924ef
Instruction Fuzzy Hash: 91819FF3F206254BF3544929CC583617282DBE5315F2F81798E8CAB7C6D97E9D0A9384

Function 0021507A Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

w;F, xrefs: 0021507A

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: w;F
API String ID: 0-654046406
Opcode ID: 0f18f8e558b435e75249aef14688228bdd4c23cb57ce2a5492c27c8712f76d60
Instruction ID: 3f439745cc9e5d640c7af453141670704844c1509e5fb5cb0c8a79c48cc0584b
Opcode Fuzzy Hash: 0f18f8e558b435e75249aef14688228bdd4c23cb57ce2a5492c27c8712f76d60
Instruction Fuzzy Hash: 6B819CB7F116254BF3844D69CC983A26283EBD5314F2F82788E58AB7C4DD7E5D0A9384

Function 003084F8 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

B[jO, xrefs: 00308772

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: B[jO
API String ID: 0-163664343
Opcode ID: 57c8662c5226d8a4495f599fcdc9a4d54c8b29ad19e139e5fc5e4332cf06b5c0
Instruction ID: 78601e92fe490a0766989ba58a8a650145852db2ecaa8221c7c06042ce2d672e
Opcode Fuzzy Hash: 57c8662c5226d8a4495f599fcdc9a4d54c8b29ad19e139e5fc5e4332cf06b5c0
Instruction Fuzzy Hash: A781AEB3F112258BF3950D28CC543A27243DBD5325F2F81788E88AB7C8D97E9D0A9384

Function 0018D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0018D455

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 7278feca7d1664dbf30efd97f4c2d0be11d5ca015d059bc5da367f389a9f77bb
Instruction ID: b6389d51a2a36317ebc60b89c6472b5841dbb7772d4c949f3b789abd262ee02e
Opcode Fuzzy Hash: 7278feca7d1664dbf30efd97f4c2d0be11d5ca015d059bc5da367f389a9f77bb
Instruction Fuzzy Hash: 4E5113B02413008FC7259F28E8D1E76BBE2EF55718B59881CD99787AA2C731F982CF51

Function 001AC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 001AC173

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 78088e567837097eec50bdcc99353ffb052f5ba1fff1276d034aaf556acd3de2
Instruction ID: de2f047e884d4e8b984e776faf6063c098334fcd53470c27678851604148d105
Opcode Fuzzy Hash: 78088e567837097eec50bdcc99353ffb052f5ba1fff1276d034aaf556acd3de2
Instruction Fuzzy Hash: 4A51E725614B808BD729CB3A88513B7BBD3ABDB314B5C969DC4D7C7686CB3CE4068750

Function 002230A4 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

D:LI, xrefs: 00223266

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: D:LI
API String ID: 0-1325566221
Opcode ID: 1d6db37bed92dda2ab4f399335db7bf4fdde5aa0a3db2a374aaeee3f0cae262a
Instruction ID: d0b8738e997c1dfa849bbb7600d781520da301dd3abf429aef03199c2633aaae
Opcode Fuzzy Hash: 1d6db37bed92dda2ab4f399335db7bf4fdde5aa0a3db2a374aaeee3f0cae262a
Instruction Fuzzy Hash: BD71B0B3F112264BF3404D69DC483A2A683DBD1321F2F82788E589B7C5DD7E9D0A5384

Function 001AC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 001AC173

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 5203445d1d46183f41dd50e21de1dfd1e120dc6fb3ddca3c09a0458b0fe888fa
Instruction ID: 2a28d189e68785d7c74486c37abfc8644249994270b82c2cd8f97200c38493fc
Opcode Fuzzy Hash: 5203445d1d46183f41dd50e21de1dfd1e120dc6fb3ddca3c09a0458b0fe888fa
Instruction Fuzzy Hash: 4F51E825614B808AD72ACB3A88513B37BD3AF97310F5C969DC4D7D7A86CB3CD4068751

Function 003030E3 Relevance: 1.5, Strings: 1, Instructions: 210COMMON

Download Yara Rule

Strings

u{=D, xrefs: 003030E3

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: u{=D
API String ID: 0-1046005044
Opcode ID: 092eb91e7e0cf54be25cf72ff4cfda7f06069f692d4b984304c758715e654b2f
Instruction ID: f6631e587b261803e2081780d9871a9dec65078497e3b4271d618e272f8e1066
Opcode Fuzzy Hash: 092eb91e7e0cf54be25cf72ff4cfda7f06069f692d4b984304c758715e654b2f
Instruction Fuzzy Hash: CF719DF3F012258BF3504D69DC943627693DB95320F2F81798E886BBC9E97E5D0A9384

Function 001C1160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 001C123B

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4c0d594f72a2f8210e38e0dbff26be7adbfb22561dd325b8ccc25e6fab389592
Instruction ID: e8533e34286f71bef7e287b4a86c01cfd5ae4f11b86a38ac6bfb8e2c7afc2755
Opcode Fuzzy Hash: 4c0d594f72a2f8210e38e0dbff26be7adbfb22561dd325b8ccc25e6fab389592
Instruction Fuzzy Hash: 1A4121B2944310ABD7188F64CC56B7BBBE1FFA6314F18891CE6854B2A1E335D904C782

Function 001AC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 001AD9F4

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: 13a58559889c079b82cb0709cafcf9c2d780b1388573263c35286e700b3cf3a0
Instruction ID: ca43821e9aeda7d59e2875b21b8fe4d909be74f5707be278f628f8efd08d483a
Opcode Fuzzy Hash: 13a58559889c079b82cb0709cafcf9c2d780b1388573263c35286e700b3cf3a0
Instruction Fuzzy Hash: DE41E475104B928FD7268F39C850773BBE2BF97314B199698C0D28B696C734E845CB50

Function 00250248 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

YRO', xrefs: 0025031C

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: YRO'
API String ID: 0-714244939
Opcode ID: b2306a7dd93487c4ac06c432e84567a7514d333630a13bbc054a64a2bddabef8
Instruction ID: 3eca19221f74d0631005c49a88d31f5d1696163ffc86de3a76fde62329fa9ff7
Opcode Fuzzy Hash: b2306a7dd93487c4ac06c432e84567a7514d333630a13bbc054a64a2bddabef8
Instruction Fuzzy Hash: 3341C1B3F112258BF7904D68CC883627292EF99310F2E81788F49AB7C5D97D6D099784

Function 001B2070 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

, xrefs: 001B2125, 001B215E, 001B2176, 001B21A4, 001B21BC, 001B21F5, 001B2223, 001B2246, 001B225E, 001B228C, 001B22DB, 001B22F3, 001B230B, 001B2332, 001B2359, 001B236A, 001B2382, 001B239A, 001B23B2, 001B23CA, 001B23E2, 001B23FA

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID: 0-2740779761
Opcode ID: d05b3af58637798c88e80d0ebc14f8c7c1d407e2392f493be0d206771af304c7
Instruction ID: f00e2c94f1742879eaaf1101ec974168b031812e99c6e60169892783f2bc428e
Opcode Fuzzy Hash: d05b3af58637798c88e80d0ebc14f8c7c1d407e2392f493be0d206771af304c7
Instruction Fuzzy Hash: A9814EB410A3808BC374DF55D698BEBBBE1BB99308F10491DD48D6B790CBB09549CF96

Function 001A8528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

_^]\, xrefs: 001A8545

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 07d7b7900d70f8b928fb5140dc11d460b3c32e83296067b311c4b51b13e47ba3
Instruction ID: c54c5bde653de31eb4a4c5b47768c100fcd8ad4e47abe371ee5b55a0664d6c65
Opcode Fuzzy Hash: 07d7b7900d70f8b928fb5140dc11d460b3c32e83296067b311c4b51b13e47ba3
Instruction Fuzzy Hash: 9621EA78A082108BD71D8B34C896E3BB7E3EF86318F78552CD253536A1DB35D8418A49

Function 001C0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 001C03AD

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 555e45bf3ad83c3b12e907f854e6419dc0036b2929ef5424bdaba633125c8525
Instruction ID: 67072c7a6b83d01b2518a0480f9542b75d1480c082616e568390af503d76c484
Opcode Fuzzy Hash: 555e45bf3ad83c3b12e907f854e6419dc0036b2929ef5424bdaba633125c8525
Instruction Fuzzy Hash: A831DF715083048BC315DF58D8D2A6FBBF4EB99324F14992CE69987290D735D888CB96

Function 001873D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction ID: 747b57fd6582dd8de0725d584aa7eb0eb7d254f263d9d8c35771e819ea158d52
Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction Fuzzy Hash: E122C231A0C7118BC725EF18D8806BBB3E2EFC5319F29892DD9D697285D734EA51CB42

Function 001EE5AD Relevance: .5, Instructions: 510COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 415805e18a314adf3329de01bb3ee3cf081808216fa80eb88b75f61cb7f4a040
Instruction ID: 5c91e979158fd9942481f51aca2b5dee2e572aa01ad613b38c0f43f2b4381fee
Opcode Fuzzy Hash: 415805e18a314adf3329de01bb3ee3cf081808216fa80eb88b75f61cb7f4a040
Instruction Fuzzy Hash: FFF19BF3F216204BF3544939DC983667692DB95320F2F82389E9CAB7C5D87E5D0A4385

Function 00296270 Relevance: .4, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6d02afbe76dcf26d048dcd57fa14af135d090d8a9e32c334731798258494b53
Instruction ID: 281c5017387d8fe28a13cced70aaab37486a8478a1e897827bfc045c53127d1b
Opcode Fuzzy Hash: d6d02afbe76dcf26d048dcd57fa14af135d090d8a9e32c334731798258494b53
Instruction Fuzzy Hash: CFE1B1B3B142108BF3449E29DC99376B7D6EBD4710F2E813DDAC88B784E93999098785

Function 001FE084 Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00a7810577c0eb33746f8574fef87038d6ff5dfe31b5f87e8d4287f7a6e0f1b7
Instruction ID: 86a67db5a9d0bd14cc38e2972aa8eae6f0b150a14f6fd2e661f7a1a8786548e2
Opcode Fuzzy Hash: 00a7810577c0eb33746f8574fef87038d6ff5dfe31b5f87e8d4287f7a6e0f1b7
Instruction Fuzzy Hash: 1BE1AEB3F102214BF3444E29DC993667692DBD5320F2F823C9E989B7C4D97E5D0A4385

Function 002B22E8 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe053c34a2525a2cc24c0528357f1fc96df5c6cc70834abed56bcb5043c44a84
Instruction ID: 0d4e9926d0d53254fdac49205aae2eb6a0003cc4e4866138145708b7edbe480e
Opcode Fuzzy Hash: fe053c34a2525a2cc24c0528357f1fc96df5c6cc70834abed56bcb5043c44a84
Instruction Fuzzy Hash: 1CD1BBB3F206254BF3584838DCA83B22582DB95324F2F82798F9A6B7C5DC7E5C095384

Function 00230030 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e429e09976b651e4b9f77028c3059d721f09c5d931200e1c7e6700f326804832
Instruction ID: d45c6f3593286239ec81d8510f0195694af2bd0fda6ce8fcb34ccb89ca257754
Opcode Fuzzy Hash: e429e09976b651e4b9f77028c3059d721f09c5d931200e1c7e6700f326804832
Instruction Fuzzy Hash: B1D18FB3F106258BF3540D69DC943A27692EBA5324F2F427C8E9CAB3C1E97E5D095384

Function 0027D09F Relevance: .4, Instructions: 376COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7056d0badd99ca03f0a0f8653782a8b90e7e9777dff1a61304d0f1ecbf270559
Instruction ID: 1c374dece6438ac2eac40678c7141c00861ff8ba202ccd7a992e5c139bd86680
Opcode Fuzzy Hash: 7056d0badd99ca03f0a0f8653782a8b90e7e9777dff1a61304d0f1ecbf270559
Instruction Fuzzy Hash: DCD16CF3F1062547F3584868DC653626583DB95324F2F82798F9EAB7C5ECBE9C0A4284

Function 0020A56A Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03560b28cbd6bd52adc69f564b84b84d85c7156d5ba255f1727248814211c171
Instruction ID: 85900d265b538d1e5b9d067fb1dffca89037245e478f28d9a1623682e2aa7fb3
Opcode Fuzzy Hash: 03560b28cbd6bd52adc69f564b84b84d85c7156d5ba255f1727248814211c171
Instruction Fuzzy Hash: AAC18CB3F116254BF35449B8CD983A2668397D5324F2F82788F486B7C6D8BE5D4A4384

Function 002462C3 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54db6ac66324993a57f127d1c0f7a93c07f94a9988cb2ad6bffebf01ee6e3874
Instruction ID: 8fa5077179c37e2c53184e663a3739e9441c027ddea6b0d97866b6318645bc0a
Opcode Fuzzy Hash: 54db6ac66324993a57f127d1c0f7a93c07f94a9988cb2ad6bffebf01ee6e3874
Instruction Fuzzy Hash: 84C19EB3F112254BF3544879DD983A2658397D5324F2F82788E9C6BBC9DCBE5D0A4384

Function 002810AF Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e87411b9b963bf6cd297ba22950f1f8f88362016a2d86fc72309dbff32c2f26
Instruction ID: 469e0e80786e76f25515f3213a8c20c6fa3fe3a382d53635b57f47d8819b7bcb
Opcode Fuzzy Hash: 2e87411b9b963bf6cd297ba22950f1f8f88362016a2d86fc72309dbff32c2f26
Instruction Fuzzy Hash: 90C19DF3F6162547F3484D78DD583616682DBA4324F2F82388E59AB7C5DD7E4D0A4384

Function 001F0314 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed19f0207c4fd304bbc50ca6f65b960383caf1e09e16e6fb82bfa74bebd6328c
Instruction ID: a063a38e5cd85f13158bc84af6de313eda1bac907fd44279f5287e2f115c6e03
Opcode Fuzzy Hash: ed19f0207c4fd304bbc50ca6f65b960383caf1e09e16e6fb82bfa74bebd6328c
Instruction Fuzzy Hash: 28C19DB3F112254BF3544D79CC983A2A683DBD5320F2F82798E58AB7C5D8BE9D095384

Function 002D60C7 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caa291f8464cf74316a3107a2643987d17ba744de5e6aca8179b1febf3777d22
Instruction ID: e718a38aee6418dd780f85eaf369ac526a3ae3afbc220776fe1bcc4493ad63f7
Opcode Fuzzy Hash: caa291f8464cf74316a3107a2643987d17ba744de5e6aca8179b1febf3777d22
Instruction Fuzzy Hash: 6DC177F3F116244BF3944879DD98362658397D1324F2F82798E58ABBC9DC7E8D0A52C4

Function 0025B0E7 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 730b744dd683a0703aa87e01a14cdd8999806d28fcb7b053e20e85b91f07e89c
Instruction ID: dced769f5efd534f2ef99cf4dd1032c5ab32d65955f252d1f75d7cf1e46d0158
Opcode Fuzzy Hash: 730b744dd683a0703aa87e01a14cdd8999806d28fcb7b053e20e85b91f07e89c
Instruction Fuzzy Hash: B3C19EB3F102254BF3544C79DDA83626682DB91314F2F82798F99ABBC9D87E4D0A5384

Function 0025715C Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28ee3b53388857d5beba57ed36a3ebc1f92103263ae536d6b267692e1fd0bbc3
Instruction ID: 34ed2fada5a1bdbda9800e5c3adddc72e1dfda425f979deb8dcff864501c14c5
Opcode Fuzzy Hash: 28ee3b53388857d5beba57ed36a3ebc1f92103263ae536d6b267692e1fd0bbc3
Instruction Fuzzy Hash: 06C19EF3F215254BF3548D29DC483A266839BD5324F2F82788E4CABBC5D97E9D0A5384

Function 002F245B Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8327eb3ef923ede58bf1c7ebec97fe0b5e40d426ba5db9d8aa2f217967133edc
Instruction ID: b6e17caa083bc56dccaae97078e2683face0d9da972236cc7248ed28b9d61f6a
Opcode Fuzzy Hash: 8327eb3ef923ede58bf1c7ebec97fe0b5e40d426ba5db9d8aa2f217967133edc
Instruction Fuzzy Hash: 5BC179B3F2122547F3984878CDA83A2658397D5320F2F82398F596BBC9DC7E5D0A5384

Function 002D2415 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7277c5dfc1fea8481a3589af9d077b4a2779420cab622ac28ea464da290a7d7
Instruction ID: 48cbe92f8cda08d00dda71f6435b57868c291582732a2ee4d5a9f6c1ab729fde
Opcode Fuzzy Hash: b7277c5dfc1fea8481a3589af9d077b4a2779420cab622ac28ea464da290a7d7
Instruction Fuzzy Hash: 6BC178B3F216214BF3544879CD5836265839BE5324F2F82788E9CAB7C5DCBE8D0A5384

Function 0022C03F Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f7ef6e303a3d597b625a6a2968ecbfeef762cdb23eb2b0910d743ec37e54d5d
Instruction ID: 65e62a61006ab9ec99728a31302638790756fe51f2516c1426dfec25bbfabe60
Opcode Fuzzy Hash: 0f7ef6e303a3d597b625a6a2968ecbfeef762cdb23eb2b0910d743ec37e54d5d
Instruction Fuzzy Hash: 6DC19EB7F516224BF3904D69CD883626683DBD5324F2F82788F886B7C5D8BE5D0A5384

Function 00284347 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13b25a7204f4493831552e5a25a2146dbbbc9623c2978a0fcaf289066cb43ce2
Instruction ID: 599e0d029309f4715625bbace93de6765428f0a8fab867743bf29dd217352193
Opcode Fuzzy Hash: 13b25a7204f4493831552e5a25a2146dbbbc9623c2978a0fcaf289066cb43ce2
Instruction Fuzzy Hash: 59C1E2B3F506214BF3944979DD983626682DB95324F2F82788F5CAB3C1D97E5D0943C4

Function 001FA11F Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e9481436b49c226a2b10233d4f4b57e64130f65ecf12c1c3fa323d6232766e3
Instruction ID: e4fe1d27f0b3e470a63912c000f5c56d1206b99e6a49eaf4e19a7af90267dc64
Opcode Fuzzy Hash: 2e9481436b49c226a2b10233d4f4b57e64130f65ecf12c1c3fa323d6232766e3
Instruction Fuzzy Hash: DEB1ACB3F116244BF3544D29DCA83A26283DBD9324F2F82788F689B7C5D97E5C0A5380

Function 0031044B Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72f05692a3c6e02f4d89aef76d07a2101a5e5521a33ae72c09188b02ef70ca8c
Instruction ID: 6c227db828e3553716450d46347c288b8535528c8ea6ef403083b68d92b4a1a2
Opcode Fuzzy Hash: 72f05692a3c6e02f4d89aef76d07a2101a5e5521a33ae72c09188b02ef70ca8c
Instruction Fuzzy Hash: ABC1B0F3F606254BF3584878DC983626582D795324F2F82788E58AB7C6DCBE8D0953C4

Function 0019E220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b5d4fe1b16b1a5cfa16cb4402e4a8ffc059c73c942803abb57c775723be8e48
Instruction ID: 6c466614a521d4bf8cdf05df667767b73d82932b12827ffe35e1d5ff9b839428
Opcode Fuzzy Hash: 7b5d4fe1b16b1a5cfa16cb4402e4a8ffc059c73c942803abb57c775723be8e48
Instruction Fuzzy Hash: DBB1E575504301AFDB10DF24CC42B6ABBE2BFD8319F154A2DF998972A1E732D945CB82

Function 0021D125 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f6bcc29dc1ea26b9aa420f03345707d0a3717a6c62616bc756c58b8d5f69b5f
Instruction ID: 184ebedebabf550c0d092b7032bfbd4046ea883117ed3916ab645b95b860a95e
Opcode Fuzzy Hash: 4f6bcc29dc1ea26b9aa420f03345707d0a3717a6c62616bc756c58b8d5f69b5f
Instruction Fuzzy Hash: 83B1AFF3F516254BF3444878CC983A26683D7E5325F2F82388F596B7C9D8BE5D0A5284

Function 0029C214 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d239ad53cbb41877104d45be649723d38e6278b5fa9548a259f656c1674b09c
Instruction ID: 2ba5926174ba076e7ef0607bed360ac637cb015b114686b960bb73b2d8ebcc7a
Opcode Fuzzy Hash: 3d239ad53cbb41877104d45be649723d38e6278b5fa9548a259f656c1674b09c
Instruction Fuzzy Hash: B0B187B3F516264BF3504979DC983A166839BE5324F3F42388E9C6B7C5E97E1D0A5380

Function 002623F1 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de5e0800fb423631990f95ad839cdcd7674e82be5197fc7a5a0b95c0d2e87610
Instruction ID: de31736b2769987953827634b8797ecd6ca4167d8c3e04708b7bb1552c075457
Opcode Fuzzy Hash: de5e0800fb423631990f95ad839cdcd7674e82be5197fc7a5a0b95c0d2e87610
Instruction Fuzzy Hash: 16B189A3F112258BF3444979DC583627683DBD5324F2E82388B49AB7C9DD7E9D0A9384

Function 002CC390 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebc8e4b0126b69dcf6621425e29f405bcc9ed572869d25522fb4fa738b7a1ec4
Instruction ID: b6d0a81e06cf67caf9904dbdf97dfa9f1118a62faad29c9c422cc361027560bb
Opcode Fuzzy Hash: ebc8e4b0126b69dcf6621425e29f405bcc9ed572869d25522fb4fa738b7a1ec4
Instruction Fuzzy Hash: 01B178B3F502254BF3984968CDA83B166839BD5324F2F82788F8D6B7C5D87E5C0A5384

Function 001F2475 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd9e124d9fa76a8b61c4ab1c143a3120d570a02146111e52ef97b98223f16290
Instruction ID: 67f03eec3ad32ae186780946665f379428bd273c207e8efa0fa00ca7de47388e
Opcode Fuzzy Hash: bd9e124d9fa76a8b61c4ab1c143a3120d570a02146111e52ef97b98223f16290
Instruction Fuzzy Hash: 7AB15AB3F116254BF3544839CC983626643DBE5314F2F82388B58ABBC9DD7E9D0A5384

Function 002722AC Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54f09923830892a1b5a682394611bd300bf362c1062fa4ec4c7b35b678d839cc
Instruction ID: 492383b7aceac1d113aa113a5018e2235a143da8594b8a024e5d58c687fe7ed8
Opcode Fuzzy Hash: 54f09923830892a1b5a682394611bd300bf362c1062fa4ec4c7b35b678d839cc
Instruction Fuzzy Hash: E4B18CB3F106258BF3444D68DC983627682DB99314F1F81788F98AB7C6D97E9D0A93C4

Function 00274311 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2844b4a1b86b84207c01a555491ddba879b35d6a7f0684a45d5b64011fd69b3
Instruction ID: f58789545f53446759645cd8e253b0f0545cd16732d7a8b4d36be455bd8607c0
Opcode Fuzzy Hash: a2844b4a1b86b84207c01a555491ddba879b35d6a7f0684a45d5b64011fd69b3
Instruction Fuzzy Hash: 2DB159B7F116354BF3944878CC983A265829B95324F2F82788E9CBBBC5D87E5D0A53C4

Function 0026829E Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a2394f240c5296d23fb5dee6db31c1a27bffa5330e5b3b1b2519d7ef05cb9de
Instruction ID: 47f95923bb7d5a1938a4e1354047b2a72b4d79d7fa31d83ca2ab53347413bf56
Opcode Fuzzy Hash: 7a2394f240c5296d23fb5dee6db31c1a27bffa5330e5b3b1b2519d7ef05cb9de
Instruction Fuzzy Hash: 1AB19BF3E1162547F3484968DCA83A266439B91324F2F82388F5D6B7C5E9BE5D0A53C8

Function 002EE57C Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb68467d7c36a2b1b6cdcd906be0fbffc1f587090b8b0ae980a282e4b904e6a1
Instruction ID: 7bb0cc573510ac12d91de96fbde5e2c508cd5709eec91fe6c1dccadbf8c53bd5
Opcode Fuzzy Hash: bb68467d7c36a2b1b6cdcd906be0fbffc1f587090b8b0ae980a282e4b904e6a1
Instruction Fuzzy Hash: B5B1A1B3F116258BF3544D29CC583626683DBD5321F2F82788E886BBC9D87E9D0A5384

Function 002CF09F Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e11293dffa4fdf18444c0db4fe6753dd8c6bb2d61d50759114ab7d8ee8f7ac0
Instruction ID: c8b9355b9badac119b2ca6594ac717207c00757d0716bcf77538c9d63cf52279
Opcode Fuzzy Hash: 2e11293dffa4fdf18444c0db4fe6753dd8c6bb2d61d50759114ab7d8ee8f7ac0
Instruction Fuzzy Hash: F7B16CF7F516214BF3444969CC98362668397A4325F2F82788F8CAB3C5D8BE9D0A4384

Function 002C4100 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19ef3ff9b8acdfd5ddf6ed0e289dc79c95bac81cd434263652a79c5f75990b5
Instruction ID: ff574fcef745269a44fc5ec5eacaaf3322dadd97e96050f3b511fd75076dce1f
Opcode Fuzzy Hash: b19ef3ff9b8acdfd5ddf6ed0e289dc79c95bac81cd434263652a79c5f75990b5
Instruction Fuzzy Hash: B1B19BB3F003254BF3444DB9DC983626682DB95724F2F82788E48AB7C5DCBE5D0A9384

Function 002F016D Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258b2119f15c3b008a3cfa86c7f9858e0eb720eb32c6a076a1395d6930755059
Instruction ID: b34c328cfa9b97094c2f5b6e4833897856d8988bbbcba51334bf6e43db1cd308
Opcode Fuzzy Hash: 258b2119f15c3b008a3cfa86c7f9858e0eb720eb32c6a076a1395d6930755059
Instruction Fuzzy Hash: 7FB1ABB7F216254BF3844878CCA83A26683D795314F2F82388E48AB7C5DD7E9D0A5384

Function 002E3060 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28a2dc18065bcdc8364f4d78b090eb3e6c27a5ebb44df5f22df5eba715318ac
Instruction ID: 68b811ca1655daaa6421a8b1eb90b71c8bf9fab416e2deb56040b9c270a8e0b9
Opcode Fuzzy Hash: c28a2dc18065bcdc8364f4d78b090eb3e6c27a5ebb44df5f22df5eba715318ac
Instruction Fuzzy Hash: B0B16BA3F112254BF3484D29CC593627283EBD5314F2F81798B89AB3C5DD7E9D0A9384

Function 00233173 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3f58618bd5bdd6ea0a8767d73cb858cbb21eb71057721f49a75660d628fafdc
Instruction ID: 50f3caac43bb6357f6bb9a9f3721c2dbd877298e96a6918ed77304fc1f1dc410
Opcode Fuzzy Hash: a3f58618bd5bdd6ea0a8767d73cb858cbb21eb71057721f49a75660d628fafdc
Instruction Fuzzy Hash: 9BB18FB3F112254BF3444D39DD983626683EBD5324F2F81788A58AB7C9DC7E9D0A4384

Function 00220365 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51abf0db56259b0b7d312fdc0de3d33f131457ef51c09ad8608d71eb29279e99
Instruction ID: d935dc5fbfd7a8da6898d4e11e73ef91f6779eaf8619953004f7a896c2c29de5
Opcode Fuzzy Hash: 51abf0db56259b0b7d312fdc0de3d33f131457ef51c09ad8608d71eb29279e99
Instruction Fuzzy Hash: 92B18BB3F112254BF3544D79CC98362A6839BD5320F2F82398E58AB7C5D97E9D0A5384

Function 0020424F Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 426670399e6ea9c2b747c239ea1a3414e496094506dfae1c02098cfb6496f54a
Instruction ID: 0cf31d819cf27997cf36b7b59bbaa47c861ccb36ec132b6ae9defe4ce634a7d9
Opcode Fuzzy Hash: 426670399e6ea9c2b747c239ea1a3414e496094506dfae1c02098cfb6496f54a
Instruction Fuzzy Hash: 17B1ADF3F216254BF3980878DD983626582DBA5311F2F82788F5CAB7CAD87E5D095384

Function 0024831B Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62546cd8d426ded9006373d49148c65e4510c19cf99ab3fdcdcbcc9caf83ef7f
Instruction ID: 701a41ca3de8275fd8547f7122b1dd9028f55fcff746c2256124bb4b5a4d2d8f
Opcode Fuzzy Hash: 62546cd8d426ded9006373d49148c65e4510c19cf99ab3fdcdcbcc9caf83ef7f
Instruction Fuzzy Hash: 28B19CB3F216214BF3884978CC993626683DB95320F2F82788E5DAB7C5DCBE5D095384

Function 0024B158 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f7bce07d67d2bee392d0fc27ef324a036974bae6dd98755c42ebe771bff1797
Instruction ID: 811e658164fb8ffc1c1739f4ea42c7a83df7a66fdc5758797a9f51ec3289aaae
Opcode Fuzzy Hash: 2f7bce07d67d2bee392d0fc27ef324a036974bae6dd98755c42ebe771bff1797
Instruction Fuzzy Hash: ACB19CB3F112258BF3484D38DCA83627683EBD5314F2E827C8B555B7C9D97E990A9384

Function 002AE48E Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9addf7bb36a3e677843d0fd8c8238e230b0da856975aa4882bf3c17f4dcaee3c
Instruction ID: 9bedd6d4fd9a2925b2c5213564fded08c5008c464682c5b939c88cda29a7f300
Opcode Fuzzy Hash: 9addf7bb36a3e677843d0fd8c8238e230b0da856975aa4882bf3c17f4dcaee3c
Instruction Fuzzy Hash: 55B1BAB7F516254BF3540D69DC983622683DBE6314F2F82788E486B7C9DCBE5C0A9384

Function 002A6251 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16d72ff06844119dde8e3990d07526156c1974746c426c88bb1ed7db01a9a1de
Instruction ID: 4a354be4316b2e5ef1fea5d7910bad2c88ef383a6a79d20b790a7b912156b796
Opcode Fuzzy Hash: 16d72ff06844119dde8e3990d07526156c1974746c426c88bb1ed7db01a9a1de
Instruction Fuzzy Hash: CBB19EB3F216254BF3444D29CC583626283DBE1321F2F82788E986B7C9DC7E9D0A5384

Function 002C2529 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca9105cf79471dc73db5f033b111065a3970827016da8a7699514f35fac3b0d2
Instruction ID: ab110645d5ab426f2d3e8d26b80f6b257671f38ab9935af3745e3abc97057bb3
Opcode Fuzzy Hash: ca9105cf79471dc73db5f033b111065a3970827016da8a7699514f35fac3b0d2
Instruction Fuzzy Hash: 7AA1B0B3F102254BF3944D28CC683B27282DB95310F2F827D8E89AB7C5D97E5D0A5384

Function 00186160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: 9bc6960ac4e5c8769aa52ce700c7f7c7ec560f4705240a1fe30834c42c6ce0aa
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: AFC15AB2A087418FC360DF68DC96BABB7E1BF85318F08492DD1D9C6242E778A155CF06

Function 002143A3 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3759d5fdf847865952ef8b69cc6fda1eeec7c947de6a088a8fb6827c78b2a01d
Instruction ID: 979896b8dcea20ce2fa845b335b8cda60d491f37fd8820c3d5de616ec63dda7b
Opcode Fuzzy Hash: 3759d5fdf847865952ef8b69cc6fda1eeec7c947de6a088a8fb6827c78b2a01d
Instruction Fuzzy Hash: D5A18AB3F212254BF3844978DCA83626583DBE5324F2F82388E596B7C6DC7E1D0A4384

Function 002643F9 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3fbcae3e7ffbf98cdf20d466311ee037667e0dbe0d6cb3d432bea38837383f4
Instruction ID: 319df1f63f8cee38b29602aed667fbea1fb7ab4bf1d749e19f38e26475eb2738
Opcode Fuzzy Hash: b3fbcae3e7ffbf98cdf20d466311ee037667e0dbe0d6cb3d432bea38837383f4
Instruction Fuzzy Hash: FEA18BB3F502254BF3504979DC983A26683ABD1324F2F82788E886BBC5DC7E5D4A53C4

Function 002AA225 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69db08cef87b6ec408b1810344a42a46254aa2bdf7348c3b88e7de095f5f51d4
Instruction ID: 17b346b2fa5ae71ff09cdcefd21948e8e944163bad8516693b0a3c0d2eba97fa
Opcode Fuzzy Hash: 69db08cef87b6ec408b1810344a42a46254aa2bdf7348c3b88e7de095f5f51d4
Instruction Fuzzy Hash: 26A13AB3E5063547F3544878CD983A5A682ABA1314F2F82388F9CBB7C5D9BE9D0953C4

Function 002DE2D7 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b897879789455788487e151556d919940fbbb87a6ae84b76b4b92f9c04e80c3
Instruction ID: 6e4e139e90921c59aae27fb427f9f86b63b1161ee37bec98c555907f0cc49285
Opcode Fuzzy Hash: 0b897879789455788487e151556d919940fbbb87a6ae84b76b4b92f9c04e80c3
Instruction Fuzzy Hash: 60A189B3F106258BF3544E68CC943A27252EB95324F2F41788F586B3C1D97F6D0AA384

Function 002DC04C Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7d243dd5493797b86062ace3bff54538d2f66dd921f2fa15433a712c7e79b11
Instruction ID: 93cca443e13d53660badd7f4fd1c1bf452fb68cc5599c76bb7beb51388b622b5
Opcode Fuzzy Hash: a7d243dd5493797b86062ace3bff54538d2f66dd921f2fa15433a712c7e79b11
Instruction Fuzzy Hash: CFA1C2B3F2122547F3544D39CC583A26683DBD1311F2F82798E99ABBC9D87E9D099384

Function 0021E3D1 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8286aa3ccecfe7a461e77b1127a4011ffd17f4730278abec8885e98b61dbf78b
Instruction ID: c90582d38aa5a5fcaf45fd81a5098609b6d3088abff5df4eb05e457a73f63dcb
Opcode Fuzzy Hash: 8286aa3ccecfe7a461e77b1127a4011ffd17f4730278abec8885e98b61dbf78b
Instruction Fuzzy Hash: E3A17CB3F512254BF3484D79CCA836266839BE5314F2F82388F49AB7C5D87E9D0A5384

Function 002D824F Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6274501d2fc00c4a72bb8a34b4b9477f545648b6c0bbb5456f0b7fd13ef8fae5
Instruction ID: e269f103ef020b58e3a519e164f2ed9af2dae4ce36455235327064fc6fbc3d7f
Opcode Fuzzy Hash: 6274501d2fc00c4a72bb8a34b4b9477f545648b6c0bbb5456f0b7fd13ef8fae5
Instruction Fuzzy Hash: DFA16CF3F1122647F3544D39DC5836266839BE1321F2F82788E98AB7C5E97E9D0A5384

Function 0028A276 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 798c96dda0ddfafdf5896579df5cc411f2c9c540ecb7ab983c1e9803bc891220
Instruction ID: de14d15c1317a304c13ac3f8fdd4a18b5ef0a716f8fb81c31539f71229563e6f
Opcode Fuzzy Hash: 798c96dda0ddfafdf5896579df5cc411f2c9c540ecb7ab983c1e9803bc891220
Instruction Fuzzy Hash: 8CA158B3F112254BF3644D39CD983A26683DBD5320F2F82788E986B7C5DD7E9D0A5284

Function 002281DE Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c88fa7608a7e883da9cba90e77f89004ffc7d92195b8d1bf827e200ad9f922
Instruction ID: 6637eb6d4e2f466e87bfcc664dce2a44cfe6ded7339e39878c5b04cb59b7dc7a
Opcode Fuzzy Hash: 89c88fa7608a7e883da9cba90e77f89004ffc7d92195b8d1bf827e200ad9f922
Instruction Fuzzy Hash: 6CA18CB3F206258BF3544D29CC543A17683DBA0320F2F82798E89AB7C5DD7E6D0A5384

Function 0029A146 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9ee6f87e3810de221ac2899541de48c05cc9d2b02ce0b6c5d3920f7484020a
Instruction ID: 7621aeb9d87f3275f5c86154e160c5ce52ad0bd525373cdadbb8e66b2ded8fdc
Opcode Fuzzy Hash: fc9ee6f87e3810de221ac2899541de48c05cc9d2b02ce0b6c5d3920f7484020a
Instruction Fuzzy Hash: 77A1CBB3F112358BF3544D69DC983A1B2929B95320F2F42798E5C6B3C1E9BE5D0A93C4

Function 00304059 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db3d0953752bb5ec7dbeaeed1224dffb48fa798d09a2f0725c5088646af9eef9
Instruction ID: 56437120203982253c18afbb1cc961ac91ffc44fcb7745e39164c8aeba29ed4e
Opcode Fuzzy Hash: db3d0953752bb5ec7dbeaeed1224dffb48fa798d09a2f0725c5088646af9eef9
Instruction Fuzzy Hash: 92A18DF7F112158BF3844D69DC583A26283DBD5314F2F81788B48AB7C5D97EAD0A5388

Function 00206094 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 166fab5512ec9866b0c5c6a32016b3ac5d3e845fb5065fdb9c2a152c58f6d7b3
Instruction ID: 262a1e1d71eaabfd37119ac531de0b14765ddba175370f0385cc7edc1826ea61
Opcode Fuzzy Hash: 166fab5512ec9866b0c5c6a32016b3ac5d3e845fb5065fdb9c2a152c58f6d7b3
Instruction Fuzzy Hash: 03A18CB7F112264BF3544DB8CC58362B653ABA5314F2F82788E49AB7C5D97E5C0A5380

Function 002EA32A Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72dbe35fa27456bf9294662adeca13afa4bc1afd9b6a4db3027f192362f3b896
Instruction ID: d76b069e84041dabc9441a32430cc7dbc85affda27a064e32dd2e8e79f2809fe
Opcode Fuzzy Hash: 72dbe35fa27456bf9294662adeca13afa4bc1afd9b6a4db3027f192362f3b896
Instruction Fuzzy Hash: 40A18AB3F112254BF3544D69DCA83A16683DBD5320F2F82788F98AB7C5D8BE5D0A5384

Function 0027A35E Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f9cf68fa812bb12d18d490631e361d87b7634e771dec2e6a6fb878e3e71e983
Instruction ID: 0c13dc64aebeb31752edb3b7880cfc5a9d7a4fd88454c22c0452ef65159134fe
Opcode Fuzzy Hash: 6f9cf68fa812bb12d18d490631e361d87b7634e771dec2e6a6fb878e3e71e983
Instruction Fuzzy Hash: EDA17AB7F106254BF7444939CC983A26283DBE5324F2F82788F59AB7C5DC7E9D0A5284

Function 002563F7 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 233a1fabd84c3028c45c24dc1f8c3554ff5ecae5620f6b53b07f847d2da794c7
Instruction ID: 6293299d73216a040a49211ad94ed2fc88d29f945b983e96b66ec93d77943202
Opcode Fuzzy Hash: 233a1fabd84c3028c45c24dc1f8c3554ff5ecae5620f6b53b07f847d2da794c7
Instruction Fuzzy Hash: 33A18CB7F215358BF3504D28CC583A2B2929BA5324F2F82788E8C6B7C5D97E5D0993C4

Function 0029D041 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e8763256aa824e2f821a2015d6f372e8429189929c64b75b696564161a7e08a
Instruction ID: efef5cd911693efa1d684ca8a972c96beaf3d760d397d44a4fb932562dc0456c
Opcode Fuzzy Hash: 9e8763256aa824e2f821a2015d6f372e8429189929c64b75b696564161a7e08a
Instruction Fuzzy Hash: F3A17DB3F112254BF3444939DD983626683DBD5325F2F82788B886BBC9ED7E5D0A5380

Function 0023A046 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68dad6e68de066078aca5ad8ac42997c0bba1ca61b2a8fd269aa5f7490fd3b90
Instruction ID: fb5500220eb93aa0b00dbdc5f1a411b6210c9ec7b3ddbda5b8f332663bffb14d
Opcode Fuzzy Hash: 68dad6e68de066078aca5ad8ac42997c0bba1ca61b2a8fd269aa5f7490fd3b90
Instruction Fuzzy Hash: DF91AFB7F512254BF3504D39DD883A166839BD4324F2F82788E9C6BBC9D87E5D0A9384

Function 00231056 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec033d885b118eb8b748c0f8cb7da8e3e820f5f5f29d3ee3b853c78201954608
Instruction ID: 70d0a3bda5ab68053ece6dd8f36a6203447b9befbbc3107042912a0ceb838b3e
Opcode Fuzzy Hash: ec033d885b118eb8b748c0f8cb7da8e3e820f5f5f29d3ee3b853c78201954608
Instruction Fuzzy Hash: 4DA18EB3F102254BF3944D69CC98362B693EB95310F2F82798F892B7C5D97E1D0A9384

Function 002B01D3 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87cd212f8d210fd3390dc75bda37e48504bb729d638bf73de862786e95504fc0
Instruction ID: d51300b092cbc9ec7a76343679eef0c791f13a2fb7bc2903f9eccaea20207ae6
Opcode Fuzzy Hash: 87cd212f8d210fd3390dc75bda37e48504bb729d638bf73de862786e95504fc0
Instruction Fuzzy Hash: 3FA17DB3F112254BF3948879CD583A26583ABD4324F2F82798F586BBC9DC7E5D0A5384

Function 0020A0F5 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 962a7c594ed314909c9d2a8fa269ada71e94d84828483c7589a312e604b45790
Instruction ID: 40bd4094f41ee0f4d5a502ba5ab74406fb3be16f98e8e4c0b004ab07ab67042b
Opcode Fuzzy Hash: 962a7c594ed314909c9d2a8fa269ada71e94d84828483c7589a312e604b45790
Instruction Fuzzy Hash: 87A17CB3F212354BF3944D69CC983A176829B95320F2F82788E9C6B7C5DC7E6D099384

Function 002C20C2 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76639724882dadc34f9c7e01a02a7e9cd3c82531af1611901830e8100b7daaf
Instruction ID: 8bc264795ce374ed61fd9efffaa0873563bfaba07af194362b1aaf17db7651a7
Opcode Fuzzy Hash: c76639724882dadc34f9c7e01a02a7e9cd3c82531af1611901830e8100b7daaf
Instruction Fuzzy Hash: BF9186B3F206218BF3984D39DC983626682D795310F2F82388F59AB7C5DD7E5D095384

Function 00249114 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac66cc8ee2a83310a561ee35290ed1273a4e926023b1440bc2c0fbe0462e670d
Instruction ID: f057fcbbae639a4987b226e679acab3d877316b7206fc71dbd42705f90bdc665
Opcode Fuzzy Hash: ac66cc8ee2a83310a561ee35290ed1273a4e926023b1440bc2c0fbe0462e670d
Instruction Fuzzy Hash: 0BA1BBB3F112218BF3484E69CC543627293DBD5320F2F82798E596B7C5E97E9D0A9384

Function 0022F12C Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1529d5e91519c2cf3b6fbc7e7fb0a691fab016171e0e0fe94fe8bcd40275c05
Instruction ID: f1d9343d61817f7fef3244e4935bc1ecad99748f8eef3d703d97c18ff99c3123
Opcode Fuzzy Hash: f1529d5e91519c2cf3b6fbc7e7fb0a691fab016171e0e0fe94fe8bcd40275c05
Instruction Fuzzy Hash: 7991B0B3F5153547F3944C68DC883A16692AB91324F2F82788E9C6B7C5D8BE4D0A93C4

Function 00287115 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0fd47d7c94e13bc0b13c602fcf618d2d9df3e9aaf18f3330454a46e9e062e6e
Instruction ID: a18b9c514c8f493e6387e40f16fb3c3baa41803329707d5182d807340cddb7d3
Opcode Fuzzy Hash: e0fd47d7c94e13bc0b13c602fcf618d2d9df3e9aaf18f3330454a46e9e062e6e
Instruction Fuzzy Hash: 72A17CB3F112258BF3444E29CC943617253EBD5314F2F81798A886B7C4EA7EAD1A9384

Function 0022421D Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0daf6b7c32165bcf074316379469a7ccc0b5c58082df5ec5f5adb267670dbf0
Instruction ID: fd781f69b060565f0f2756384deb40ed89855ad85994d44c05a831c5d33a116a
Opcode Fuzzy Hash: a0daf6b7c32165bcf074316379469a7ccc0b5c58082df5ec5f5adb267670dbf0
Instruction Fuzzy Hash: EEA18AB3F116254BF3944929CC683626683DBE5320F3F82788E596B7C9DC7E5D0A5384

Function 0026C4DF Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf06be99eecc7ab8c30672130840ece85311815a973dbd2c7d23e857ea93e8e
Instruction ID: 9dce0c9983646c1b0a99f50c866a156689035a0a29c6aacc5ed112d4b2e2c839
Opcode Fuzzy Hash: 5cf06be99eecc7ab8c30672130840ece85311815a973dbd2c7d23e857ea93e8e
Instruction Fuzzy Hash: 8E917AB3F212254BF3444D79CC983A276839BD5314F2F82788E589B7C9D97E9D0A9384

Function 003121CB Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6618133ecb71cb0fc1622a593909de17169223d03c74c1949452fb82def6bd5
Instruction ID: 0b5c8a3486760659dd87b74413fd9cd13b73b1d798c3de2236a0d4516ae2efd6
Opcode Fuzzy Hash: b6618133ecb71cb0fc1622a593909de17169223d03c74c1949452fb82def6bd5
Instruction Fuzzy Hash: 67915AB3F512254BF3484969CCA83626683DBD5320F2F82398F599B7C5DC7E9D0A5384

Function 002C049A Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d362a52b993a1c00ba18d1514c360d83861810c4dc18624083e94337ec791b4
Instruction ID: b3818edbfb075c8763558beb33d2768df30991422bd66ae63c9b3e36023c535f
Opcode Fuzzy Hash: 6d362a52b993a1c00ba18d1514c360d83861810c4dc18624083e94337ec791b4
Instruction Fuzzy Hash: 79918BB3F216254BF3540939CC983A26683DBD1315F2F82798E88AB7C5DD7E5D0A9384

Function 002022D7 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae96dbb3f331a03414b4eea6a677a0ecddaff98f68f68991006c6867881c153e
Instruction ID: b042e0b5b7466aa65683ee0eafed65bc985bde5117adf0f4de91a99c5bf71135
Opcode Fuzzy Hash: ae96dbb3f331a03414b4eea6a677a0ecddaff98f68f68991006c6867881c153e
Instruction Fuzzy Hash: DC916CB7F106254BF3544929CD593626683EBD5320F2F82798E8CAB7C9DC7E9C0A5384

Function 001F639E Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e649590f66a5d9b61af0c80783c830b1654733d9386ae789ffb21eafd83b98b9
Instruction ID: cf61c676498ab2c95639bbba81637fe6564a740b33fe1264a693edc7e1787c65
Opcode Fuzzy Hash: e649590f66a5d9b61af0c80783c830b1654733d9386ae789ffb21eafd83b98b9
Instruction Fuzzy Hash: DA917CB3F111298BF3504E29CC943A17293DBD5724F2F81798E986B7C4D97EAD0A9384

Function 0024E494 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e59551ff3231b5b797cd229d78c3b5df1e1a31a0acf973503ae2aa3cb3077660
Instruction ID: 7f4af322a2879d6b2ce0be73039e79655876eae4d36ac02c4b9900fe79aec00d
Opcode Fuzzy Hash: e59551ff3231b5b797cd229d78c3b5df1e1a31a0acf973503ae2aa3cb3077660
Instruction Fuzzy Hash: 51915BB3F1112547F3448939CD583526683ABD5324F2FC2788A9CABBC9DC7E9D4A5384

Function 002AE079 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f5e77e0f67483dec8934b27f9841e75698915734cb9139aea34cd493878905
Instruction ID: 825c3af1ff76bf97bae3d0252a4c6083903c295058457b44eaae33cfa5d571f8
Opcode Fuzzy Hash: 16f5e77e0f67483dec8934b27f9841e75698915734cb9139aea34cd493878905
Instruction Fuzzy Hash: E2919BB3F102258BF3504E69DC583A176939B95324F2F42788E8C6B3C5D9BF6D069384

Function 003141FF Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7a7e9ef24754e836dd5346a0f66618ccbd7a0938cb8d2260c4da767a867fb64
Instruction ID: 06bc95a4a03152e72fbadc3c5f63ca37f84f2348ef8cea4d8fffdbd9a87b2d9a
Opcode Fuzzy Hash: f7a7e9ef24754e836dd5346a0f66618ccbd7a0938cb8d2260c4da767a867fb64
Instruction Fuzzy Hash: 8A9190F3F116254BF3444968DC983627283DB95320F2F82798F59AB7C6E97E5D094384

Function 00269008 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d774fd53af4c081d72a9456ecf0bf8e3aa64acf5b7c40bb0517e72fb2829a95e
Instruction ID: 8e6f0b9e7cc5a7d72018c119aedee78188b59667f829e1ed6cb81edc065cd559
Opcode Fuzzy Hash: d774fd53af4c081d72a9456ecf0bf8e3aa64acf5b7c40bb0517e72fb2829a95e
Instruction Fuzzy Hash: 8B9180B3F116254BF3544968CC983626283DBD6324F2F82788F58AB7C9DC7E5D0A5384

Function 00270302 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0ecb5ae8e86e96de07223969758c117d2d32f4ba373f6d52b7b92d543687d2
Instruction ID: 8780e73b921023fd6039a910031afac6b1d2fe77b7b958b3af535c51bcee2204
Opcode Fuzzy Hash: 9f0ecb5ae8e86e96de07223969758c117d2d32f4ba373f6d52b7b92d543687d2
Instruction Fuzzy Hash: 3F915AB3F111254BF3444D39CD583626693EBD1315F2BC2388A49ABBC9ED7E9D0A9384

Function 00247157 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e725f3a44ba11f50585625c012f8d7becc409d5e1cdcb6b6c6f551f5d328e60
Instruction ID: 6afb4738943f471f2dc3ae5fcf4af9c64b12682d44691f2bd6e70ff436ce1300
Opcode Fuzzy Hash: 9e725f3a44ba11f50585625c012f8d7becc409d5e1cdcb6b6c6f551f5d328e60
Instruction Fuzzy Hash: 0D91A8B3F012254BF3444D29DC9836266939BE5314F2F8279CB4C6B7C9E97E5C0A9384

Function 002540D4 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a88e14e43443ca39cca2c1e58fe63fac05b9fd68f1913d4049298a5abf7891a1
Instruction ID: b3888f7440b6b1547de8a621f45c455da0c5fe20f1737ff0d4fbc1c771df43d9
Opcode Fuzzy Hash: a88e14e43443ca39cca2c1e58fe63fac05b9fd68f1913d4049298a5abf7891a1
Instruction Fuzzy Hash: 3E9159B3F6162647F3944838CD593A265839BD1324F2F82788E9CABBC5DC7E8D0952C4

Function 0029E384 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b17f11e525a73574f9a00691e086cdfb605de81080788d383652d830af4b1473
Instruction ID: bf12c26319b1d4489d0e97b3826ff7d2af1cf6d556657f153b81b8bff9ba4a56
Opcode Fuzzy Hash: b17f11e525a73574f9a00691e086cdfb605de81080788d383652d830af4b1473
Instruction Fuzzy Hash: 9F917CF3F506254BF7580D28DDA83A16682D7A5314F2F427D8F4A6B3C2E8BE5D095284

Function 0023E3FA Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6861bbf66f222c26ccf25a63d0bcbf6c03494d5d47b505298d5dffe1b7273d86
Instruction ID: 73f40e13ba8ef103704c20c32a410d1d594d742671597ef255b91db2a1d96c3a
Opcode Fuzzy Hash: 6861bbf66f222c26ccf25a63d0bcbf6c03494d5d47b505298d5dffe1b7273d86
Instruction Fuzzy Hash: 3F918CB3F1162547F3544D78DC88392A6839BD0325F2F82788E9CAB7C6D97E9C0A5384

Function 001A04C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: 9f851abe299558d6e4c84e88e05f0a387867fbb3caffaaf30512c87d679b8e42
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 64B16032618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715

Function 0026A1B0 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f32d8bee317d4017981e863792aa3fc47e3a9db4819a44b90d13f29754b9721
Instruction ID: 13f124b3d37d6c2a5a36b541277f52fdafcd8c98a5fff2af313a3fd266971942
Opcode Fuzzy Hash: 9f32d8bee317d4017981e863792aa3fc47e3a9db4819a44b90d13f29754b9721
Instruction Fuzzy Hash: A091BCB3F216254BF3984928CC583A57283DBD5324F2F82398E496B7C5DD7E9D0A5384

Function 002105A0 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eef2aafe5f546a7c2cf4bb43f6ba792a6ee73773f8aceda8dd5d16cdf02d858
Instruction ID: 550d9ca9aa44c50830e9ac849d62814bfaefdd408058085ed2a5e18fc28f69b7
Opcode Fuzzy Hash: 5eef2aafe5f546a7c2cf4bb43f6ba792a6ee73773f8aceda8dd5d16cdf02d858
Instruction Fuzzy Hash: 1C918EB3F212254BF3544E69CC983A17693DBD5310F2F81788E886B7C5D97E6D0A9384

Function 00259007 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a582f32e684e5330a218a8e7679264d6c5460eeb458544bfb7e30184b8678549
Instruction ID: 16b439df332412b40f2628365b19cc36c5634aed0557ce878c8762585201f0db
Opcode Fuzzy Hash: a582f32e684e5330a218a8e7679264d6c5460eeb458544bfb7e30184b8678549
Instruction Fuzzy Hash: 7B9189B3F0022647F7584D78C9A836666439BD5314F2F82388F896B7C5ED7E5D0A8384

Function 001FC1DE Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005299b0ebcffb6d8b8cfe6bec6b6437a17e9e22f88fef2a2440ac8b9788b023
Instruction ID: 17507ba179da8d757d872094fa2f8e5e457172787f9b99fd07ca3f5663225b83
Opcode Fuzzy Hash: 005299b0ebcffb6d8b8cfe6bec6b6437a17e9e22f88fef2a2440ac8b9788b023
Instruction Fuzzy Hash: D8917BB3F116254BF3504D68CC583A17692DBD5324F2F82788E886B7C5E9BE6E0A53C4

Function 0028E28C Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bc8561488b0c59f395f1f31116778ae8e214cf785641ea52c327fdf4d28e3ce
Instruction ID: d4683eefd495b185f0aefef39fc4ff39f2a166f4d4b494e21989f80dfad604ec
Opcode Fuzzy Hash: 7bc8561488b0c59f395f1f31116778ae8e214cf785641ea52c327fdf4d28e3ce
Instruction Fuzzy Hash: 43917CF3F116214BF3844939CD583622582DB96324F2F82788F69AB7D8DD7E9D0A5384

Function 00206517 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22e62d4b503ed364590d1a2c61ce5986d8b3ec7d1f12ea5ef2318df01cc6b6c4
Instruction ID: fe9b201116bdde081a16581d9608472375782100a6d0e309ebabab662fcc1004
Opcode Fuzzy Hash: 22e62d4b503ed364590d1a2c61ce5986d8b3ec7d1f12ea5ef2318df01cc6b6c4
Instruction Fuzzy Hash: 7F9176F3F116254BF35448B9DD98362268397D5724F2F82788F986B7C6D8BE8C0A4384

Function 00290141 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a693a4c5f51e4adad20def020dad00bd4d9f598b35807afab3924c8c5188030f
Instruction ID: 7d1a4d5f16c2e845bb91efd9f97320c7781b3f05fb6ca84c77e01a6bf15d72c1
Opcode Fuzzy Hash: a693a4c5f51e4adad20def020dad00bd4d9f598b35807afab3924c8c5188030f
Instruction Fuzzy Hash: E6918DB3F112264BF7944D78CD583A26683DB91314F2F82388F896BBC9D87E5D0A5384

Function 00218065 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0fd0f76e7de22bfd1cf3bedb79776cf435a4c1b0fd8e6124fcd2549687ed73d
Instruction ID: c2a90de9269c8650789d8d3691bf30d590361aa6662e09b7692e35f60cdd2d7e
Opcode Fuzzy Hash: f0fd0f76e7de22bfd1cf3bedb79776cf435a4c1b0fd8e6124fcd2549687ed73d
Instruction Fuzzy Hash: 7C816AB3F1062547F3984D68CC983A262839BD5324F2F82398E9D6B7C5DD7E5D0A5384

Function 00286374 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35f63254f50d8e2978a9faf76bf7321db36a346fa8f8d9b79bfbed0344398517
Instruction ID: 76d40a09f3ffafd327f2e76c8070ce191e891fce8e9b9e9ba759ac8ee1ff55e9
Opcode Fuzzy Hash: 35f63254f50d8e2978a9faf76bf7321db36a346fa8f8d9b79bfbed0344398517
Instruction Fuzzy Hash: 86918CB7F112244BF3540D28DC9836276839BE5325F2F82788BA82B7C5DD7E5D0A4384

Function 001C0460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8f4afb97d1356c1fcc86b13133f66e62e51049d35dd765cd55eec2eba72b63d2
Instruction ID: e125819c6835fdda91e3e71f2ee78e6f6475c7cda61f4ce5c63dc9ffb1cba1d8
Opcode Fuzzy Hash: 8f4afb97d1356c1fcc86b13133f66e62e51049d35dd765cd55eec2eba72b63d2
Instruction Fuzzy Hash: A2610635A083159BD7169F18C850F7FB7A2EFE8720F19852CE9858B291EB30DC91D792

Function 00226427 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b094f771c5b56d9f76da76db6535a652c5f05e49197ae71e28c1330b343896
Instruction ID: 86080f3092fbe80ae6b9ab2051ba1fddb06d7f70e91ec6db91bccfe423dfadc4
Opcode Fuzzy Hash: 25b094f771c5b56d9f76da76db6535a652c5f05e49197ae71e28c1330b343896
Instruction Fuzzy Hash: 8F81CFB3F116254BF3884979CD583A26643DBD1321F2F82398B586B7C9DC7D8D0A5388

Function 002CA5A4 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae4bc9d3750fdd702946b4c7a2cedba7ee7a9b91aea88e6504a1409d2d53333b
Instruction ID: 30c1640982355a99ff9ac95820ee59f8a7188efa603e88c5ee13d4423fd32ea6
Opcode Fuzzy Hash: ae4bc9d3750fdd702946b4c7a2cedba7ee7a9b91aea88e6504a1409d2d53333b
Instruction Fuzzy Hash: E981BEB3F112258BF3444D69CC983627692DBD5324F2F82788E5CAB3C5D97E9D0A9384

Function 0030F0CE Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9eb964db67c9165541cbf759ad9b2c60f8d3d0219e3e606b5744f06416fbfcd
Instruction ID: 8fb5a87561eb878a5abbc27591cad19d3349eed5fab26bb445961cf5fe10f639
Opcode Fuzzy Hash: e9eb964db67c9165541cbf759ad9b2c60f8d3d0219e3e606b5744f06416fbfcd
Instruction Fuzzy Hash: 508149B3F1152547F3944869CD583A266439BD0325F2F82398E9CABBC9DC7E9D0A53C4

Function 001FB178 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b5eb44f1e75d50b5beacf97f252a0c0d63b80250b5f1b57698a257a481cc7a
Instruction ID: 0ec618fb2703b361a8bd0b1055e4414c49b58990085bef4e8fe51eb94a6057c0
Opcode Fuzzy Hash: 44b5eb44f1e75d50b5beacf97f252a0c0d63b80250b5f1b57698a257a481cc7a
Instruction Fuzzy Hash: 73818DB3F1122587F3544D69CC983617692EB91321F2F82788F8C6B7C5D97E6D099384

Function 00212535 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400d2d15c4e31c64f67e2d0ee2e4b16da34608db6eba5ee854a32846daf2e32b
Instruction ID: 26f435f4fb5ceb5dfbfc9b7bead18953eddebe9fec95e8d5ede6a1d7caeb3cb0
Opcode Fuzzy Hash: 400d2d15c4e31c64f67e2d0ee2e4b16da34608db6eba5ee854a32846daf2e32b
Instruction Fuzzy Hash: 08818FF3F106254BF3544D29DC9836266839BE5324F2F42388F58AB7C6E97E9C0A5384

Function 0023849A Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa2b5aae55352f1907c7baded205df9274cc51970e472dd84b168d296fb59ba
Instruction ID: 84ef900099a47d312780816fb183230c4625077800bf3cc403d227ff68b8d9b2
Opcode Fuzzy Hash: daa2b5aae55352f1907c7baded205df9274cc51970e472dd84b168d296fb59ba
Instruction Fuzzy Hash: 5681B6B3F111258BF3544E29CC94361B692DB95310F2F827D8E88AB7C5E97FAD099384

Function 0025A581 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec7127fbb30165e954251c7c6718e05846e12b6eed8845314799c8b60e4a0b05
Instruction ID: 96fad96c6d66e877633ca3f067d62b30bcf6e197b5c617bd2c2e03ac27182859
Opcode Fuzzy Hash: ec7127fbb30165e954251c7c6718e05846e12b6eed8845314799c8b60e4a0b05
Instruction Fuzzy Hash: 6F816BB3F206254BF3984D39CD693616682EBA0314F2F827C8F89A77C5D87E5D095384

Function 00209075 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7d8943e2f3dcb87c0da8e9f1880cf143bc64cc44451360f6074f1890c4a6e3
Instruction ID: 8f901e6fdbeb4a3e5cd0664007b92206d3bd30b08f3c924093367631e1e75b29
Opcode Fuzzy Hash: 2b7d8943e2f3dcb87c0da8e9f1880cf143bc64cc44451360f6074f1890c4a6e3
Instruction Fuzzy Hash: A881AAB3F102254BF3484E29DCA83717693EB95310F2F81788E492B7C6D9BE1D0A9384

Function 002101EE Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ce388960cebf97a4c6a91244909834b1d3929dcec5e2c40ad4f9516355fda7f
Instruction ID: 9fbd92a1614276ea8d36b09d151d2a89db2b585421f52969b868b0946db09100
Opcode Fuzzy Hash: 7ce388960cebf97a4c6a91244909834b1d3929dcec5e2c40ad4f9516355fda7f
Instruction Fuzzy Hash: 958148B3F112258BF7444D29DC983617693DBD6310F2F82788E886B7C9D97E6D0A9384

Function 0022709D Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b01c968d6393b4cd4ac1149e04165a44039f63554cde779e92cfc622872364
Instruction ID: 1432560fd0f6b80a693efaf67602d09b25856c783ebef0d73b5484b70f64c66f
Opcode Fuzzy Hash: b2b01c968d6393b4cd4ac1149e04165a44039f63554cde779e92cfc622872364
Instruction Fuzzy Hash: 5581DFB3E106358BF3544D68CC843A1B282DBA5321F2F82788E4C6B7C9D97E5D0A93C4

Function 002F61BE Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 158a8e8a4dccd896dbae2fe518fcda6c381e66667a08dbb6d4e2400f23e21f3c
Instruction ID: 5ab3e3c716489c90969f6ba4752cd6a63257a352dd240b8d897d38d60271fc8e
Opcode Fuzzy Hash: 158a8e8a4dccd896dbae2fe518fcda6c381e66667a08dbb6d4e2400f23e21f3c
Instruction Fuzzy Hash: 3C8168B3F1222647F3844939CC583A676939BD5320F2F82788A5C6BBC5DD7E5D0A5388

Function 0029B118 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2f77706800160eddfc5ca86d91aacdefddb0dc2e12b4e36a2921438c5e6f3f4
Instruction ID: 95312d3e4fff10548fbaa9ea1d67fda08477dc1f0c7b2ff016bb7b0ca4783566
Opcode Fuzzy Hash: c2f77706800160eddfc5ca86d91aacdefddb0dc2e12b4e36a2921438c5e6f3f4
Instruction Fuzzy Hash: EE819EB3F112254BF3544D29DC883617693ABD5310F2F81788E886B7CAD97E6D0A9784

Function 001E2481 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2c6821f69768aecbd5d02f95be46aaa4603254f60d7ff98290ba70c13992fe1
Instruction ID: 63a841ba453fd435add982b8112afda0b8e448b8a1d5ae1435d76827184f15e3
Opcode Fuzzy Hash: a2c6821f69768aecbd5d02f95be46aaa4603254f60d7ff98290ba70c13992fe1
Instruction Fuzzy Hash: 88818DB3E116354BF3504D64CC843A2B2939BA5320F2F82788E9C6B7C5D9BE5D4A53C4

Function 0022E259 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b4ff4ad07895d4063786d9b76379dd4d00a92886959a062bfecc1a2703bb5c
Instruction ID: 8b1b5a710eaeded165eeeee42cbfbe04e0cff1c1f93424bf2b613dd1613f0e4c
Opcode Fuzzy Hash: 58b4ff4ad07895d4063786d9b76379dd4d00a92886959a062bfecc1a2703bb5c
Instruction Fuzzy Hash: 3581BEB3F116264BF3444D68DC943A27293EBD5310F2F81798E489B7C9D97EAD0A9384

Function 00308141 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f3729835b34051817622d80545b2a68f6e1b885ed2c7c8a20f516baf69baba0
Instruction ID: e2af708e657365dc07cf8341532f0660820cc48bf1217245a9c9b8c946924ca5
Opcode Fuzzy Hash: 9f3729835b34051817622d80545b2a68f6e1b885ed2c7c8a20f516baf69baba0
Instruction Fuzzy Hash: 327139F3F215254BF3548839CD583A2658397D1325F2F82788E6CABBC9DC7E9D0A5284

Function 00212190 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3653637390630fa5799d67d37e163f3f0cae14b334809eeeadca7726f3e6e252
Instruction ID: 82008b52b5dd7183a2e3261162a7b261031a53982fabf603cfbd6046982a6680
Opcode Fuzzy Hash: 3653637390630fa5799d67d37e163f3f0cae14b334809eeeadca7726f3e6e252
Instruction Fuzzy Hash: EC81E3B3F116268BF3404E68CC943A17643DBD5314F2F82798E48AB7C5D97E9D4A9384

Function 002E043D Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b97dde2f9ef1c1630f52203a77cc135db98f8f69c7b9fb1e7c18b3cdbb16d2
Instruction ID: 2909c43f5d84dc01b6f896923142bb87cf0fb9e06d4296762155fd66f375a69c
Opcode Fuzzy Hash: 37b97dde2f9ef1c1630f52203a77cc135db98f8f69c7b9fb1e7c18b3cdbb16d2
Instruction Fuzzy Hash: DC81B1B3E215254BF3944D29CC583A27293DBD5310F2F81788E486B3C5E97E6D0A93C4

Function 00239059 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f60fa52f674de31f8a78f977f8aeb1908f061ae831d8eda27141fcd41db5aea
Instruction ID: a0d64c60ce52ac8e4cc00234d563fda1c0084c1b8043d5780c2aa5cefdb51864
Opcode Fuzzy Hash: 6f60fa52f674de31f8a78f977f8aeb1908f061ae831d8eda27141fcd41db5aea
Instruction Fuzzy Hash: 87816CB3F112258BF7504D29CC983627683DBD1324F2F82798E986B7C5E97E5D0A9384

Function 002C8180 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3388c67e6f71887137aa2b9fc27f6d3c15697df8a28e3486a398e093113f760
Instruction ID: 498bfb927d666ccdf1e2453e1a5a5d6acc326bb4baf7cf1863c8a0e58a24a3f3
Opcode Fuzzy Hash: a3388c67e6f71887137aa2b9fc27f6d3c15697df8a28e3486a398e093113f760
Instruction Fuzzy Hash: AD8157B3F1112547F3544D39CD683A26293DBA5310F2F82788E49ABBC9EC7E9D4A5384

Function 0020F15B Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db3d7acd7f8e2d631ead92bae9374df22e4b7d2882f77a1a5828229348c49405
Instruction ID: cbff036a93846fc5c9ded67bc85ff756a1320517ad6910d24db971a87d867942
Opcode Fuzzy Hash: db3d7acd7f8e2d631ead92bae9374df22e4b7d2882f77a1a5828229348c49405
Instruction Fuzzy Hash: 5C81BEF3F116254BF3544879CC583A266839BD1325F2F82388E9CAB7C5D8BE5D0A5384

Function 00282396 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b97160de286e45ebfcd7544ebf77826010a697c525b980619b6c91ec45bb4d91
Instruction ID: b47126300d3e07d5ec6931c7abaa108b8273544c04c214d95b5d9c79b3fce145
Opcode Fuzzy Hash: b97160de286e45ebfcd7544ebf77826010a697c525b980619b6c91ec45bb4d91
Instruction Fuzzy Hash: 5081ACB7F112254BF3544D78DD983616682EBA5320F2F82798E596B7C5DCBE1D0D8380

Function 00310092 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf29f2502b1dcc38825d8158614d5b4efc219ce5c31bd35339344d883faf3b3
Instruction ID: aa881d29cca4404a5579992cc701614ae72954688dbc356ac408c5ee6c6f7f17
Opcode Fuzzy Hash: ebf29f2502b1dcc38825d8158614d5b4efc219ce5c31bd35339344d883faf3b3
Instruction Fuzzy Hash: 5E817BB7F2022547F3984929CC583616683DBD5321F2F827C8F596BBC9D87E5D0A5384

Function 002C8535 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d6cf7acf47ed0983b9c153343052f4fcd54a0f4459da5bad0060334c4d72e6e
Instruction ID: 2052ae8c130b2e9801b180c51d4a99e137c2da1a33d1a29fddc97303b94397c7
Opcode Fuzzy Hash: 6d6cf7acf47ed0983b9c153343052f4fcd54a0f4459da5bad0060334c4d72e6e
Instruction Fuzzy Hash: 1F8149B7F126258BF3844D39CC543A27283DBD5320F2F81788A985B7C9DD7E990A9384

Function 002F20D5 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627f2ebc7926d0bb6c272bbb63568bef2815a31ba0ebb2dd77cda137c453bc14
Instruction ID: 195bf5708a24d53dd9d22d5d3a3c3e0baa2f7843a9a57b428a91e03a73c7458b
Opcode Fuzzy Hash: 627f2ebc7926d0bb6c272bbb63568bef2815a31ba0ebb2dd77cda137c453bc14
Instruction Fuzzy Hash: DA717CB3E1122587F3504D69CC84361B293ABD4321F3F86788E986B7C5E97E6D0A9384

Function 00252549 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca187a1024105f94431e50e06e26ae2900a9a4f7ba4daee20fbe4673899ced71
Instruction ID: 39715177959ef17382b0a9a76e678d3232f447b11c0f7c1bf27a1b5396b80409
Opcode Fuzzy Hash: ca187a1024105f94431e50e06e26ae2900a9a4f7ba4daee20fbe4673899ced71
Instruction Fuzzy Hash: 7881BBB3F112258BF3444E68CC943A27243DBD5310F2F81788E881B7C9D97E6D0AA384

Function 002E61F4 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d26d8dad85407ae0d9e3b549916d0103b5d0b56006d3856761814ada14450d9f
Instruction ID: 34c389572dd0d8f33c3b5ac5f14789236b9fe2934f5b60c7804e372397a80558
Opcode Fuzzy Hash: d26d8dad85407ae0d9e3b549916d0103b5d0b56006d3856761814ada14450d9f
Instruction Fuzzy Hash: CF817FB3F116254BF3404928CC983A13283DB96325F2F42789F58AF7C6D87EAD0A5384

Function 0024A4B4 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b80af3dcf38cc78714d791e7dfa5c070336b278a44006cfa0c27418240265a6
Instruction ID: de947cd8b99754b1be845a795da685b237c27d788ed0874cad2ee279df4e2caf
Opcode Fuzzy Hash: 7b80af3dcf38cc78714d791e7dfa5c070336b278a44006cfa0c27418240265a6
Instruction Fuzzy Hash: 937189F3F2152547F3844969CD583A266439BE1324F2F82788E4CAB7C5ECBE5D0A5384

Function 0028B071 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c0fd9506170b1911c25949e7717ccb84dc6ff3c3f0f0938fc9699bc26262c19
Instruction ID: 6b31164c077efca805b7df162b2c3665f4172c4cfc2220549c11ffd7c4a81b96
Opcode Fuzzy Hash: 8c0fd9506170b1911c25949e7717ccb84dc6ff3c3f0f0938fc9699bc26262c19
Instruction Fuzzy Hash: 43718BB3F116254BF3940D29CC9836262839BD5325F2F81398E9C6B7C9DD7E5D0A5388

Function 0028C475 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382789667f76a34ea5a0fd41e379da010ff07811aa22ac2d9e0ee2434a9558df
Instruction ID: 0e338e251f182baad4a3c8ec249331d339bda1efd95384b0100ba83db4deda5d
Opcode Fuzzy Hash: 382789667f76a34ea5a0fd41e379da010ff07811aa22ac2d9e0ee2434a9558df
Instruction Fuzzy Hash: 84817DB3F112264BF3544D69CC983627693EBD5320F3F82388A48AB7C5D97E9D0A5784

Function 0027E142 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fdde99edef9dd6f62e202fa2b51879997dedbb668cc501bbc856a376eb0d4ef
Instruction ID: 96c44b28ddfe77abd641d129ae6310665b64fbd4b63ee805c2e453085f8a32d2
Opcode Fuzzy Hash: 9fdde99edef9dd6f62e202fa2b51879997dedbb668cc501bbc856a376eb0d4ef
Instruction Fuzzy Hash: BA7199B3F516294BF3544D64CC943A26283DBA9314F2F817C8F58AB7C6E8BE5C095384

Function 002A827D Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8340157b18da62a972197c1357f18340da3850d9327bd60687629fad5a8390c2
Instruction ID: 39232eb2711c2963212c69608c878d043a21a82fb6e68950332a066cfdc1037c
Opcode Fuzzy Hash: 8340157b18da62a972197c1357f18340da3850d9327bd60687629fad5a8390c2
Instruction Fuzzy Hash: 7F7170B3F1122547F3544D68CC983627293EBD5320F2F42798E58AB7C5D97E9D0A9384

Function 0030053B Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2781ab9601e9e398a3f6f580034a5b57f370d5dad5d301fe044439760e3181f1
Instruction ID: 07852f95c99d0c06d48d0ad49b1b92611acd081a6e5f6dd0e1eb8fb4846c5e0d
Opcode Fuzzy Hash: 2781ab9601e9e398a3f6f580034a5b57f370d5dad5d301fe044439760e3181f1
Instruction Fuzzy Hash: C37189F3F116254BF3484829CC583A26683D7D1315F2F827C8E89AB7C9D87E5D4A8384

Function 002661B3 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de9464cce8596f2f3140422c7bce301da11a9dbfb2c3bdafe3db26de8bfb9ba8
Instruction ID: be9f4b50fb773c9383bd1a2a1c9a374256b2d7d88d91bfdde33c2d535184bf2b
Opcode Fuzzy Hash: de9464cce8596f2f3140422c7bce301da11a9dbfb2c3bdafe3db26de8bfb9ba8
Instruction Fuzzy Hash: F27169B3F112254BF3984D29DC983626293EB95324F2F813C8E896B7C5D97E5D0A9384

Function 00300213 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85fe6c65c6c5b72f5848cae37f5f4ddae2c20594f75202074ff61be59d82bdb8
Instruction ID: 31291d34a5a68d8a56cc025ec12c33ccb9b4d45f0bb9f3e7dee14e4b9a83a744
Opcode Fuzzy Hash: 85fe6c65c6c5b72f5848cae37f5f4ddae2c20594f75202074ff61be59d82bdb8
Instruction Fuzzy Hash: 9C71F1B3F182104BF3005E38DD9936ABBD6EB94320F2B453DDA9897784D939980587C6

Function 0027E4D8 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d54a88b68523b5891aaa47bccb6b0d8ff9875a7ea7151503b932e29e6dc3b20
Instruction ID: f56d98168c7129df3c8ead77a9cb9d7d983afe6938d40374177ccd14b52f75af
Opcode Fuzzy Hash: 3d54a88b68523b5891aaa47bccb6b0d8ff9875a7ea7151503b932e29e6dc3b20
Instruction Fuzzy Hash: 21717AF3F116154BF3844929DC983616293EBE5324F2F81788B899B3C5DD7E9D0A9384

Function 00222367 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60a1d080ec0d4a2c2c9bb4d0cd1ed8b5ae36d736c56e166b38a133e77a1b34be
Instruction ID: cb8906f59e594f621de88eb8fb621655161a294413fc63879e6ff7e56ea44e2c
Opcode Fuzzy Hash: 60a1d080ec0d4a2c2c9bb4d0cd1ed8b5ae36d736c56e166b38a133e77a1b34be
Instruction Fuzzy Hash: E4715CB3F215258BF3944D29CC4436172939BD5321F2F82788E4CAB7C5D97E6D0AA784

Function 00232277 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcb245070a5a7fe2f94b41ae35dffc14a4c9332d53e08f00413d387589100b73
Instruction ID: 0e1046f0f1ef5b489e442e5c3deb272e2114d982c3d483c59ed045f8eef5247b
Opcode Fuzzy Hash: bcb245070a5a7fe2f94b41ae35dffc14a4c9332d53e08f00413d387589100b73
Instruction Fuzzy Hash: C171B1B3F102208BF3444D69DCA83627693DB95310F2F82798E896B7C5D9BF5D099384

Function 002FE123 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de89869d56d3f02de74fbc9cbfb0e0b742bd99b2fd755547836b816ab1293213
Instruction ID: 48060b50b5f2891a91242507a47d1b505f64aea251455aafd8524531a378186e
Opcode Fuzzy Hash: de89869d56d3f02de74fbc9cbfb0e0b742bd99b2fd755547836b816ab1293213
Instruction Fuzzy Hash: 8D718EB3F212254BF3504E68DC88362B693DB95321F2F41798E886B7C5DA7E5D0993C4

Function 002E00F6 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92a8163ce40f024f11fd1eb02c740670a5a54a2169adefac915a49e5715fd11
Instruction ID: 903b11aaa222a0379b5f4c277cb1102ee44bca187ac64765c25a129e7b566599
Opcode Fuzzy Hash: c92a8163ce40f024f11fd1eb02c740670a5a54a2169adefac915a49e5715fd11
Instruction Fuzzy Hash: 407169B3F1122587F3544D69CC983A27283D795314F2F827C8E89AB7C9D97E9D0A9384

Function 002DC4CB Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4feeb7225caa2d74e3f94936dd98850064e65b68e6c66ab7386d154bb7b957c
Instruction ID: 8032b35b7fe18208845280f66a9391ca08f81023f7b78d0967836ac73373d593
Opcode Fuzzy Hash: d4feeb7225caa2d74e3f94936dd98850064e65b68e6c66ab7386d154bb7b957c
Instruction Fuzzy Hash: 537178B3F106254BF3984C79CC983226682EB95324F2F82388F99AB3C5DC7E5D095384

Function 001F41FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2c31bb2bc615519caf7f9ef269cb1ed30912c6c663a11b7bf016fb0ab98dae
Instruction ID: 9782f39c239693c38c3abfd3b0891d654b90018cfad78c1835a9e4718bbc0c94
Opcode Fuzzy Hash: 3b2c31bb2bc615519caf7f9ef269cb1ed30912c6c663a11b7bf016fb0ab98dae
Instruction Fuzzy Hash: 696186B3F1122547F3584D29CC6836266839BD1321F2F827D8E9D6BBC8D97E5E0A5384

Function 001E306D Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89dcf761f0bc5a9476654dfc35aef63b90a153885dcc0db6cbe157a2c9ee3928
Instruction ID: b5b838a952f9a3ffa511c8f54f391fa530d6c42f223807a01708603ab62a3f36
Opcode Fuzzy Hash: 89dcf761f0bc5a9476654dfc35aef63b90a153885dcc0db6cbe157a2c9ee3928
Instruction Fuzzy Hash: E771ABB3F216258BF3540D34DCA83A26282DB95324F2F427C8F996B7C5DC7E5E099284

Function 0026C1A6 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2ffb3052c6ac8b12686455924f8ce443df84d3fb5732061cd33e8fbb80227f
Instruction ID: f58e42b5731afcf91d9e83bb0db0ba2fb94c9db667b937fe966fd057a9790881
Opcode Fuzzy Hash: 4a2ffb3052c6ac8b12686455924f8ce443df84d3fb5732061cd33e8fbb80227f
Instruction Fuzzy Hash: BC619BB7F106254BF3444D68DC983A27643E7D1314F2F82788E98AB7C5E97E9C4A9384

Function 00288494 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d0ba12cabe913b139ad29e8bbb923c43c78db1b87340ae3eb8e304d4af64e5a
Instruction ID: 5b353efa2a5c37ec9ed85c6993e2dc685a8a4a7dcaeb00b45b744df88a6f6ca2
Opcode Fuzzy Hash: 1d0ba12cabe913b139ad29e8bbb923c43c78db1b87340ae3eb8e304d4af64e5a
Instruction Fuzzy Hash: 4461B1B3F215254BF3804D69CC583627693EBD5320F2F81788E48AB7C9D97E6D0A9784

Function 002CE114 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0449e7d04aa6746da7c7fe5770659473ea53cbe8b3f767703495c66fe264ccd
Instruction ID: a21ceef3ce8dca88fc8ed9039c4bcdd07345e5c11bd227ba4c59f8d116c5950d
Opcode Fuzzy Hash: a0449e7d04aa6746da7c7fe5770659473ea53cbe8b3f767703495c66fe264ccd
Instruction Fuzzy Hash: 8061BFB3F116248BF3904D78DC983623292EB95315F1E82788E98AB7C9DC7E5D0D9384

Function 00290587 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fce9880fb10bffb1033b7288a5c2bf946d48b569d53348a46a92423c872d81b
Instruction ID: e954067eeeb9cc44c8390c9985553492e0e7bef37b2404e33bb247284f4e67b1
Opcode Fuzzy Hash: 5fce9880fb10bffb1033b7288a5c2bf946d48b569d53348a46a92423c872d81b
Instruction Fuzzy Hash: 94617DB3F112254BF3904D38CC54392B6939BA5361F2F82788E98AB7C5DD7E9D0A5384

Function 0025803C Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca9934f8f17577cbbabc0e96bd6ccc56b82eed14443a06a2cfb1f6247f5a900
Instruction ID: 19270cc655387b9a49ada5f5d05b7ff5551b6c0dca87f0a4bb1bf127ec6f6e1a
Opcode Fuzzy Hash: cca9934f8f17577cbbabc0e96bd6ccc56b82eed14443a06a2cfb1f6247f5a900
Instruction Fuzzy Hash: BC618EB3F112258BF3504D69DC44352B693DBD5321F2F82798E886B7C8E97E5C0A8784

Function 002D03A1 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d6699297a5a50abc952c61cd51633138f4c89b09e3fbd0b44cbce66edb1fb76
Instruction ID: fc28ae3691911ac1298dccf11cee451384d5a454846be54afe172281bb90fcbe
Opcode Fuzzy Hash: 5d6699297a5a50abc952c61cd51633138f4c89b09e3fbd0b44cbce66edb1fb76
Instruction Fuzzy Hash: CD51BDB3F506254BF7480969DC983A266839BD5320F2F42798F19AB7C6D9BE5C0A4384

Function 002A10B7 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 453c322fb179ff36171cd573209b4bba84eb2dcba701e75853dac5bcda4e27c2
Instruction ID: 609b2d3a9f5a4824b90cc2d64571ae6b95332895cc6dba95ad31aeda25962520
Opcode Fuzzy Hash: 453c322fb179ff36171cd573209b4bba84eb2dcba701e75853dac5bcda4e27c2
Instruction Fuzzy Hash: 265134F3F206254BF3584939CD583A166839BA1314F2F82788F9D6B7CAD8BE5D095284

Function 002803AF Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43ede2b7ad5c6e4137839dbb8c0ca780cd13d83a57d164088197a1295daf4557
Instruction ID: 339a1cf14cb4d080edeacbe13c7f11ff7e196f835e5c3f1301196fe3223fcb73
Opcode Fuzzy Hash: 43ede2b7ad5c6e4137839dbb8c0ca780cd13d83a57d164088197a1295daf4557
Instruction Fuzzy Hash: 22519BB7F212258BF3540D78DC983627692EB95310F2F82398E986B7C5D9BE5D099380

Function 00302044 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 126f087dec8c1a4467ff87369ac3b0083eabbfc751d424307cf0fb8e42d27327
Instruction ID: 4243dd6087de5129267e911b9ed5fa9157f66ac37cffe2281a6f0a65fb2b6647
Opcode Fuzzy Hash: 126f087dec8c1a4467ff87369ac3b0083eabbfc751d424307cf0fb8e42d27327
Instruction Fuzzy Hash: 88516EB3F506254BF7944D78CC983A22692DBD5324F2F82788F486B7C9D87E6D0A5384

Function 001E21A5 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1459590b3b73023a0ef6169c16059eccb1e281531ae6dc0f020d1d4821e8a67f
Instruction ID: 0ccbdf21edca2ac2d5d2300192b5d7f7564b7334cddce72db153ab85270bda25
Opcode Fuzzy Hash: 1459590b3b73023a0ef6169c16059eccb1e281531ae6dc0f020d1d4821e8a67f
Instruction Fuzzy Hash: 94518BB3F102258BF3584D29CCA43A27643DBD5324F2F417D8A486B7C6D9BE9D0A9384

Function 0025101F Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708dbc579ed2e56008807f311d7646558165c665b6a9d3be80693aef89d390d6
Instruction ID: b95416c7ae2575eb0efca75d2ab4b1d9ea34f1dcd4a9882bf574adf0bcb27e2a
Opcode Fuzzy Hash: 708dbc579ed2e56008807f311d7646558165c665b6a9d3be80693aef89d390d6
Instruction Fuzzy Hash: 73517AB3F2122547F3544928DC583A26683D7D1325F2F827C8E99ABBC9DC3E9C0A5384

Function 00234119 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc032c56dbd1f2b54e5c3b3f30571c56db233ce7d12febb4ee4e54e359301cb
Instruction ID: 216df2be1c954efab290649549519c1970fbef52dcea4828c95cf4e605548bb7
Opcode Fuzzy Hash: 8bc032c56dbd1f2b54e5c3b3f30571c56db233ce7d12febb4ee4e54e359301cb
Instruction Fuzzy Hash: 6D5179B3F2112547F3544C29DC493A56243ABD5325F2F82788F88AB7C9D87E9D0A5384

Function 002DA54D Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15379b5612398de0f1830f0ea874b7be4ce4341ec8b0ba4ecc654fcfc2075ab8
Instruction ID: 5b15960d6f385294d61280975fab94b86d37af1e249c8691c3407bca1089cf73
Opcode Fuzzy Hash: 15379b5612398de0f1830f0ea874b7be4ce4341ec8b0ba4ecc654fcfc2075ab8
Instruction Fuzzy Hash: 42519CE7F116254BF3884925CCA83726282D795310F2F817D8F4E6B3C1D97E5D0A9388

Function 0025A2A7 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b47ff6b5d430dcb94e56961e43d9d4b87ac984730d6d28b44a8dd9fd16e0d7c
Instruction ID: 0c0a0e860759b9bbd36d67b91d9950cc21776f32703362377168639387eb123a
Opcode Fuzzy Hash: 5b47ff6b5d430dcb94e56961e43d9d4b87ac984730d6d28b44a8dd9fd16e0d7c
Instruction Fuzzy Hash: 30516BB3F112258BF3544D78CC883627693DB95310F2F82788E986B7C9D97E9D0A9384

Function 002FC190 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86a290c2fb38f71657fd4180b73fb53806e476de2c8fd8e9b419a8f9ff87dc1f
Instruction ID: d707a6403370441e443ce10968f6b62af30c58df390d32f39c6d7481f21fcf84
Opcode Fuzzy Hash: 86a290c2fb38f71657fd4180b73fb53806e476de2c8fd8e9b419a8f9ff87dc1f
Instruction Fuzzy Hash: 3E5158B7F102248BF3584D29CCA43617292DB95720F2F827D8E999B3D4ED7E6D099384

Function 00244015 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6700b5e5abd9accc27add88e8764d55a7ba4a4589864df3e781c86db58f58f6
Instruction ID: 6cf7ed079ac31166b9cc4d4940540eb16df42c16ebe8eca31406d374a100c1b5
Opcode Fuzzy Hash: f6700b5e5abd9accc27add88e8764d55a7ba4a4589864df3e781c86db58f58f6
Instruction Fuzzy Hash: 9A519EB3F116254BF3944D25DC883A13693DB95324F2F82B88E8D6B7C5D97E2D0A9384

Function 002EE2B8 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71c806a1514930bb8a54895f188906d4fc7225c8de2a46de92bde1a7f859fcff
Instruction ID: 5b30e3e5d1cda23106c51de14db0510906aa5733befd5460eca3285dcfd84558
Opcode Fuzzy Hash: 71c806a1514930bb8a54895f188906d4fc7225c8de2a46de92bde1a7f859fcff
Instruction Fuzzy Hash: CC5128F3F2162547F7940924CC983A262439B95325F2F82788F9D2B7C5D97E5D0A9384

Function 0019B57D Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 334d13dd8619b2df758ad94f91146b59f83c5dc2788f81cee68820f77ec56505
Instruction ID: d31b88a65f42546eab5d836bdff1a57fb00903bc49799f04cbd4f7788a31693c
Opcode Fuzzy Hash: 334d13dd8619b2df758ad94f91146b59f83c5dc2788f81cee68820f77ec56505
Instruction Fuzzy Hash: 5A3136605087908BDB3A8B3995E1B737FE09F67704F18488CD1E38B693D326E509C751

Function 0027410C Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d053a4bb70ded23add0b9e4aaf338dacf1017a93b6bcf3a698ccf72f9a5f834
Instruction ID: 1a2c74e7736359b22c6219351c1fb3e26d20fbaf06af8860d14ffce3f66d058d
Opcode Fuzzy Hash: 3d053a4bb70ded23add0b9e4aaf338dacf1017a93b6bcf3a698ccf72f9a5f834
Instruction Fuzzy Hash: 85413BF7E083145BE3006E2DDC8476AFADAEBD0720F1A863DDAD487789E97448058686

Function 002C0235 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf5f068e534c1aed2d4b17a035303d919317f7d8b6c845cc5d36e29a292b157
Instruction ID: 06593e7f823f29f2cbce10c0783e93f07e93202120c5e47fbfd2f2b964d6c0ca
Opcode Fuzzy Hash: fdf5f068e534c1aed2d4b17a035303d919317f7d8b6c845cc5d36e29a292b157
Instruction Fuzzy Hash: 9F517AB3F5022687F3544D29CC943A66283A7D5320F2F827C8E9CAB7C5D97E5D469384

Function 002604EE Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 343b81bf3c2f166d54d9f89f459bbcd9b3be3065d8bb93e4aedc7d2ada556f82
Instruction ID: 2719ed5e56de053b940a470ad7214bba4d174afc83a3ad61d416c9ccb21d7f28
Opcode Fuzzy Hash: 343b81bf3c2f166d54d9f89f459bbcd9b3be3065d8bb93e4aedc7d2ada556f82
Instruction Fuzzy Hash: F241ACB3F122294BF3844D39CC98362A293ABD5314F2F82788E596B7C5DD7D5D095380

Function 0023A2C9 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a7c019a2df88c99ef72875d1c67937b0bd7449233e7ecef11e71644cc1ed76d
Instruction ID: 2800528fe8f7b03585c997d28a7253dac4bbfc4e45384c1403f3810006723618
Opcode Fuzzy Hash: 8a7c019a2df88c99ef72875d1c67937b0bd7449233e7ecef11e71644cc1ed76d
Instruction Fuzzy Hash: E941BFB3F111254BF3504D3ACD583A2A6439BD0314F2F82788E4C6BBC9D9BE6D0A9384

Function 002B30D0 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c9fcb7d4933810593053dfa63fe280fde92fb2e776aa388c1e74ce39dfe4de
Instruction ID: 8364ffc32dc57cf80602bd6b4d9dd2f1dd06102f5573199fe24d2b5823cfcd0b
Opcode Fuzzy Hash: 51c9fcb7d4933810593053dfa63fe280fde92fb2e776aa388c1e74ce39dfe4de
Instruction Fuzzy Hash: 2E4137F3F116254BF3884869CDA8366658297E1324F2F81398F4D6BBC6EC7E5D0A5284

Function 001E5108 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3e0f01a3fcab69dfff1ce53200b297bdfe76f8507ff437660bde87d53ec712b
Instruction ID: f1c902ac97e13e729f9fd9d6043489825adad1b3f20c985a4949f9d118555fc6
Opcode Fuzzy Hash: e3e0f01a3fcab69dfff1ce53200b297bdfe76f8507ff437660bde87d53ec712b
Instruction Fuzzy Hash: 723185B3F111248BF358487ACC543A2A58397D5324F3F83798A69AB7D8DCBE5C0A4280

Function 001BA440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction ID: 8adee76fb2c14f79353ba4ee92331b542f665f60bbd31ce39d6b0e087ee12b43
Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction Fuzzy Hash: 3C31E672A086044BC7299D3D4C902AABA939FC5334F6DC73EEAB68B3C5DB758D415242

Function 0025C31E Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f058aed8231273bec03a6b335dceac47d998333955e8596b09ff2a9d63a93fb
Instruction ID: c28eba36023fd13dc96a4dfb2c2ae96ffac9bc729026625603f96dfd45d3f385
Opcode Fuzzy Hash: 8f058aed8231273bec03a6b335dceac47d998333955e8596b09ff2a9d63a93fb
Instruction Fuzzy Hash: 643126B3F6162547F3984878CD583526583D7E5325F2F86388E5CABBC9DCBE9C0A1284

Function 002E917B Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d832bca13220ada4cb3c66803e3de14092c2e4ce1e477e2940f58eb203bfc63b
Instruction ID: db26cba87ffd430036f24928bf70678279d06fec9af7913ba3cd79c26f8301df
Opcode Fuzzy Hash: d832bca13220ada4cb3c66803e3de14092c2e4ce1e477e2940f58eb203bfc63b
Instruction Fuzzy Hash: E13118B3F611264BF3584878CD683A558879BD1360F3B83385E6DABBD9D87D8E091284

Function 00294272 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f4746702f4c2edef561c3429c9346de415686b2319eb08c7367d62fb041585c
Instruction ID: 9d422cea77dfeeabe2ca1955b1fc88e8a19b408ce9fbd882cc1d1280c0a1f918
Opcode Fuzzy Hash: 1f4746702f4c2edef561c3429c9346de415686b2319eb08c7367d62fb041585c
Instruction Fuzzy Hash: 2831ABF3F5092147F3500879CD493A2A48397A0324F2F82348E68E7BCAE8BE9D4652C4

Function 0022E0B3 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6bcaf8407337854eea421285477057c03e8fdd57cde990ca1462415115d5880
Instruction ID: 88eb77c5dc7932bc90e60223522813558c70cecd64263bde7a08e710a631c5dd
Opcode Fuzzy Hash: f6bcaf8407337854eea421285477057c03e8fdd57cde990ca1462415115d5880
Instruction Fuzzy Hash: 463139F3F026254BF3604865CC943A291439BE5325F2F83748F6C6BBC6D8BE5D4A1284

Function 002B5116 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4529eaba51404471682d61cc02dbb272c0982db5ad8bec4d6958cd16063dbbbf
Instruction ID: 196900f21cffc246629925dbe320e92069021bd997046fc61839a224b79b7d88
Opcode Fuzzy Hash: 4529eaba51404471682d61cc02dbb272c0982db5ad8bec4d6958cd16063dbbbf
Instruction Fuzzy Hash: CA312CB7F606214BF3A84879DD98362558297E5724F2F83388F6DA7BC5DCBD1C0A4284

Function 0023C265 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daade7303d370514a8ace240fce77c935fefe50aece8bd94a2e954adbec573d9
Instruction ID: b8f60b387c05f56493cc6c75a2a7bbe2c1e4600af3e5bfefebfcd7bf1c6c1fa5
Opcode Fuzzy Hash: daade7303d370514a8ace240fce77c935fefe50aece8bd94a2e954adbec573d9
Instruction Fuzzy Hash: 763139F3F5062147F3984839CD993566583A7E4325F2F82788F9DA7BC9D87D9C090284

Function 0027A1E9 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d66971ac84c44e8586b13d8b2b7be62b466029cb4d82373f04cbc20de86325f2
Instruction ID: 1a3e28bbbe4d8cab8f748dbbc6b29c7986993c2c9e949ef21e7499c926edbea9
Opcode Fuzzy Hash: d66971ac84c44e8586b13d8b2b7be62b466029cb4d82373f04cbc20de86325f2
Instruction Fuzzy Hash: B4315EF7F6562247F3584878DC943625582D795324F2F423C8F69AB3C1D8BD9D0A5288

Function 002D6509 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c013f3598ddf1f613f79c8b1ec1da910bcf7ac00f32dd4e61194210afdbadd
Instruction ID: e1afc6a69a1977aa1e4acb3a9dcfd57fe14ce30be5a2d94536aeba2d8502fa6f
Opcode Fuzzy Hash: 12c013f3598ddf1f613f79c8b1ec1da910bcf7ac00f32dd4e61194210afdbadd
Instruction Fuzzy Hash: 2331F8B7F402314BF3988879CD6836655839791364F2B83398F5D6BAD8DC7D4D0A52C4

Function 0028C197 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03098ff487e3fc0bb602674d0967b02413eed60854706ea1c7ce5e5cacc51981
Instruction ID: d7fb35a0989c8b51a314fd665fdcabf57e3dbb9e7c3c5c541d57efdd0bf2bc34
Opcode Fuzzy Hash: 03098ff487e3fc0bb602674d0967b02413eed60854706ea1c7ce5e5cacc51981
Instruction Fuzzy Hash: FA3116F7F52A200BF3944879CDA83A2A5429BA4318F2F82788F4CAB7C5D87D5D0952C4

Function 0030E36C Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05906b6bb756bb6552d0308f59ef4a5227a96a20e0bb0dafaf8d38d92abce4b4
Instruction ID: 1a3be9184dfcc45c37b8cbd506aa9916fd80be6a0be068c583de079bea655106
Opcode Fuzzy Hash: 05906b6bb756bb6552d0308f59ef4a5227a96a20e0bb0dafaf8d38d92abce4b4
Instruction Fuzzy Hash: 55316BB3F112254BF3944879CD9836266829799720F2F83788F68ABBC6EC7E5D0543C4

Function 002B0075 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 348b25bd4f86f3526f5dd432b042fb8cb5b5be751496666ac4ede45e1a2f55a8
Instruction ID: 9e99b1758063170094128d5f0ff7d0f2b39fc3f99018bc09012963d30c76ce3a
Opcode Fuzzy Hash: 348b25bd4f86f3526f5dd432b042fb8cb5b5be751496666ac4ede45e1a2f55a8
Instruction Fuzzy Hash: B7218BF3F516254BF3444839CC9839261439BE1324F2F82788E6CAB7DAD87E9D0A5284

Function 0030624E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e55661f2bf7bcd5db035875819ae30cd1fd3ab866d679f43f32f66bb342fc2c0
Instruction ID: aba3f00fa223871e87aef0acd7b8c7823468ff13f6660bcf9fc01404f4c15fe2
Opcode Fuzzy Hash: e55661f2bf7bcd5db035875819ae30cd1fd3ab866d679f43f32f66bb342fc2c0
Instruction Fuzzy Hash: 2F213AB3F517260BF39848B9CD9836265839BD5320F2F82788F595B7CADCBD1D095284

Function 002C448A Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fc06835e1acd54b370af2462d21540826202b95e5633aa07c0408aa1d060346
Instruction ID: 864f17c1fe18e03a027acb59a85ccd337ea82d3344c9ed8afc60a1cb5f705c49
Opcode Fuzzy Hash: 6fc06835e1acd54b370af2462d21540826202b95e5633aa07c0408aa1d060346
Instruction Fuzzy Hash: 51214DB3F412214BF348487ACD5839266839BC4714F2F81788E4C5BBC9DCBE5C4A8384

Function 00268146 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6998777157149df9326c1e6aeebce243b9d3d7549e23f48e1b2456d4a524ef2d
Instruction ID: 3ea9e77fd113d720ef877178ce2dd4b29a2e3da8f6506a2a5dde4a0d991cf457
Opcode Fuzzy Hash: 6998777157149df9326c1e6aeebce243b9d3d7549e23f48e1b2456d4a524ef2d
Instruction Fuzzy Hash: 652137E7F516204BF3944929DD993621543EBD4325F2FC2798E89577CADC7D180A4284

Function 0020A431 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad9f6fb85673289f7c53ef6d50830bbe8112fa53b599c68f66e5bcf8883dbf59
Instruction ID: c656ff122b2cc759ad70d200341e5b9900106a50bca6418c7b9cac594d34f08d
Opcode Fuzzy Hash: ad9f6fb85673289f7c53ef6d50830bbe8112fa53b599c68f66e5bcf8883dbf59
Instruction Fuzzy Hash: F1214DB3E2153547F3A84869CC643A1A682AB95324F2F42B98E5DBB3C1DCBE5D0953C4

Function 002C23F9 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0241a6c8aea29ba528d01528402fa94fe48d0f2f079e7db85b842540675e6906
Instruction ID: eb229534382124908a30352bb3232667bc61e668775fdf3bff5d7c25aac0cd5b
Opcode Fuzzy Hash: 0241a6c8aea29ba528d01528402fa94fe48d0f2f079e7db85b842540675e6906
Instruction Fuzzy Hash: D62186F3F2052247F7988C39CD6A366668397D4320F2F82398F0AA7AC5D87D9D095284

Function 001B6210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 36f12caf9475818e8d03b8cad044bf50cd210a548efcb3beb291cb0431c0f972
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 6E11E933A051D40EE3168D3C85405B5BFE30AF3734B1943E9F4B99B2D2D7268D8A9354

Function 0019C300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: e906ab78ce3a32b136750d5c32e70821665822eb7e80547b0fd885ed60ef7c10
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: 85F03C60108B918ADB328F398564373FFF0AB23628F545A8CC5E357AD2D366E10A8794

Function 001AE0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: a6100c0fb2ae3c5347041ca1fe91b4c76f947c6007467b6bda31174b141f10aa
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: A4F065145087E28ADB234B3E44606B2AFE09F63120B181BD5C8E29B6C7C3159496C366

Function 001AD116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 184783167e3ecb187006fd72c4aad2e261cb6a9c5e15bb4eb415b158815d37a2
Instruction ID: 629c2a972a004a9cdb8882f1e4a23cb18e149e48b68c59586b1fc669021c58dc
Opcode Fuzzy Hash: 184783167e3ecb187006fd72c4aad2e261cb6a9c5e15bb4eb415b158815d37a2
Instruction Fuzzy Hash: 8801F9746442829BD304CF38CCE066BFFA1EB97364B49C75DC45687B96C634D482C795

Function 001DC06C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a5be7c0792ad87a06be6a2b3dfc9218fa73c47202b1c2f07d3aef173c945c84
Instruction ID: 0f0a219d7f69f738b478a59beedf42d77980d1c479e6a65c9461c2b268af20f1
Opcode Fuzzy Hash: 4a5be7c0792ad87a06be6a2b3dfc9218fa73c47202b1c2f07d3aef173c945c84
Instruction Fuzzy Hash: 70F0A4F291C702EFD358DA25E98426B77D4AF44760F2AC82FE985C3640E2748902D653

Function 001A91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 001A91DA

Strings

wpq, xrefs: 001A92B7
+Ku, xrefs: 001A92AF

Memory Dump Source

Source File: 00000000.00000002.1381036654.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.1381018629.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381036654.00000000001C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381086781.00000000001D3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.00000000001D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000444000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.000000000046E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000478000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381105631.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381359072.0000000000488000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381481842.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1381500836.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_Tqa1vDp9NT.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 703a14493f8a086d93ec2a8b4820b5e4545268eb7975f522b9205111f5df5aca
Instruction ID: 5c05982349eefb354e60425200c821f5e7c321d4fd95eef45f908110c03c2348
Opcode Fuzzy Hash: 703a14493f8a086d93ec2a8b4820b5e4545268eb7975f522b9205111f5df5aca
Instruction Fuzzy Hash: FF51BE7221C3558FC324CF69984076FB7F6EBC5310F55892EE4A9CB285DB70D50A8B92

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Tqa1vDp9NT.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
Tqa1vDp9NT.exe

Function 0018B100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Function 00188600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 001BE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 001C1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Function 00189D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Function 0018EF53 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Function 001BE0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Function 0018EC77 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Function 00189EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Function 001BC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Function 001BC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON